SECURITY CONTROL ASSESSOR (SCA)

Optimal Ventures is seeking a Security Controls Assessor to join our team of passionate individuals. In this role you will support challenging, mission-critical projects that make a direct impact on the nation’s security and intelligence mission. Arlington, VA. 

Summary

As a Security Control Assessor (SCA), you will be instrumental in evaluating and enhancing the security posture of our organization. Reporting to the Chief Information Security Officer, your role involves conducting thorough security assessments in alignment with NIST standards, FedRAMP, and FISMA requirements. Leveraging your core skills in vulnerability management and network security, you will identify potential risks and recommend effective mitigation strategies. Your premium expertise in ISO standards and IT infrastructure will further strengthen our compliance efforts. Join us to safeguard our information systems and contribute to a secure operational environment.

Key Responsibilities:

• Assessment and Evaluation:
• Conduct assessments of security controls to determine their effectiveness in protecting systems and data.
• Evaluate systems against frameworks such as NIST RMF (Risk Management Framework), ISO 27001, FedRAMP, or other relevant standards.
• Security Testing:
• Perform security testing, such as vulnerability scans and penetration testing, to validate the effectiveness of controls.
• Ensure systems comply with security requirements and industry best practices.
• Documentation:
• Prepare and review security assessment reports (SARs), risk assessments, and plans of action and milestones (POA&Ms).
• Document findings, including vulnerabilities, compliance gaps, and recommendations for remediation.
• Collaboration:
• Work closely with system owners, developers, and IT teams to ensure security controls are implemented effectively.
• Provide guidance on remediation efforts and best practices for improving security posture.
• Compliance Assurance:
• Ensure systems align with applicable regulatory requirements (e.g., FISMA, HIPAA, PCI DSS).
• Participate in audits and inspections to verify compliance with security standards.
• Continuous Monitoring:
• Monitor and assess systems on an ongoing basis to ensure security controls remain effective as environments and threats evolve.

Qualifications

• Strong understanding of computer networking and routing protocols
• Proficiency in firewall management and network security
• Experience with vulnerability assessment and management
• Familiarity with NIST standards, FedRAMP, and FISMA compliance
• Knowledge of PCI and ISO standards
• Experience with security analysis and information security practices
• Relevant certifications in IT security and risk management are preferred