Apply on Employer Site

DataLock Consulting Group · 1 month ago

Cybersecurity Quality Assurance Analyst Independent Verification and Validation (IV&V)

United States

Full-time

Remote

Senior Level

5+ years exp

DataLock Consulting Group is seeking a Cybersecurity Quality Assurance Analyst to support independent verification and validation activities. The role involves ensuring that cybersecurity assessment products meet technical, security, and quality standards before delivery, as well as validating compliance with federal frameworks and confirming the accuracy of risk documentation.

ComplianceConsultingCyber SecurityInformation TechnologySecurityTraining

Responsibilities

Review cybersecurity assessment documentation for accuracy, completeness, and compliance

Conduct independent verification and validation of technical findings and risk statements

Evaluate evidence against federal and industry standards

Assess vendor cybersecurity risk and review third party risk documentation

Validate compliance with ISO, SOC, and NIST standards

Identify deficiencies or deviations from required quality and security standards

Provide feedback and guidance to assessment teams to maintain quality consistency

Maintain documentation, audit trails, and quality records

Support internal audit activities and process improvement initiatives

Prepare reports for management review and quality control oversight

Recommend enhancements to assessment processes and methodologies

Qualification

Cybersecurity experienceRisk managementISO 27001NIST SP 800-53Analytical skillsVendor risk assessmentTechnical writingCommunication skillsSystems Development Life CycleCybersecurity control assessmentThird party risk processesRisk-based due diligenceAssessment documentationQuality assuranceAudit trailsOrganizational skillsProblem solvingDocumentation capabilities

Required

Seven or more years of relevant cybersecurity experience

At least five years of experience in Information Security Governance, Risk, and Compliance

Expertise in writing technical and risk management reports

Strong analytical, problem solving, and organizational skills

Experience assessing and mitigating risks associated with vendor relationships and vendor control evaluations

Experience performing risk-based due diligence

Technical understanding of cybersecurity concepts and working knowledge of ISO 27001, SOC 1 and SOC 2, NIST SP 800-53, and NIST SP 800-171

At least three years of experience in third party cybersecurity risk management

Experience evaluating third party cyber risk

Experience developing and implementing sustainable third party cyber risk processes

Experience conducting assessments using NIST SP 800-53 within a federal agency

Strong verbal and written communication skills

Effective technical writing and documentation capabilities

Experience in cybersecurity control assessment environments

Ability to document cyber assessments and communicate results clearly

Understanding of the Systems Development Life Cycle and its application to secure systems

Candidate must hold and provide proof of at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Third Party Risk Professional (CTPRP), Certified Third Party Risk Assessor (CTPRA)

Preferred

Advanced degree in a cybersecurity or technical field preferred, with experience or directly relevant certifications substituting for academic credentials

Advanced degree preferred