Security Control Assessor 3

POSITION RESPONSIBILITIES

Note : All official drafts, documents and recommendations, as listed below, must be reviewed, finalized and approved / accepted by appropriate BPA manager or other federal personnel with the authority to do so.

Review and interpret cyber security and privacy policies & procedures, providing recommendations and action plans to the BPA Manager and team leads.

Analyze and report organizational & system security posture trends.

Alert the BPA Manager to any discovered or potential security posture trends.

Review and develop privacy impact assessments for information systems

Develop organizational level implementation details of NIST security and privacy controls for information systems.

Coordinate and communicate with cyber security and privacy organizations on the organizational level implementation details of NIST security and privacy controls for information systems to achieve consensus.

Communicate verbally and in writing organizational cyber security policies, procedures and implementation details of NIST security and privacy controls for information system owners.

Liaison with information system owners, system security managers, information system security officers and others on the implementation details for the NIST cyber security and privacy controls.

Review and develop role-based access control baselines for information systems in accordance with cyber security policies.

Verify and update security documentation reflecting the application / system security design features.

Verify minimum security requirements are in place for all applications.

Review information system implementation details for NIST cyber security and privacy controls.

Provide recommendations and corrective actions to remediate deficiencies

Monitor and oversee the implementation of approved Plan of Action and Milestones (POAMs) as they relate to individual information system security plan and risk assessment deficiencies.

Document information system security implementation details in the cyber security assessment and remediation tracking system.

Review and evaluate the BPA infrastructure protection program, including policies, guidelines, tools, methods, and technologies.

Identify current and potential problem areas for individual information systems.

Provide recommendations to remediate deficiencies and prevent future vulnerabilities.

Review and provide recommendations to information system owners, system security managers, information system security officers on information system designs to align with applicable cyber security and privacy policies and principles.

Coordinate with and support information system operational teams on the implementation of information system designs, configurations, role-based access control, monitoring and auditing to align and comply with applicable cyber security and privacy policies

REQUIREMENTS

Education & Corresponding Experience (required on matrix)

Bachelor's Degree in Computer Science, Information Technology, Cyber Security, or a related technical field is highly preferred.

With Bachelor's Degree in applicable fields : years of experience is required

With an Associate's Degree in applicable fields : years of experience is required

Without a Degree : years of experience in Computer / Information Technology or related field is required

Experience must include direct work experience conducting assessments of compliance and operational and technical security controls employed within or inherited by an Information System to determine the overall effectiveness of the controls (, the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).

Required Technical Skills & Experience (required on matrix)

Knowledge of cyber security and privacy principles and organizational requirements relevant to FISMA and information system confidentiality, availability, and integrity.

Knowledge of Security Assessment and Authority to Operate (ATO) processes.

Demonstrated skill in the application of cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Extensive Knowledge of information technology (IT) security principles and methods (, firewalls, demilitarized zones, encryption).

Advanced Knowledge of network security architecture concepts including topology, protocols, components, and principles (, application of defense-in-depth).

Demonstrated skill in developing and documenting information system designs.

Demonstrated technical writing and communication skills

Demonstrated ability to build consensus across a wide group of stakeholders

Preferred Skills & Experience (optional on matrix)

Experience in the Information Assurance (IA) of information systems in the federal government

Experience with RS Archer