Jobs · himalayas

V

Security Controls Assessor

Meridian Softworks · United States · Posted 22d ago

remotesenior2-5 yrsEstimated 100k-231k USD🇺🇸 United States
Apply on himalayas

About the role

Lead technical security control assessments and provide expertise for government information systems.

Position Description Meridian Softworks is seeking a Security Controls Assessor to join our rapidly growing and innovative cybersecurity team! The Security Controls Assessor will lead hands-on technical security control assessments and provide FISMA and FedRAMP subject matter expertise for our government client’s information systems. The role guides assessment teams through Security Assessment and Authorization (SA&A), Annual Security Controls Assessment (ASCA), and Event-Driven assessments against NIST SP 1000-53 producing audit-defensible packages and mentoring junior analysts. Named one of the Best Places to Work in the Washington DC area for 12 consecutive years , Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now! Location: The Security Controls Assessor can expect 100% telework. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below. Eligibility Requirements: U.S. Citizenship is required due to federal contract obligations, along with the ability to successfully pass a federal background investigation . Required Experience: Two (2) or more years of progressively responsible experience in information security, security control assessment, or cyber risk management. Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or a related field, or an additional three (3) to five (5) years of relevant experience in lieu of a degree. Demonstrated hands-on experience assessing NIST SP 800-53 controls and producing A&A artifacts (System Security Plan, Security Assessment Plan, Security Assessment Report, Security Controls Traceability Matrix, and Plan of Action and Milestones). Knowledge of FISMA, the NIST Risk Management Framework (NIST SP 800-37), FedRAMP, ISCM, and CDM. Demonstrated experience with technology risk assessments, security engineering, and security architecture principles. Experience with cloud systems, cloud service providers, and FedRAMP requirements. Experience with GRC platforms (e.g., Qmulos Q-Compliance, ServiceNow GRC), SharePoint, scanning tools, and SIEM (e.g., Splunk). Familiarity with FIPS 199 security categorization and privacy control assessment. Strong written and verbal communication and stakeholder engagement skills. Preferred Certifications CISSP, CISM, CISA, or CAP certification preferred. Responsibilities Lead hands-on technical NIST SP 800-53 security control assessments, including applicable overlays (e.g., high-value assets, artificial intelligence, critical software, and FedRAMP). Serve as a FISMA and FedRAMP technical subject matter expert across SA&A, ASCA, and Event-Driven Security Controls Assessment efforts. Guide the Discovery, Assessment, Risk Validation, and Finalization stages, including Security Assessment Plan development, evidence collection, control assessment meetings, and Security Assessment Report finalization. Coordinate and conduct stakeholder meetings and findings reviews, and brief stakeholders on draft Security Assessment Report findings and risk decisions. Maintain and update assessment package templates (Security Assessment Plan, System Security Plan, Security Controls Traceability Matrix, Security Assessment Report, and Action Item List) for consistency and compliance. Assess the impact of new laws, regulations, policies, and guidance on the client’s assessment requirements and recommend process changes. Provide day-to-day technical direction and mentorship to other security analysts. Incorporate threat modeling and threat hunting into the assessment process to proactively identify and mitigate risks. Recommend automation approaches, including robotic process automation, workflow orchestration, and data transformation, to improve assessment efficiency and accuracy. Support FedRAMP package reviews for cloud efforts and responses to data calls and audits from the agency inspector general, GAO, and OMB. Provide knowledge transfer and upskilling to federal staff so they can perform assessments and serve as backup to contractor assessors. About Meridian Softworks Meridian Softworks is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Meridian Softworks prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to suppor

Read the full posting on himalayas

FAQ

Is the Security Controls Assessor role at Meridian Softworks remote?+

This Security Controls Assessor position is listed as remote (United States).

What is the salary for the Security Controls Assessor role at Meridian Softworks?+

The listing states Estimated 100k-231k USD.

What seniority level is this Security Controls Assessor role?+

This is a senior level position.

How do I apply for the Security Controls Assessor role at Meridian Softworks?+

Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Meridian Softworks.