The following states are excluded from this job ad: AK, CA, CO, CT, HI, MA, NJ, NY, OR, PR, VT, WA

Location: Remote

Position Description:

The Security Control Assessor supports security control assessments, development of assessment automation solutions, and security architecture analysis.

Minimum/General Experience: 5 years of experience providing Security Control Assessor (SCA) services

Minimum Education: Bachelors' Degree in computer science, electronics engineering, or related discipline or equivalent years of experience; Certified Analytics Professional (CAP), Certified Information Systems Security Professional (CISSP), and/or Certified Information Systems Auditor (CISA) certification (preferred)

Essential Skills/Qualifications:

• Expert knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Expert knowledge of the security controls in NIST SP 800-37
• Above average experience with cybersecurity policy, risk management, and threat mitigation
• Above average knowledge of system and application security threats and vulnerabilities
• Knowledge of Personally Identifiable Information (PII), Payment Card Industry (PCI), and Personal Health Information (PHI) data security standards
• Excellent written and verbal communication skills
• Excellent analytical and conceptual thinking skills
• Above average planning, organizational, and time management skills
• Ability to work collaboratively with a team of peers
• Experience with security control assessments within the VA using the NIST Risk Management Framework (RMF) (preferred)

Security: Ability to obtain/maintain a Federal Civilian Public Trust

• U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years

Federal Civilian Public Trust Consists of a review of up to but not limited to:

• Covers 5-10 year period and in some instances lifetime events
• OPM Security Investigations Index (SII)
• DOD Defense Central Investigations Index (DCII)
• National Agency Check (NAC) records
• FBI name check
• FBI fingerprint check
• Credit report check
• Written inquiries to previous employers and references listed on the application for employment
• Potential interviews with the subject, spouse, neighbors, supervisor, coworkers
• Law enforcement check
• Court records check
• Education check- Attendance and Degrees

Tasks/activities include, but are not limited to:

• Conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37)
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers)
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
• Provide input to the RMF process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials)

Oxley Enterprises®, Inc. is a certified service-disabled veteran-owned (SDVOSB), economic disadvantaged woman-owned (EDWOSB), Small Business Administration Certified 8(a), HUBZone and small disadvantaged business (SDB) that has over 22 years of experience building and delivering quality IT systems and programs. Oxley is ranked in the INC 5000 for 2016, 2017, 2018, and 2021; 2018 CIO Bulletin Top 30 Places to Work; and in Diversity Business' 2014 Top 500 Emerging Business; 2013 Top 500 Emerging Business, Top 100 Diversity Owned, and Top 50 VA Woman Owned. Oxley is a 2019, 2020, and 2021 Department of Labor HIRE Vets Medallion Award Winner. Oxley is Virginia Values Veterans certified.

Oxley Enterprises®, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.

If you require a reasonable accommodation to apply for a position at Oxley Enterprises, Inc., please send an email to our Human Resources Department at: careers@oxleyenterprises.com with the following information:

Subject Line: Accommodation Request

Provide a description of your accommodation request

Include your contact information: Full name, Email address, Best number to reach you (optional)

EEO is the Law https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf

Pay Transparency Nondiscrimination https://www.dol.gov/ofccp/pdf/pay-transp_English_unformattedESQA508c.pdf

We participate in the E-Verify program. http://www.dhs.gov/E-Verify