SCA Assessor (0011)

SCA Assessor (0011)

OCT Consulting, LLC is an SBA-certified, 8(a) small business management and technology consulting firm that provides support to Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.

Responsibilities and Duties

OCT Consulting currently has an opening for an experienced SCA Assessor to support a Federal government client. The responsibilities for the SCA Assessor include:

• Responsible for conducting Authorization & Assessments (A&As) of government systems on premise or in the Cloud.
• Lead Security Assessments on low, moderate, and high information systems as part of an active third-party assessment organization in accordance with National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
• Plan and lead pre assessment kickoff meetings
• Develop Authorizing Official briefs and lead the post assessment brief for the Authorizing Official
• Maintain familiarity with federal GRC tool for system assessments
• Prepare and update various security documentation such as Systems Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), Risk Assessments, Private Impact Assessments (PIAs), and more
• Prepare Security Assessment Plans (SAPs) to document test and assessment procedures
• Ability to review and edit Pen Testing report
• Provide communication strategy to include how each assessment will be maintained to reassess any schedule changes
• Conduct custom interviews based on initial analysis of the systems’ security plan to assess compliance with security controls
• Conduct system specific reviews and assessments of applicable controls at each site to be assessed, including remote assessments (if applicable)
• Conduct Federal Information Security Modernization Act (FISMA) systems Continuous Monitoring implementation and assessment
• Validate inventory for annual FISMA systems’ assessments
• Gather and analyze sufficient artifacts to verify technical control implementation against agency security policies
• Conduct Vulnerability and Compliance Assessments as a part of an annual FISMA systems assessment
• Establish the schedule and resources for the Vulnerability and Compliance Assessment
• Conduct verbal discussions and meeting to address the Vulnerability and Compliance Assessment effort and progress
• Review relevant policies, schedule activities, and provide recommendations for courses of action
• Complete comprehensive test plans for identified security controls following National Institute of Standards and Technology (NIST 800-53), Federal Risk and Authorization Management Program (FedRAMP) guidance, and/or agency-specific guidance
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence).
• Produce complete, accurate, and timely findings reports
• Develop documents and document templates
• Promote an environment of continuous process improvement, learning and team collaboration

Requirements

Qualifications and Skills

A competitive candidate will possess the following:

• Five (5) or more years of experience in the following areas:
• Cybersecurity procedures, and processes, including RMF and NIST 800-53, FISMA, FedRAMP, and A&As
• Ability to serve the role of a project manager to provide clear leadership, technical direction, and guidance to contractor personnel by exhibiting excellent oral and written communication skills
• Three (3) to five (5) years of demonstrated experience leading and managing assessments projects with the ability to multi-task, prioritize and work towards strict deadlines
• Familiarity with federal GRC tools, CSAM preferred
• High level of demonstrable knowledgeable with information security and assurance principles and associated supporting technologies
• Flexibility to adapt to contingencies resulting from changes or modifications to the schedule and assessment requirements
• Ability to lead meetings, present results, and share projects with management and stakeholders
• Excellent customer service and organization skills as a functioning senior member of the team to develop work products, facilitate and lead meetings, and contribute project statuses in senior level and stakeholder briefings
• Experience in presenting control requirements and deficiencies to both technical and non-technical audiences
• Ability to act as a liaison between client and assessment team

Education and Certifications

• Must possess a bachelor’s degree in a related field
• One or more of the following certifications preferred:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• GIAC Security Leadership (GSLC)
• Must be a US Citizen
• Must be able to obtain and retain an Public Trust clearance

Benefits

Salary Range: $120,000- 150,000 to commensurate with education, experience, etc.

Benefits

The position includes competitive compensation and a full suite of benefits:

• Medical, Dental, and Vision insurance
• Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions.
• Paid Time Off
• Life Insurance, Short- and Long-Term disability benefits
• Training Benefits

About OCT

OCT Consulting is a certified SBA 8(a), minority owned, small, disadvantaged business providing professional services and information technology solutions to the federal government and commercial clients. Founded in 2013, we bring the advantage of agility in operations along with a management team with a track record of leading successful engagements at major federal government agencies.

OCT is committed to a diverse and inclusive workplace. OCT is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.