Apex Systems is looking for a Security Controls Assessor Team Lead
to support our client in the Baltimore, Maryland area.
- Manage and approve Accreditation Packages (e.g., ISO/IEC 15026-2).
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
- Verify and update security documentation reflecting the application/system security design features.
- Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
- Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
- Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- Assess the effectiveness of security controls.
- Assess all the configuration management (change configuration/release management) processes.
- Establish acceptable limits for the software application, network, or system.
- Manage Accreditation Packages (e.g., ISO/IEC 15026-2).
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of cybersecurity and privacy principles.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of specific operational impacts of cybersecurity lapses.
- Knowledge of authentication, authorization, and access control methods.
Bachelor's degree in a computer-related field
* Three years of experience in either/or/combined:
Min. Citizenship Status Required
- A role performing IT Audits or evaluating the effectiveness of security control design and operation
- A role managing and documenting security controls on servers, networks, security apparatus, or IoT/OT devices.
: Baltimore, MD area or Remote (but must be Eastern Standard Time Zone)
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or