Global CI (Global Commerce & Information, Inc.) ยท 2 months ago
Security Control Assessor
Cockeysville, MD
Full-time
Onsite
Mid, Senior Level
5+ years expGlobal CI is an award-winning 30-year IT Services company dedicated to improving lives through technology. The Security Control Assessor is responsible for planning, executing, and documenting security control assessments to ensure compliance with federal security requirements and to evaluate the effectiveness of implemented security controls.
ConsultingGovernmentInformation ServicesInformation Technology
Responsibilities
Develop and execute Security Assessment Plans (SAPs) aligned with NIST 800-53A Rev. 5 assessment procedures
Conduct independent security control assessments (SCAs) to validate that implemented controls meet applicable federal and agency security requirements
Perform evidence reviews, interviews, and technical testing (e.g., configuration validation, vulnerability scans, policy reviews)
Document findings, weaknesses, and residual risks in Security Assessment Reports (SARs) and provide recommendations for remediation
Assess the implementation and effectiveness of security controls across all NIST control families, including Access Control (AC), Audit and Accountability (AU), Configuration Management (CM), Incident Response (IR), Risk Assessment (RA), and System & Communications Protection (SC)
Collaborate with Information System Owners (ISOs), Information System Security Officers (ISSOs), and Authorizing Officials (AOs) to clarify assessment results and risk posture
Map findings to Risk Management Framework (RMF) steps 4 and 5, supporting authorization decisions
Participate in Continuous Monitoring (ConMon) and annual assessment activities for ongoing authorization
Ensure assessment procedures are consistent with NIST, FedRAMP, and agency-specific security requirements
Maintain up-to-date understanding of changes in NIST guidance, FISMA, and Zero Trust Architecture (ZTA) frameworks that impact assessment criteria
Qualification
Required
Bachelor's degree in Computer Science, Information Assurance, Cybersecurity, or a related field (or equivalent experience)
5+ years of experience performing security control assessments under NIST RMF or FedRAMP
In-depth knowledge of NIST SP 800-53 Rev. 5, NIST SP 800-53A Rev. 5, and NIST SP 800-37 Rev. 2
Experience using security assessment tools such as Nessus, Splunk, ACAS, OpenVAS, or equivalent
Familiarity with vulnerability management, configuration baselines, and system security documentation (SSP, POA&M, SAR)
Strong analytical, documentation, and reporting skills
Ability to communicate technical findings clearly to both technical and non-technical audiences
Active security clearance (Public Trust, Secret, or higher) or ability to obtain one
Preferred
Certifications such as CISSP, CISA, CAP, CEH, or Security+
Experience performing assessments in FedRAMP, DoD RMF, or Client CDM environments
Knowledge of Zero Trust principles and their alignment with NIST SP 800-207
Familiarity with ServiceNow IRM/CAM GRC platforms for tracking assessment evidence and results
Prior experience supporting federal agencies such as SSA, HHS, or Client
Benefits
Comprehensive medical, dental, vision, life, and short & long-term disability insurance + health savings account
Matching 401k retirement plan + IRA's and Roth IRA's
Generous paid time off and paid holidays
Employee recruitment/referral bonus
Paid community service hours
Tuition reimbursement
Employee discounts
Company
Global CI (Global Commerce & Information, Inc.)
Global Commerce & Information, Inc.
51-200 employees
Funding
Current Stage
Growth StageLeadership Team
Michael Parrish
Chief Operating Officer
Company data provided by crunchbase