ArlingtonVARecruiter Since 2001
the smart solution for Arlington jobs

Security Control Assessor/Auditor/Risk Assessor

Company: NTT DATA, Inc.
Location: Arlington
Posted on: November 22, 2022

Job Description:


Req ID:218269

NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Security Control Assessor/Auditor/Risk Assessor to join our team in Arlington, Virginia (US-VA), United States (US).
NTT seeks to hire an individual to provide information security Assessment and Authorization (A&A) support to Contractor and Government facilities processing information. The incumbent will enhance the Information System (IS) security awareness of system owners, PMO's, directorates and the Cybersecurity Services Section. Ensure that proper IS security resources are appropriately applied, and act as an IS liaison between the CISO/CIO and System owners, PMO's and various offices.



This role is responsible for coordinating with both the Cybersecurity Services Section and othersections or divisions. Other sections include, but are not limited to, IT Operations, Engineering & Integration, and Software Operations. Other divisions include, but are not limited to, the Office of Investigative Technology. The contractor shall employ a mixture of technical and non-technicalpersonnel for this role.



Job Duties:


  • Analyzes IT system functionality and integration with management processes, structure, culture, and performance.
  • Conducts cybersecurity analysis using qualitative and quantitative tools and techniques to assess the effectiveness of the network, system, or application's security posture.
  • Provides coaching, workshops, or training regarding the DEA SPAA process and associated sub-processes.
  • Perform aspects of the NIST six-step Risk Management Framework and ongoing information system authorization through continuous monitoring processes.
  • Provide the technical expertise and judgement for security control validation of system-specific, hybrid, and common controls to determine the extent to which the controls are implemented correctly operating, operating as intended, and producing the desire outcome with respect to meeting the security requirements for the information system.
  • Provide the technical expertise and judgment to validate the security controls employed within or inherited by the information system using assessment procedures and provide specific recommendations on how to correct weaknesses or deficiencies in the controls and reduce or eliminate identified vulnerabilities.
  • Provide the technical expertise and judgment to determine the security impact of proposed or actual changes to the information system and its environment of operation to determine the extent to which proposed or actual changes may affect the security control(s) currently in place, produce new vulnerabilities in the system, or generate new requirements for new security controls no needed previously.
  • Coordinate with other subject matter experts, such as the enterprise architect, to assess impacts to proposed changes and provide recommendations to senior management.
  • Provide the technical expertise and judgment to deliver the results of the security control validation documented in the security assessment report at a level of detail appropriate for the assessment in accordance with the reporting format prescribed by organizational and/or federal policies, including recommendations for correcting any weaknesses or deficiencies in the controls.



    • Provide the technical expertise and judgement to validate the security controls employed within or inherited by the information system, after the initial authorization on an ongoing basis.
    • Demonstrated experience developing tailored artifact request lists that serve as evidence for assessments.
    • Demonstrated experience reviewing and integrating vulnerability scan results into consolidated findings reports.
    • Proven success with developing executive level findings briefings and communicating/defending assessment results and progress to internal and external stakeholders.
    • Ability to prioritize tasks to support assessments on multiple boundaries at a given time.
    • Ability to present IT security risks to executive management.
    • Perform A&A activities to include coordinating with stakeholders; developing/reviewing documentation; and identifying, documenting, communicating assessment results.
    • Documentation to be developed includes Security Assessment Plans and Security Assessment Reports.
    • Documentation to be reviewed includes, but is not limited to, System Development Lifecycle documentation, network topology diagrams, System Security Plans and other documents that comprise existing A&A packages, audit logs, system configurations, as well as policies, procedures, and processes related to NIST 800 series security controls.




      Basic Qualifications:


      • BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related disciplineor
      • Minimum three (3) years of relevant experience accomplishing risk management objectives using the NIST Risk Management Framework; evaluating the security posture of IT systems in accordance with national, Department of Justice, DEA security policies or other government agency (e.g., NIST and Committee on National Security Systems)
      • Experience working within an IT environment holding positions such as: system administrator, network administrator, Software assessor, database administrator
      • Active Secret security clearance; ability to obtain Top Secret, if requested




        Preferred Qualifications:


        • Technical understanding of emerging technologies and their implementation within Government system and network environments.
        • Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, satellite control systems, and information processing systems.
        • Technical understanding of information technology systems, software, and networks
        • Knowledge of and experience withICD 503, NIST 800series and the Government's certification and accreditation process.
        • Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, satellite control systems, and information processing systems
        • In-Depth Technical understanding of information technology systems, software, and networks.
        • Perform Risk Management Framework (RMF) Step 4 Security Control Assessments within the context of and with a demonstrated understanding of all stages of the NIST RMF framework.
        • Assess systems of varying scope and complexity and comprised of various components and subsystems, while working on multiple assessments simultaneously.
        • In depth knowledge and experience applying the National Institute of Standards and Technology (NIST) Special Publications and FIPS as a framework for conducting A&A activities on federal IT systems.
        • Demonstrated experience with creating, revising, and reviewing System Security Plans (SSP), Security Assessment Plans (SAP), Plan of Action & Milestones (POA&M), Security Assessment Reports (SAR) for low, moderate, and high systems.
          Understanding security controls within network systems to identify vulnerabilities
          Analysis of management, operations, and technical security controls.
          Understanding of Risk Management Frameworks
          Analysis of the security of new or existing computer applications & software
          Understanding of secure software testing and validation procedures
          Perform risk analysis whenever an application or system undergoes a major or minor change
          Preferred Certifications: Security +, CCNA, CISSP, CISA, CSQA, CMSQ, CISM




          Additional NIST work role alignments include:


          • Security Architect, NIST: SP-ARC-002
          • Systems Security Analyst, NIST: OM-AN-001
          • Information Systems Security Manager, NIST:OV-MG-001
          • Information Systems Security Developer, NIST:SP-SYS-001
          • IT Project Manager, NIST:OV-PMA-002




            Candidates for this position will be required to adhere to NTT DATA's and its clients' COVID-19 health and safety protocols. NTT DATA is committed to complying with the Safer Federal Workforce Task Force COVID-19 Workplace Safety Guidance for Federal Contractors and Subcontractors to the extent it is enforced by the federal government or any of its clients. If this position becomes subject to a COVID-19 vaccination mandate based on applicable law or client requirement, candidates will be required to become fully vaccinated as defined by NTT DATA or be approved for an exemption in accordance with applicable law.


            About NTT DATA Services

            NTT DATA Services is a global business and IT services provider specializing in digital, cloud and automation across a comprehensive portfolio of consulting, applications, infrastructure and business process services. We are part of the NTT family of companies, a partner to 85 % of the Fortune 100.

            NTT DATA Services is an equal opportunity employer and considers all applicants without regarding to race, color, religion, citizenship, national origin, ancestry, age, sex, sexual orientation, gender identity, genetic information, physical or mental disability, veteran or marital status, or any other characteristic protected by law. We are committed to creating a diverse and inclusive environment for all employees. If you need assistance or an accommodation due to a disability, please inform your recruiter so that we may connect you with the appropriate team.




            Nearest Major Market: Arlington Virginia


            Nearest Secondary Market: Washington DC




            Job Segment:
            Cloud, Developer, DBA, Testing, Network Administrator, Technology



Keywords: NTT DATA, Inc., Arlington , Security Control Assessor/Auditor/Risk Assessor, Other , Arlington, Virginia

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Virginia jobs by following @recnetVA on Twitter!

Arlington RSS job feeds