HHS - Security Control Assessor jobs in United States
cer-icon
Apply on Employer Site
company-logo

cFocus Software Incorporated · 1 day ago

HHS - Security Control Assessor

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date7+ years exp

cFocus Software is seeking a Security Control Assessor to support the Department of Health and Human Services (HHS). The role involves leading and managing Security Control Assessments (SCAs) for HRSA systems, developing assessment plans, and ensuring compliance with federal standards.

ChatbotGovernmentInformation TechnologySoftware
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Lead and manage Security Control Assessments (SCAs) for HRSA systems, programs, and components in accordance with the RMF lifecycle
Develop, review, and approve Security Control Assessment Plans (SCAPs), defining assessment scope, methodology, sampling strategies, schedules, and resource needs
Coordinate and conduct assessment kickoff meetings, interviews, and out-briefs with System Owners, ISSOs, administrators, and stakeholders
Develop and tailor Assessment Test Plans (ATPs) and test procedures aligned to NIST SP 800-53A assessment methods
Assess management, operational, technical, and privacy controls to determine whether controls are implemented correctly, operating as intended, and producing the desired outcomes
Validate control inheritance from FedRAMP-authorized systems, common control providers, and shared services, including review of CRMs and SSP documentation
Perform risk analysis using qualitative and quantitative methods, including CVSS scoring, likelihood and impact analysis, and alignment with organizational risk tolerance
Produce comprehensive Security Assessment Reports (SARs) documenting testing results, findings, risk ratings, and remediation recommendations
Ensure findings are accurately entered into the HRSA eGRC tool and properly mapped to POA&Ms with supporting evidence
Verify remediation actions and validate closure evidence for resolved findings
Maintain assessment cadence in accordance with the HRSA SCA Process SOP and defined timelines
Utilize automation technologies including OSCAL, AI-assisted assessment tools, automated evidence collection, and continuous control monitoring solutions
Conduct cloud and FedRAMP-specific assessments, including shared responsibility model validation and CSP security posture review
Assess systems against Zero Trust Architecture maturity models and emerging technology risks including AI, IoT, and cloud-native services

Qualification

NIST SP 800-37NIST SP 800-53NIST SP 800-53ASecurity Control AssessmentsEGRC platformsCISSPFedRAMP assessmentsRisk analysisCloud security evaluationsAutomation technologiesCommunication skills

Required

Bachelor's degree in Cybersecurity, Information Technology, or related field
Minimum 7–10 years of experience performing federal RMF and Security Control Assessments
Expert knowledge of NIST SP 800-37, NIST SP 800-53, and NIST SP 800-53A
Demonstrated experience leading SCAs and producing SARs for FISMA systems
Experience with FedRAMP assessments and cloud security evaluations
Hands-on experience with eGRC platforms such as RSA Archer
Strong written and verbal communication skills
Ability to obtain a Public Trust clearance

Preferred

CISSP, CISA, GSNA, CRISC, or equivalent cybersecurity certification preferred
Certified Authorization Professional (CAP) preferred

Company

cFocus Software Incorporated

twittertwitter
company-logo
cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint.
dateFounded in 2006
location
Largo, Florida, USA
people-size11-50 employees
web-link
https://cfocussoftware.com/

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Manisha Griesinger, MPH, MSc
Program Manager | U.S. EPA Office of the Chief Financial Officer
linkedin
Company data provided by crunchbase