Security Control Assessor Team Lead

Steampunk
Washington, DC Remote Other
POSTED ON 2/7/2024 CLOSED ON 4/3/2024

What are the responsibilities and job description for the Security Control Assessor Team Lead position at Steampunk?

Overview

Steampunk is a proven, results-focused cybersecurity, management, and information technology services firm committed to support federal agencies that focus on protecting and defending our nation’s homeland security, intelligence, and stability. In a rapidly changing threat landscape, we have the organizational agility, deep homeland security experience, cultural insight and multidisciplinary expertise to help our customers accomplish today’s mission and anticipate tomorrow’s demands, efficiently and cost-effectively.

 

Steampunk professionals work with our federal agency customers in the administration and oversight of large government programs and initiatives.  As a member of one of our DHS support teams, you will play an important role performing a wide array of security compliance and oversight tasks to successfully accredit and maintain accreditation of critical information systems.

Contributions

As the Security Control Assessment Team Lead, you will play a pivotal role in managing risk impacting the mission; you'll serve as a senior leader enhancing the risk assessment program for a large federal law enforcement agency, ensuring program and practices align with best practices and evolving industry standards. You will be responsible for leading the transformation of our risk assessment methodologies and strategies. As a Leader of one of our DHS support teams, you will play an important role performing a wide array of team leadership duties including: 

 

  • Lead Security Control Assessment Team performing Independent risk Assessments using NIST Rev 5 and DHS policies and procedures.
  • Oversee the identification and assessment of risks across the organization, including conducting independent risk assessments.
  • Develop and execute a comprehensive strategy for modernizing the Independent Risk Assessment (SCA) program in alignment with evolving risk assessment practices and industry standards.
  • Assess the organization’s existing IT security program, work products, and tools in relation to key agency mission, security goals, and objectives.  
  • Continuously evaluate and enhance the SCA program to adapt to emerging threats and improve risk management effectiveness.
  • Integrate data analytics and modeling into risk assessments to enhance predictive capabilities and decision-making.
  • Ensure the SCA program aligns with regulatory requirements and industry standards, and proactively adapt to changes in these areas.
  • Develop and update policies, procedures, and guidelines related to risk assessment and management practices.
  • Develop, engineer and implement sustainable security testing solutions designed to address program gaps.
  • Assess and articulate risk in relation to mission/business objectives and processes.
  • Document evaluation of security processes and status in support of security authorization (also referred to as C&A or A&A) activities.

 

Qualifications

Required Qualifications:

  • Possesses and applies expertise on multiple complex work assignments which are broad in nature, requiring originality and innovation in determining how to accomplish tasks. 
  • U.S Citizen
  • Strong analytical and problem-solving skills, with the ability to assess complex risk issues.
  • Has the ability to apply comprehensive knowledge across key tasks and high impact assignments. 
  • Experience planning and leading major technology projects.
  • Evaluates performance results and recommends major changes affecting project growth and success. 
  • Functions as a technical expert across multiple project assignments.
  • Must have 9 years of IT experience (inclusive of 5 years of Cybersecurity experience) if you hold a BS or Master’s Degree in an IT field. Or, 12 years of IT experience (inclusive of 7 years of Cybersecurity experience) if you hold a BS in a non-IT field. Or, 15 years of IT experience (inclusive of 9 years of Cybersecurity experience) if you do not have a degree. 
  • Must have an active CISSP, CAP or CISA certification.

Preferred Qualifications:

 

  • In-depth knowledge of risk assessment methodologies, frameworks, and regulatory requirements.
  • Familiarity with one or more of DHS Directive 4300A, FIPS Pubs 199 & 200, and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60
  • Extensive experience as an Information System Security Officer (ISSO) or Information Security Engineer
  • Extensive experience in independent risk assessment program management, including modernization initiatives and compliance with risk management standards.
  • Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring
  • Experience in developing and implementing risk management policies and practices.
  • Experience with POA&M management
  • Experience performing Security Authorization
  • Experience performing Risk Analysis and Assessment
  • Experience with XACTA or similar tool
  • Should be able to support a minimum of four of the areas listed:  
  • Security Control Assessment
  • Security Code Analysis
  • Product Evaluation
  • Document Review and Security Technical Writing
  • Risk Assessment and Risk Management
  • Policy and Audit Services
  • 5 or more years directly supporting security of IT systems

Demonstrated capabilities performing the following: 

  • Ensuring the automated monitoring of information system assets through Continuous Diagnostics and Mitigation (CDM) tools and sensors;
  • Evaluating asset inventory of hardware and software within the program/development offices or field site facility;
  • Ensuring that security requirements for the assigned major application or general support system are being or shall be met;
  • Ensuring that requests for Security Authorization (SA, also commonly referred to as Assessment & Authorization or Certification and Accreditation) of assigned major application or general support systems are completed in accordance with the published procedures;
  • Coordinating the development of a Contingency Plan and ensuring that the plan is tested and maintained;
  • Ensuring risk analyses are completed to determine cost-effective and essential safeguards in alignment with government and industry best practice (e.g. NIST 800-30, 37, 39);
  • Ensuring preparation of security plans for sensitive systems and networks;
  • Reporting IT security incidents (including computer viruses) in accordance with established procedures;
  • Reporting security incidents not involving IT resources to the appropriate security office; and representing the security team as part of change management for assigned information systems.

 

About steampunk

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors.  Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges.  As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.

 

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program. 

Security Control Assessor, Mid
Booz Allen -
Mc Lean, VA
Security Control Assessor
Dezign Concepts LLC -
Bethesda, MD
Security Control Assessor (SCA)
SYSTEM HIGH CORPORATION -
Arlington, VA

For Employer
Looking for Real-time Job Posting Salary Data?
Keep a pulse on the job market with advanced job matching technology.
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

Sign up to receive alerts about other jobs with skills like those required for the Security Control Assessor Team Lead.

Click the checkbox next to the jobs that you are interested in.

  • SAP Asap Methodology Skill

    • Income Estimation: $151,672 - $199,860
  • Business Analytics Skill

    • Income Estimation: $115,845 - $158,970
    • Income Estimation: $123,752 - $161,465
This job has expired.
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Steampunk

Steampunk
Hired Organization Address Mc Lean, VA Other
Overview As a Steampunk Senior Salesforce Functional Analyst , you will work with Technical/Solutions Architects and Dev...
Steampunk
Hired Organization Address Mc Lean, VA Other
Overview As a Salesforce Tester , you will be an integral team member who assists the team in ensuring high quality code...
Steampunk
Hired Organization Address Mc Lean, VA Other
Overview Design. Disrupt. Repeat. Be an agent of change on a team committed to achieving client-focused, mission-driven ...
Steampunk
Hired Organization Address Mc Lean, VA Other
Overview Steampunk is seeking a Senior Cybersecurity Program Manager to support our Department of Homeland Security (DHS...

Not the job you're looking for? Here are some other Security Control Assessor Team Lead jobs in the Washington, DC area that may be a better fit.

Security Control Assessor Team Lead

The Newberry Group, Arlington, VA

Lead Security Control Assessor

CVP (Customer Value Partners), Washington, DC