Security Controls Assessor

Zachary Piper Solutions is currently looking for a Security Controls Assessor to work for a government consulting company located in Washington, DC (Remote) . The Security Controls Assessor will assist clients as they migrate systems from on-prem to the cloud. Responsibilities for the Security Controls Assessor include: • Preparing and updating various security documentation such as SSPs, POA&Ms, Risk assessments, PIAs, and more • Develop, improve on, and review ATO documents • Review relevant policies, schedule activities, and provide recommendations for courses of action • Assist with process of application in a variety of cloud computing environments Required Qualifications for the Security Controls Assessor include: • Must have an Active Secret Clearance or TS Clearance • 3-5+ years of experience with assessments focused around controls and risk management frameworks • Hands-on experience with FedRAMP and reviewing/executing Security Policy Documentation • Experience with POA&Ms, SSP's, SOP's, Contingency Plans, Incident Response Plans, etc. • Preferred Certifications: CISSP Compensation for the Security Controls Assessor includes: •$130,000-$150,000 Based on experience • Full Benefits Keywords: RMF, NIST, FedRAMP, DISA Cloud Computing Security Requirements Guide, DISA CC SRG, FISMA, ISO, HIPAA, COBIT, HITECH, CISM, CISSP, NIST,800-53 rev. 3, 800-53 rev. 4, 800-37, Security+, CAP, CISA, contingency plans, security assessment plans, SCA, security control assessment, system security plan, SSP, incident response plan, vulnerabilities, vulnerability management, POA&M, plan of action and milestones, artifact, nessus, retina, ACAS, PKI, continuous monitoring, consulting, SA&A, A&A, C&A, certification, accreditation, information assurance, information security, Virginia, Washington DC, DC, D.C., district of columbia, remote, Maryland, level I, level 1, level ii, level 2, security+, comptia, sec+, security plus, security +, sec +, security+ce, cissp, casp+, casp +, cysa, cysa+, ccna, ccnp, ccna security, ccnasecurity, gicsp, gsec, cnd, sscp, ccnpsecurity, ccnp security, casp+ce, cisa, gced, gcih, ccsp, iat, iat II, iat 2, iat two, iat level 2, iat level two, iat level ii, cloud based, cloud-based, RMF lifecycle, RMFlifecycle, National institute for science and technology, NIST 800, red-ramp, Nist 800-53 Rev.5, risk management framework, AWS, Azure, ISO 27000, ISSO, ISSM, ISSE, information system security officer, information systems security officer, cyber security, cyber security specialist, izo, ize, izm, systems, on-prem, rev 4, rev 5, rev4, rev5, policy security, policy cyber security, security frameworks, enterprise system, enterprise systems, amazon web services, AODR, hybrid, Secret, secret clearance, TS, top secret, clearance, cloud one, cloud 1, ATO package, portfolio management, cloud system, cloud systems, cloud-system, cloud-systems, cyber team, security assessor, risk assessor, controls assessor, risk management assessor, risk framework assessor, assessment, assessments, security assessments