Job Title: IT Auditor/Controls Assessor
Posted by: ASSETT, Inc. on Oct 04, 2018
Location:
Kansas City , MOJob Description:
With new cyber threats discovered almost every day, the most critical part of the software development life cycle has become risk assessment and security. Here is your chance to fight cyber threats head on, finding the weak spots in computer systems before the criminals can. We are seeking an IT Auditor/Controls Assessor to join our team and support systems auditing and assessing for a Federal government client. This is a long-term, mid-level position that involves a variety of different system capabilities for you to assess and review, as you help the agency improve its overall IT security posture. The work is exciting, challenging and rewarding and offers exposure to a wide variety of systems. The most qualified applicants will have experience conducting assessments in support of the Risk Management Framework (RMF) in accordance with NIST Special Publication 800-53A Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, although similar applicable experience will be considered. The job is located in Kansas City, MO and the applicant must live in the area as most of the work will be done on premises with the opportunity to telework one day a week. Please note that we will not pay for relocation services. The successful applicant must be able to obtain and maintain a Moderate Risk Public Trust Clearance. We offer both conventional and contract employment, depending on your preference.
Education and Experience:
A minimum of five years of hands-on experience performing control assessments and information system audits. Federal Security Assessment Experience and a Bachelor's Degree preferably in Computer Science, Software Engineering, or similar discipline is preferred, although a desire to learn and improve your technical knowledge is even more important.
Responsibilities:
Support the Federal Risk Management Framework (RMF), integrating security and risk management activities into the Federal system development life cycle to manage organizational risk. Special tasks include:
Test and assess security and internal controls
Document assessment results
Collect and obtain control artifacts/evidence
Develop recommendations to remediate identified weaknesses
Prepare various control status reports
Uncover areas for improvement and collaborate with team members to develop optimization strategies
Required Skills and Competencies:
Preferred certifications - CISA (SSCP or CISSP a plus)
Must have excellent written and oral communication skills
Experience developing control test procedures, and recommendations for remediation
Experience documenting assessment results (work papers)
Experience developing Plans of Action & Milestones (POA&M) and corrective action plans (CAP)
Knowledge and understanding of Assessment & Authorization (A&A) processes
Prefer a knowledge and understanding of Federal Risk Management framework including FISMA, RMF, and OMB A-123, but will consider
experience with other security frameworks or certifications
Ability to learn and interpret NIST control requirements including NIST SP 800 Series including 800-53, 800-53A, 800-37
Must be able to obtain and maintain a Moderate Risk Public Trust Clearance.
Education and Experience:
A minimum of five years of hands-on experience performing control assessments and information system audits. Federal Security Assessment Experience and a Bachelor's Degree preferably in Computer Science, Software Engineering, or similar discipline is preferred, although a desire to learn and improve your technical knowledge is even more important.
Responsibilities:
Support the Federal Risk Management Framework (RMF), integrating security and risk management activities into the Federal system development life cycle to manage organizational risk. Special tasks include:
Test and assess security and internal controls
Document assessment results
Collect and obtain control artifacts/evidence
Develop recommendations to remediate identified weaknesses
Prepare various control status reports
Uncover areas for improvement and collaborate with team members to develop optimization strategies
Required Skills and Competencies:
Preferred certifications - CISA (SSCP or CISSP a plus)
Must have excellent written and oral communication skills
Experience developing control test procedures, and recommendations for remediation
Experience documenting assessment results (work papers)
Experience developing Plans of Action & Milestones (POA&M) and corrective action plans (CAP)
Knowledge and understanding of Assessment & Authorization (A&A) processes
Prefer a knowledge and understanding of Federal Risk Management framework including FISMA, RMF, and OMB A-123, but will consider
experience with other security frameworks or certifications
Ability to learn and interpret NIST control requirements including NIST SP 800 Series including 800-53, 800-53A, 800-37
Must be able to obtain and maintain a Moderate Risk Public Trust Clearance.
Education Level:
Bachelors degree or higher
Pay Rate:
Commensurate with experience
Security Clearance:
None
Travel Requirements:
Light
Sign Up to Apply to this position
(if you already have a CGO account, just press the button below)
About ASSETT, Inc.
Advanced Systems Supportability Engineering Technologies and Tools. We make systems more intelligent, we modernize systems and software, and we make systems more affordable. We are leaders in integrating technology, engineering practices, and lessons learned, bringing the "best of breed" solutions to our customers across multiple market sectors and environments.
Please visit this employer's Public Profile to see more jobs offered by ASSETT, Inc.