Provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities
Prepare the final security assessment report containing the results and findings from the assessment. Prior to initiating the security control assessment, an assessor conducts an assessment of the security plan to help ensure that the plan provides a set of security controls for the information system that meet the stated security requirements
Review and approve the IS Security Control Assessment Procedures, the Security Assessment Plan, the System Security Plan (SSP), and the Security Control Traceability Matrix (SCTM)
Perform configuration management of a client central repository for authorization documentation (i.e., Body of Evidence (BOE)), which is maintained using an A&A workflow software application
Review and compile the BOE (i.e., security control allocations, security control implementations, test results, Security Assessment Reports (SARs), POA&Ms, risk acceptance recommendations, and risk mitigation strategies) to support the recommendation for client risk acceptance authorization decisions
Review SARs, verify test results, and create POA&Ms to document corrective actions with milestone completion dates
$110,000-$155,000
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
Bachelor's with 5+ years (or commensurate experience) of experience as a Security Control Assessor
Experience conducting security control assessments of all NIST 800-53 controls.
Senior-level security control assessors should have 7 to 10 years of experience.
At least one of the following certifications: Security+, CAP
Technical understanding (understanding network diagrams, vulnerability and compliance scans)
Experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRP) and Plan of Action and Milestone (POA&M) tables.
Excellent Communication skills (written and oral)
Experience creating and maintaining various security documents such as the Security Assessment Plan
Thorough knowledge of NIST 800-53 security controls and required documentation
Conduct security control assessments based on a Risk Management Framework approach
Experience conducting risk assessments and developing security assessment reports
- willing to go on-site in DC
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.