This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

The Department of Defense’s (DoW) Office of the Undersecretary of War for Research and Engineering (OUSW (R&E)) is at the forefront of supporting the DoW with the adoption of innovative technologies such as data, analytics, and artificial intelligence to help accelerate predictions, forecasts, and interpretations for both strategic and tactical decisions across the enterprise. The Security Control Assessor (SCA) plays a pivotal role in comprehensively understanding the cybersecurity posture of a given capability within OUSW (R&E). SCAs must go beyond a mere compliance focus on controls to articulate the inherent risks of systems.

Success in this position requires expertise in statutory guidance such as:

• NIST 800 series
• DoW 8500.01
• DoW 8140.03
• ISO 27001
• COBIT
• DoW RMF
• Operation Vulcan Logic (OVL)

The Senior SCA provides authoritative risk determinations and recommendations critical for the Authorizing Official (AO) to grant an Authority to Operate (ATO). Their assessments integrate technical rigor with regulatory compliance, ensuring a robust security posture and informing strategic decision-making.

Work Location: Full time remote. Candidates in the Washington DC Metropolitan preferred. Travel requirements will vary with location, however, expect approximately 10% to 25%.

Clearance: Top Secret with SCI eligibility

Qualifications

• Strong background in information security systems management (ISSM), risk management, and governance, risk and compliance (GRC).
• Strong client focus and commitment to continuous improvement.
• Ability to proactively network and establish relationships.
• Experience supporting and assessing risks within a CI/CD DevSecOps environment.
• Expansive knowledge with integrating IaaS, PaaS, and SaaS offerings into government cloud environments (e.g., AWS, AZURE & GCP).
• Experience assessing STIGs, Cloud Compliance Guides, and System Mission Owner responsibilities within Government Cloud Environments.
• Expert understanding of NIST 800 series guidelines, DoW 8500.01, DoW 8140.03, ISO 27001, COBIT, DoW RMF, OVL, and current cybersecurity best practices.
• Excellent communication/presentation skills briefing senior military and government civilian leadership.
• Experienced with writing policies, guides, procedures.
• Experience in hands-on with eMASS, Xacta and/or other GRC tools.
• Experience with Federal and FedRamp A&A Processes.
• Experienced and comfortable advising at the Senior Executive Service (SES) level of customers.

Requirements

• Must have an active Top-Secret Clearance SCI eligible.
• Bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 10 years of related experience).
• At least 10+ years of cybersecurity experience including a senior technical or management role; Project or Program Management experience a plus.
• At least one IAT/IAM or equivalent security certifications (e.g., CISSP, CCSP, CISM, CISA, or CASP).

Company Description

We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.