Security Controls Assessor

Job Description

CVP is an award-winning healthcare and next-gen technology consulting firm recognized for excellence and innovation in the solutions we have provided our clients across healthcare, national security, and the public sector.

We are seeking a Security Control Assessor to join our team of experts tasked with securing the critical networks and systems our clients depend on.

Responsibilities:

• Provide expertise in and perform actions related to:
• Assessment and Accreditation
• Risk Management
• Reviewing scan results
• Audit log reviews
• Vulnerability Management
• Handling of Privacy-related and sensitive data
• Advise and notify management (e.g., system owner, Chief Information Security Officer, (CISO), Chief Information Officer [CIO], and/or Authorizing Official (AO)) on:
• Risk levels and security posture
• Changes affecting the organization's cybersecurity posture
• Impact levels for Confidentiality, Integrity, and Availability for the information on a system.
• Conduct interviews
• Facilitate small group discussions
• Answer questions in a clear and concise manner.
• Ask clarifying questions and accurately capture responses.
• Test and/or observe system operations to validate implementation statements in provided artifacts or the result of interviews
• Analyze test data.
• Collect, verify, and validate test data.
• Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Prepare and present briefings
• Produce technical documentation.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Assess security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• Understand security controls and how they are applied
• Assess the effectiveness of security controls
• Conduct tests that include verification that the features and assurances required for each protection level are functional.
• Assess the configuration management (change configuration/release management) processes.
• Assess changes in the system, its environment, and operational needs that could affect the accreditation.
• Assess information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Assess security systems designs.
• Assist client and team with responses to data calls and audits
• Assist with the preparation of accreditation packages
• Collect and maintain data needed to meet assessment reporting
• Conduct application vulnerability assessments.
• Conduct periodic testing of the security posture of the information system.
• Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
• Understand how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
• Develop, review, endorse, and recommend action for both the Risk Executive and Authorizing Official.
• Discern the protection needs (i.e., security controls) of information systems and networks.
• Ensure plans of actions and milestones or remediation plans are in place for findings and vulnerabilities identified during risk assessments, audits, inspections, etc.
• Ensure security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
• Ensure security improvement actions are evaluated, validated, and implemented as required.
• Exercise judgment when policies are not well-defined.
• Experience demonstrating strong analytical, troubleshooting and problem-solving skills for security information and event management
• Identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
• Identify measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
• Identify systemic security issues based on the analysis of vulnerability and configuration data.
• Interpret and translate customer requirements into operational action.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Participate as a member of planning teams, coordination groups, and task forces as necessary.
• Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
• Perform analysis of security features for system architectures.
• Perform impact/risk assessments.
• Perform risk assessments, evaluate security documentation, and provide written recommendations for authorization.
• Perform security assessment of information systems leveraging established testing and evaluation techniques and tools.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan to include recommendations for remediation.
• Prepare and maintain required artifacts, i.e., Security Assessment Report (SAR) and associated documentation
• Provide input to the Risk Management Framework process activities and related documentation
• Recognize a possible security violation and take appropriate action to report the incident, as required.
• Recommend corrective actions to address identified findings and/or vulnerabilities from an assessment
• Review artifacts provided, some of which may be technical or procedural in nature
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• Review vulnerability scan results and recognize vulnerabilities in security systems.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Tailor assessments and analysis to the necessary levels (e.g., classification and organizational).
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Translate data and test results into evaluative conclusions.
• Understand technology, management, and leadership issues related to organization processes and problem solving.
• Understand the basic concepts and issues related to cyber and its organizational impact.
• Verify application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Work in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.
• Maintain appropriate technical and procedural documentation
• Build and maintain client and stakeholder relationships
• Complete projects, tasks, and associated deliverables on time and with quality.
  
  

Qualifications:

• Must be eligible to obtain a Public Trust government security clearance.
• Two (2) years of federal security support experience
• 4-year college degree in Computer Science or related field.
• Experience demonstrating strong analytical, troubleshooting and problem-solving skills for cybersecurity.
• Excellent communication skills, both written and oral.
• At least five (5) years of cybersecurity experience, including at least two (2) years directly engaged with cybersecurity assessment and risk management activities.
  
  

Desired Skills

• Any one of the following:
• Security+ Certification
• Certified Information System Security Professional (CISSP)
• Certified Authorization Professional (CAP)
• Two (2) years of federal security support experience
• Experience with automated tools (Tenable Nessus, WebInspect, Splunk, etc)
• Experience with CSAM
  
  

Location:

• Must be DC Metro Local in order to attend monthly meetings
  
  

Company Description

CVP is an award-winning healthcare and next-gen technology and consulting services firm solving critical problems for healthcare, national security, and public sector clients. We help organizations achieve lasting transformation and build a healthy, safe, and equitable world—a future we call What’s Next.

What do we do? We do work that matters like advancing mental and behavioral health, streamlining immigration, and improving access and outcomes for underserved populations including Veterans, people experiencing homelessness, and rural American residents.

How do we do it? Our team of industry experts deliver integrated, innovative solutions in Healthcare Research & Technology, Digital Transformation, Data Science, Cybersecurity, Marketing Communications & Change Management, and Strategy & Transformation.

Why do we do it? Our core values define the CVP culture, guide our decisions, and enable our client-focused mission. We’re relentlessly focused on making a difference and building What’s Next for our clients and their customers.

We believe diversity, equity, and inclusion are essential components of our individual and collective success, and our commitment to hiring and supporting Veterans has earned us three HIRE Vets gold medallions. Join us to start or advance your career with a mission-focused firm transforming healthcare, enhancing security, and making government work better.

Customer Value Partners, LLC is a VEVRAA Federal Contractor and an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability. Customer Value Partners seeks to provide employment opportunities for protected veterans and individuals with disabilities.

CVP is an award-winning healthcare and next-gen technology and consulting services firm solving critical problems for healthcare, national security, and public sector clients. We help organizations achieve lasting transformation and build a healthy, safe, and equitable world—a future we call What’s Next. What do we do? We do work that matters like advancing mental and behavioral health, streamlining immigration, and improving access and outcomes for underserved populations including Veterans, people experiencing homelessness, and rural American residents. How do we do it? Our team of industry experts deliver integrated, innovative solutions in Healthcare Research & Technology, Digital Transformation, Data Science, Cybersecurity, Marketing Communications & Change Management, and Strategy & Transformation. Why do we do it? Our core values define the CVP culture, guide our decisions, and enable our client-focused mission. We’re relentlessly focused on making a difference and building What’s Next for our clients and their customers. We believe diversity, equity, and inclusion are essential components of our individual and collective success, and our commitment to hiring and supporting Veterans has earned us three HIRE Vets gold medallions. Join us to start or advance your career with a mission-focused firm transforming healthcare, enhancing security, and making government work better. Customer Value Partners, LLC is a VEVRAA Federal Contractor and an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability. Customer Value Partners seeks to provide employment opportunities for protected veterans and individuals with disabilities.