Overview
Lead Security Control Assessor (SCA) Jobs in Washington, DC at Tangent Technologies, LLC
Title: Lead Security Control Assessor (SCA)
Company: Tangent Technologies, LLC
Location: Washington, DC
Location: Washington DC
Employment Type: Full-Time
Job Summary:
Tangent Technologies is seeking a highly skilled Lead Security Control Assessor (SCA) to oversee security assessment activities in support of federal cybersecurity programs. The ideal candidate will have extensive experience with the Risk Management Framework (RMF), Assessment & Authorization (A&A) processes, and security control assessments. This position is contingent upon contract award.
Responsibilities:
Lead and conduct security control assessments to evaluate the effectiveness of security controls in accordance with NIST and RMF guidelines
Prepare, review, and finalize Security Assessment Reports (SARs) based on assessment findings
Assess security vulnerabilities and determine risk severity, recommending appropriate remediation actions
Provide independent verification and validation (IV&V) testing and A&A support to ensure compliance with federal cybersecurity standards
Conduct risk and vulnerability assessments, analyze threats, and propose risk mitigation strategies
Develop and maintain A&A documentation and ensure all security requirements are met
Provide response and remediation support for security incidents and identified weaknesses
Collaborate with stakeholders to enhance security policies, procedures, and controls to protect information systems
Communicate effectively with technical and non-technical stakeholders, providing expert recommendations and briefing leadership on assessment results
Qualifications:
Bachelor’s degree in Cybersecurity, Information Technology, or a related field from a U.S. accredited institution
Minimum 5 years of experience in Risk Management Framework (RMF), A&A documentation development, and security control assessments
Certifications: One or more of the following:
Certified in Governance, Risk, and Compliance (CGRC)
Certified Information Systems Security Professional (CISSP)
Or equivalent certification(s)
Demonstrated experience in:
Evaluating security controls of information systems
Assessing weaknesses or deficiencies and recommending corrective actions
Security assessment reporting (initial and final SARs)
Independent verification and validation (IV&V) testing
Conducting risk and vulnerability assessments
Providing response and remediation support services
Strong written and verbal communication skills, with the ability to work collaboratively in a team environment
Preferred Qualifications:
Experience supporting federal government cybersecurity programs
Knowledge of FISMA, NIST 800-53, and other federal cybersecurity frameworks
Experience with security automation tools and continuous monitoring technologies
Powered by JazzHR
IXuOLvenKi
