Senior Security Control Assessor – CISSP at VMD Corp

• Identify the security and privacy requirements allocated to a system and to the organization, identify the characteristics of a system, contribute to determining the boundary of a system.
• Collaborate with the System Owner to categorize the system and document the security categorization results as part of system requirements.
• Identify stakeholders who have a security and/or privacy interest in the development, implementation, operation, or sustainment of a system.
• Conduct an initial risk assessment of stakeholder assets and update the risk assessment on an ongoing basis.
• Select the security and privacy controls for a system and document the functional description of the planned control implementations in a security/privacy plan.
• Develop a strategy for monitoring security and privacy control effectiveness; coordinate the system-level strategy with the organization and mission/business process-level monitoring strategy.
• Develop, review, and approve a plan to assess the security and privacy controls in a system and the organization.
• Document changes to planned security and privacy control implementation and establish the configuration baseline for a system.
• Respond to system risk posture based on the results of ongoing monitoring activities, assessment of risk, and outstanding items in a plan of action and milestones (POA&M).
• Update a security plan, security assessment report, and plan of action and milestones based on the results of a continuous monitoring process.
• Review the security and privacy status of a system (including the effectiveness of security and privacy controls) on an ongoing basis to determine whether the risk remains acceptable.
• Report the security status of a system (including the effectiveness of security and privacy controls) to an authorizing official on an ongoing basis in accordance with the monitoring strategy.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, ensure that security improvement actions are evaluated, validated, and implemented as required.

• Creating policies that reflect system security and privacy objectives.
• Applying confidentiality, integrity, and availability principles.
• Assessing security and privacy controls based on cybersecurity and privacy related principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non- repudiation).
• Determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect the security and privacy of the system
• Technical writing including writing about facts and ideas in a clear, convincing, and organized manner.
• Evaluating the trustworthiness of the supplier and/or product. 

Requirements:

• Experience: 7+ years of relevant cybersecurity experience.
• Education: Master’s degree in a technical or cyber-related field (or equivalent direct relevant certifications/experience).
• Required Certifications: CISSP
• Citizenship: U.S. Citizen
• Clearance: Public Trust