Security Controls Assessor - Part time & Remote

Emploi pas sur LinkedIn

🕒 il y a 9 mois

Postuler Maintenant

Trouver des Emplois à Distance Similaires

Recevoir des emails pour des emplois à distance

📊 Vérifiez votre score de CV pour ce poste

Améliorez vos chances d'obtenir un entretien en vérifiant votre score de CV avant de postuler.

Télécharger le CV

TestPros, Inc.

Site WebLinkedInTous les Emplois

51 - 200 employés

Fondée en 1988

📋 Conformité

🔒 Cybersecurity

Compliance • Cybersecurity • Consulting

TestPros, Inc. est une entreprise établie en 1988, fournissant des services d'évaluations indépendantes, de tests et de conseils afin de répondre aux besoins en technologies de l'information des clients fédéraux et commerciaux. Elle est spécialisée dans la conformité, la cybersécurité, l'accessibilité et les tests logiciels, offrant des services tels que des solutions d'accessibilité numérique, la vérification et la validation, des évaluations informatiques et des consultations en conformité. TestPros est reconnue par une clientèle diversifiée, desservant des secteurs tels que la santé, le gouvernement et la finance, garantissant que ses services respectent des normes industrielles rigoureuses. Elle a obtenu de nombreux contrats gouvernementaux et s'engage à améliorer l'assurance qualité et l'excellence opérationnelle pour ses clients.

Description

• Develop NIST 800-53 Rev5 based System Security Plan (SSP). • Create/Update the applicable documents identified by NIST 800-53 Rev 5, specifically the Security Assessment Report (SAR). • Create/Update the associated Plan of Actions and Milestones (POA&M). • Provide detailed security-related reports including data, analyses, and conclusions upon completion of tests, scans, and assessments, including mitigations and, if indicated, appropriate escalation of identified risks and vulnerabilities. • Verify and document the implementation of security controls necessary to achieve compliance. • Keep management apprised of impending areas of concern, verbally and in writing. • Review and develop System Security Plans (SSPs), Plans of Actions and Milestones (POA&Ms), and as well as other necessary artifacts. • Facilitate the Plan of Actions and Milestones (POA&M) program to ensure customer systems have accurately and fully provided information for POA&M activities to include valid remediation of findings. • Develop various policy documents (SOPs/CONOPs) as required. • This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments. • Develop new, and mature existing information security and risk policies. • Initiate, and lead on-going information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture. • Produce and review key performance indicators for implemented security measures and distribute KPIs. • Maintain knowledge of threat landscape by monitoring threat intelligence, and other related sources.

🎯 Exigences

• 5+ years of directly related experience in IT security compliance, including recent experience with NIST 800-53 Rev 5 "Security and Privacy Controls for Federal Information Systems and Organizations" • Cloud computing security • Security governance and policy • Security risk analysis • Auditing and monitoring systems • Scanning and vulnerability management systems • Advanced Malware Protection • Threat Intelligence • Incident Management - analysis, detection, and handling of security events • Penetration testing and associated tools (e.g., nmap, Metasploit, etc.) • Bachelor's Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training, or work experience (preferred) • Military and/or practical job experience may be considered in-lieu of formal education, with significant industry certifications

🏖️ Avantages

• Competitive salary • Medical/dental/vision insurance • Life insurance • Paid time off • Paid holidays • 401(k) retirement plan with company match • Opportunities for professional growth • Cell phone discounts • Benefits are available to full-time employees