Overview
Security Control Assessor Jobs in North, South Carolina, USA at CVP
Title: Security Control Assessor
Company: CVP
Location: North, South Carolina, USA
Type: Full Time
Category: IT/Tech, Security
Location: North
CVP is an award-winning healthcare and next-gen technology consulting firm recognized for excellence andinnovationin the solutions we have provided our clients across healthcare, national security, and the public sector.
We are seeking a Senior Security Control Assessor tojoin our teamof experts tasked with securing the critical networks and systems our clients depend on.
Responsibilities
Provide expertise in and perform actions related to:
Assessment and Accreditation
Risk Management
Reviewing scan results
Audit log reviews
Vulnerability Management
Handling of Privacy-related and sensitive data
Advise and notify management (e.g., system owner, Chief Information Security Officer (CISO), Chief Information Officer [CIO], and/or Authorizing Official (AO)) on:
Risk levels and security posture
Changes affecting the organization’s cybersecurity posture
Impact levels for Confidentiality, Integrity, and Availability for the information on a system.
Conduct interviews
Facilitate small group discussions
Answer questions in a clear and concise manner.
Ask clarifying questions and accurately capture responses.
Test and/or observe system operations to validate implementation statements in provided artifacts or the result of interviews
Analyze test data.
Collect, verify, and validate test data.
Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
Prepare and present briefings
Produce technical documentation.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Assess security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
Understand security controls and how they are applied
Assess the effectiveness of security controls
Conduct tests that include verification that the features and assurances required for each protection level are functional.
Assess the configuration management (change configuration/release management) processes.
Assess changes in the system, its environment, and operational needs that could affect the accreditation.
Assess information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
Assess security systems designs.
Assist client and team with responses to data calls and audits
Assist with the preparation of accreditation packages
Collect and maintain data needed to meet assessment reporting
Conduct application vulnerability assessments.
Conduct periodic testing of the security posture of the information system.
Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
Understand how a security system should work (including itsresilienceand dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
Develop, review, endorse, and recommend action for both the Risk Executive and Authorizing Official.
Discern the protection needs (i.e., security controls) of information systems and networks.
Ensure plans of actions and milestones or remediation plans are in place for findings and vulnerabiliti…
