Sr. Security Control Assessor - Information Assurance Analyst (Onsite)

Sr. Security Control Assessor - Information Assurance Analyst (Onsite)

Our client, a leading Pacific Northwest utility provider committed to public service and environmental preservation, is looking for a Sr. Security Control Assessor – Information Assurance Analyst for their Vancouver, WA location. This position supports the OT Cybersecurity Engineering & Risk Management organization to ensure the agency’s Information Systems are operated and maintained as per Federal Information Security Management Act (FISMA) and Authorizing Official “Authority to Operate” (ATO) requirements. This position will perform work as outlined below to meet FISMA requirements through system assessments, design, implementation and documentation of information system security controls as defined by the National Institute of Standards and Technology (NIST).  The position requires demonstrated skills in applying cyber security and privacy principles across a wide portfolio of internal (on premise) and cloud-based IT systems. The work typically involves reviewing and developing implementation details for NIST control standards. The work will also require collaboratively working with privacy, cyber security, software development, and operations teams on the implementation and documentation of the control standards at the system level to ensure current or new systems achieve and maintain ATO.

This Onsite position is a one-year renewable contract that includes employee benefits! If this opportunity is well-aligned with your experience and goals, we would love to hear from you!


Key Responsibilities for Sr. Security Control Assessor – Information Assurance Analyst:

• Review and interpret cyber security and privacy policies & procedures, providing recommendations and action plans to the Manager and team leads.
• Analyze and report organizational and system security posture trends.
• Review and develop privacy impact assessments for information systems
• Develop organizational level implementation details of NIST security and privacy controls for information systems.
• Coordinate and communicate with cyber security and privacy organizations on the organizational level implementation details of NIST security and privacy controls for information systems to achieve consensus.
• Communicate verbally and in writing organizational cyber security policies, procedures and implementation details of NIST security and privacy controls for information system owners.
• Liaison with information system owners, system security managers, information system security officers and others on the implementation details for the NIST cyber security and privacy controls.
• Review and develop role-based access control baselines for information systems in accordance with cyber security policies.
• Verify and update security documentation reflecting the application/system security design features.
• Review information system implementation details for NIST cyber security and privacy controls.
• Monitor and report on the implementation of approved Plan of Action and Milestones (POAMs) as they relate to individual information system security plan and risk assessment deficiencies.
• Document information system security implementation details in the cyber security assessment and remediation tracking system.
• Review and evaluate the infrastructure protection program, including policies, guidelines, tools, methods, and technologies.
• Review and provide recommendations to information system owners, system security managers, information system security officers on information system designs to align with applicable cyber security and privacy policies and principles.
• Coordinate with and support information system operational teams on the implementation of information system designs, configurations, role-based access control, monitoring and auditing to align and comply with applicable cyber security and privacy policies.

Requirements/Qualifications for Sr. Security Control Assessor – Information Assurance Analyst:

• Bachelor’s degree in computer science, information technology, cyber security, or a related technical field is highly preferred.
  • 6 years of experience is required with an applicable bachelor’s degree. 
  • 8 years of experience is required with an applicable associate’s degree.
  • 10 years of experience is required without a degree or an applicable degree.
• Experience must include direct work experience conducting assessments of compliance and operational and technical security controls employed within or inherited by an Information System to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).
• Knowledge of cyber security and privacy principles and organizational requirements relevant to FISMA and information system confidentiality, availability, and integrity.
• Knowledge of Security Assessment and Authority to Operate (ATO) processes.
• Demonstrated skill in the application of cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Extensive Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Advanced Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Demonstrated skill in developing and documenting information system designs.
• Demonstrated technical writing and communication skills.
• Demonstrated ability to build consensus across a wide group of stakeholders.

**We are unable to accommodate corp. to corp. candidates**

About Motus Recruiting and Staffing, Inc:
Founded in 2006, Motus is an award-winning recruiting and staffing firm in the Pacific Northwest, specializing in professional services and technology solutions. We are a group of people who not only recognize the importance of representation, but actively fight for diversity, equity, and inclusion in the recruitment process. Our goal is to educate organizations on the importance of DEI when hiring, promoting, and supporting diverse employees. We are calling organizations to demonstrate their commitment to DEI by being intentional about who they hire.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.

ED/BH 13717
 Job ID: 13717