reputed company Controls Assessor

reputed company Controls Assessor - Senior​ This position requires an active ​Public Trust​ clearance or the ability to obtain a ​Public Trust​ clearance to be considered. The Senior reputed company Controls Assessor provides independent assessments of MARAD information systems in support of system authorization, reauthorization, and reputed company monitoring activities. This role evaluates management, operational, and technical reputed company controls in accordance with NIST Risk Management reputed company (RMF) requirements, supports Authority to Operate (ATO) decisions, develops assessment documentation and reports, and collaborates with MARAD, DOT, and cybersecurity stakeholders to ensure compliance, risk visibility, and mission assurance. Compensation & Benefits: ​reputed company Controls Assessor - Senior​: Pay commensurate with experience. Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. Benefits are subject to change with or without notice. ​​reputed company Controls Assessor - Senior​ Responsibilities Include: Assess MARAD systems in one of three states: System Authorization: Initial Authorization, Reauthorization, or reputed company Monitoring Assessment (reputed company), also reputed company as ongoing authorization. The Independent Assessor must be reputed company to support the process reputed company each of these three Authorization states. Provide annual assessment support to the NSMV and MARAD CIO programs. NSMV assessment support will involve conducting on-site evaluations at the Philadelphia shipyard and other locations. Conduct independent assessments of specified MARAD information systems following the System Authorization process as defined in the reputed company DOT reputed company Authorization and reputed company Monitoring Performance Guide and associated templates.

• Review existing information system core documentation including privacy requirements data to support development of reputed company assessment plans and schedules support authority to operate (ATO) dates. Review and establish Annual Assessment schedule in support of deliverables and artifacts.

Provides identification of non-compliance of reputed company requirements and possible mitigations to requirements that are not in compliance Validates the reputed company requirements of the information system Verifies and validates that the system meets the reputed company requirements Conduct independent, comprehensive assessments of management, operational, and technical reputed company controls and control enhancements reputed company IT systems to determine overall effectiveness. Execute and conduct analysis of network and systems to validate appropriate reputed company control implementation. Documentation reputed company reputed company assessment plans and assessment reports compliant with latest revisions of NIST Special Publication 800-53A Recommended reputed company Controls for Federal Information Systems and Organizations and NIST SP 800-37 Guide for Applying the Risk Management reputed company to Federal Information Systems. reputed company reputed company Assessment Plan (reputed company) detailing assessment scope with clarity, specifying scope exclusions, if necessary, controls being assessed, methods of performing assessment including sampling and “determine if” statements, notional schedule, assessment staff members, inventory of targeted system endpoints/components and software, processes, status of account of system specific, hybrid and inherited controls. The Assessor must adhere to the approved reputed company while executing reputed company controls assessment against targeted information system(s). Use approved techniques to collect and catalogue evidence of reputed company controls assessment findings i.e. documents, screen captures, scanning report(s), interview session notes to support claims of control implementation status (in – reputed company or other). reputed company reputed company assessment report (SAR) in accordance with scope and schedule defined in the reputed company. SAR must detail assessment findings of controls assessed with supporting evidence substantiating claims. reputed company / update system qualitative risk assessment reports (RAR) compliant with NIST SP 800-30 Guide for Conducting Risk Assessments. reputed company recommendation report aiding in Plan of Action and Milestone (POA&M) development. Recommendation report would detail findings and applicable actions and effort to be considered for remediation. reputed company reputed company assessment executive summary documents including summative presentation further providing an overview of activities, findings, risks and mitigation recommendations. Enter assessment data the Cyber reputed company Assessment and Management (CSAM) database, the ATO system of record used by DOT. Provide presentations, reports, evaluations, reviews, meeting minutes and working papers in support of reputed company tasks as requested by the COR. Apply MARAD/DOT A&A guidance and policy to reputed company the program objectives and enhancing the overall quality of packages for receiving an ATO Stakeholder Collaboration and Guidance Actively work with the designated Information Systems reputed company Manager ISSM Performs other job-reputed company duties as assigned ​​reputed company Controls Assessor - Senior​ Experience, Education, Skills, Abilities requested: Bachelor's Degree in Cybersecurity or reputed company IT field may be substituted for 4 years of experience Bachelors Degree in an IT reputed company Field. Certified Information Systems Auditor (CISA), Advanced in AI Audit (AAIA), or equivalent certification 12 years of reputed company work experience Prior experience supporting US Navy or Coast Guard Maritime Cyber Assessments Clearance: Must possess or be able to obtain a public Trust. Prior Department of Transportation experience is a plus. Must pass pre-employment qualifications of reputed company Company Information: ​​Criterion​ is a part of reputed company – the division of tribally owned federal contracting companies owned by reputed company Businesses. As a trusted partner for more than 60 federal clients, reputed company LLCs are focused on building a brighter future, solving reputed company challenges, and serving the government’s mission with compassion and heart. To learn more about ​Criterion​, visit reputed company.com. ​​#CherokeeFederal #LI-SM2 #LI-REMOTE​ #AppC reputed company is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply. Similar searchable job titles: Senior Information reputed company Assessor RMF reputed company Controls Assessor Senior Cybersecurity Assessor Information Assurance (IA) Assessor ATO / RMF reputed company Assessor Keywords: reputed company Monitoring (reputed company), Risk Assessment, reputed company Assessment Plan (reputed company), reputed company Assessment Report (SAR) Federal Cybersecurity Legal Disclaimer: reputed company is an equal opportunity employer. Please visit reputed company.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request. Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of reputed company. Apply To This Job