Job Description

KEY RESPONSIBILITIES:

• ssess security controls based on NIST 800-53 standards.
• Conduct interviews, reviews, and testing to verify compliance.
• Proficient in developing and maintaining comprehensive security documentation, including:

o System Security Plans (SSPs), o Security Assessment Report (SARs), o Security Assessment Workbook (SAW) and o Plan of Action & Milestones (POA&Ms)

• Support risk assessments and vulnerability analyses.
• Conduct system security control assessments for federal information systems, applications, and cloud environments
• Perform risk assessments and recommend actionable mitigation strategies to stakeholders.
• Create and update security documentation, including policies, procedures, and test plans.
• Collaborate with system owners, ISSOs, and IT teams to implement and document security requirements.
• Communicate findings, risks, and mitigation efforts to technical and non-technical stakeholders.

REQUIRED KNOWLEDGE & SKILLS:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• 3-5+ years of experience in security compliance, risk management, or related fields, with strong knowledge on NIST SP 800-53, CMS MARS-E 2.2,

FedRAMP, HIPAA, PCI, State RAMP, SOC 2 Type II, and other relevant industry and government cyber security compliance standards and frameworks • bility to manage multiple tasks effectively while working independently and collaboratively.

ABILITIES:

• bility to conduct independent security control assessments for federal systems and cloud environments.
• Skilled in performing detailed risk assessments and providing actionable mitigation strategies.
• Strong written and verbal communication skills, capable of collaborating effectively with stakeholders, including system owners, ISSOs, and IT teams.
• Demonstrated ability to manage multiple tasks effectively, both independently and in a team environment.
• Strong problem-solving and analytical abilities to address complex security challenges.

FOLLOWING INDUSTRY STANDARD CERTIFICATIONS ARE PREFERRED BUT NOT REQUIRED:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Cloud Security Professional (CCSP) RIT Solutions, Inc.

Job Tags

Similar Jobs