Apply on Employer Site

Arlo Solutions · 1 month ago

(178) Senior Security Control Assessor

Hybrid

Full-time

Hybrid

Senior Level, Lead/Staff

10+ years exp

Arlo Solutions is an information technology consulting services company specializing in technology solutions. They are seeking a Senior Security Control Assessor to evaluate the cybersecurity posture of DoD IT systems, providing risk assessments and recommendations to ensure compliance and security integrity.

Cyber SecurityInformation TechnologyManagement Consulting

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Provide the AO with an independent risk assessment of assigned systems and an authorization

Advise Program Managers on AO determination utilizing OVL documentation

Provide senior advisory support to CDAO AO regarding authorizations of CDAO capabilities

Utilize expert knowledge and experience regarding risk management strategies in support of a major DoD program

Providing support regarding the agile authorization and OVL processes

Provide independent risk analysis and recommendation

Collaborate between the AO and the program as well as Program leadership

Identify the security baseline based on the mission and security impacts to the system

Determine assessment criteria, develop, review, and create a plan to assess the security requirements

Assess the security requirements in accordance with the assessment procedures defined in the Security

Assessment Plan (SAP)

Prepare the Security Assessment Report (SAR)

Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate

Develop the Risk Recommendation and AO Determination Brief

Develop a system-level continuous monitoring strategy

Author and present briefs regarding status of authorizations to AO and other senior Government officials

Provides security architecture and DoD compliance advisory support

Perform other duties as assigned or required

Qualification

NIST 800 seriesDoDI 8500.01ISO 27001Risk managementCloud complianceEMASSCISSPPolicy writingCommunicationClient focus

Required

Must have an active TS Clearance SCI eligible

Bachelor's degree in computer science/information technology, or other related degree fields

At least 10+ years of cybersecurity experience including a senior technical or management role

At least one IAT/IAM or equivalent security certifications ex. CISSP, CCSP, CISM, CISA, or CASP

Strong background in information security systems management (ISSM), risk management, and governance, risk and compliance (GRC)

Strong clients focus and commitment to continuous improvement, ability to proactively network and establish relationships

Manage multiple priorities in a high-paced and fast-changing environment

Experience supporting and assessing risks within a CI/CD DevSecOps environment

Expansive knowledge with integrating IaaS, PaaS, and SaaS offerings into government cloud environments (ie. AWS, AZURE & GCP)

Experience assessing STIGs, Cloud Compliance Guides, Shares responsibility models, and System Mission Owner responsibilities within Government Cloud Environments

Experience working with OSD leadership or Military component or branch

Expert understanding of NIST 800 series guidelines, DoDI 8500.01, DoD 8140.03, ISO 27001, COBIT, DoD RMF, OVL, and current cybersecurity best practices

Excellent communication/presentation skills briefing senior military and government civilian leadership

Experienced with writing policies, guides, procedures

Experience in hands on with eMASS, Xacta and/or other GRC tools

Experience with Federal and FedRamp A&A Processes

Experienced and comfortable advising at the Senior Executive Service (SES) level of customers