FISMA Security Control Assessor – hiring multiple positions
The FISMA Security Control Assessor has specialized experience in the security authorization following NIST guidelines, process analysis and redesign, performance measurement and management, strategy, risk management, and security operations. She/he must have a minimum of two years of experience consulting or conducting security assessments in accordance with NIST guidelines, a Bachelor’s degree (engineering, math, or science degree is required). Four years of relevant work in conducting assessments is preferred.
The individual will provide System Authorization support services, including conducting independent assessments, assisting in the development of required security documentation, and the preparation, review, and briefing of completed authorization packages for signature for FISMA reportable systems. This will include the documents that comprise a full System Authorization (initial) or Re-Authorization based on the current FAA System Authorization Handbook. The individual must provide support to develop a System Authorization packages and execute the associated tasks required in support of their development through independent assessment or ISSO support services.
The individual will provide Independent Assessment Services:
• Assessment of system security controls as documented in the SSP.
• Conduct a risk assessment based on findings of the security controls assessment.
• Develop the Security Assessment Report (SAR).
• Develop the Risk Assessment Report (RAR).
• Document the POA&Ms.
• Support the development of the Executive Summary.
The individual will conduct annual reviews and make updates to the system documentation.
Experience with FAA, FAA security, and Cyber Security Assessment Management (CSAM) is a plus.