Youth Enrichment Services
Join to apply for the
Security Control Assessor (SCA)
role at
Youth Enrichment Services 2 days ago Be among the first 25 applicants Join to apply for the
Security Control Assessor (SCA)
role at
Youth Enrichment Services Description Bizzell US is seeking an experienced
Security Control Assessor (SCA)
to lead security assessment activities for FOH systems and applications. The SCA will conduct testing, prepare Authority to Operate (ATO) documentation, and coordinate directly with the HHS Office of the Chief Information Officer (OCIO) and Information System Security Officers (ISSOs) to ensure systems meet all federal and HHS cybersecurity standards. This role is critical in ensuring secure deployment and ongoing compliance of FOHs information systems. Key Responsibilities Security Assessments & Testing
Conduct comprehensive Security Control Assessments (SCAs) for GOTS and custom applications. Validate the implementation and effectiveness of NIST SP 800-53 controls and FIPS-199 categorizations. Perform technical testing as outlined in SCA Test Plans, including vulnerability scans, penetration testing (as required), and security documentation review.
ATO Documentation & Reporting Develop and maintain all required artifacts for ATO submissions, including:
Security Assessment Plan (SAP) Security Assessment Report (SAR) POA&M (Plan of Action and Milestones) Risk Assessment Reports
Ensure deliverables comply with HHS policy and templates provided by the OS Compliance Management Team.
Stakeholder Coordination Collaborate with HHS OCIO, ISSOs, system owners, developers, and infrastructure teams to collect evidence and address control gaps. Coordinate and schedule assessments, walkthroughs, and evidence reviews. Participate in security briefings, data calls, and ATO working sessions.
Policy Alignment & Quality Control Ensure alignment with federal cybersecurity standards such as NIST 800-37, 800-53, FISMA, and HHS security policies. Maintain a thorough understanding of evolving compliance requirements and best practices. Support continuous monitoring efforts and provide recommendations for improvement based on control effectiveness reviews.
Requirements Required Qualifications
Bachelors degree in Cybersecurity, Information Systems, or related field. 5+ years of experience conducting SCAs or working in a security compliance role. Strong knowledge of NIST Risk Management Framework (RMF), ATO process, and federal IT security controls. Experience developing ATO documentation and interfacing with federal security leads. Proficient with vulnerability assessment tools (e.g., Nessus, Tenable) and documentation platforms.
Preferred Qualifications
Active CISSP, CISA, CAP, or similar cybersecurity certification. Prior experience supporting HHS or other federal health agencies. Experience using ServiceNow GRC or similar governance tools. Familiarity with GOTS systems and HHS OS Compliance Management SharePoint structure.
Work Environment
Hybrid work with some on-site presence in Rockville, MD. Must be available for security briefings, document walkthroughs, and audit prep activities during core business hours (EST).
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Other, Information Technology, and Management
Industries
Non-profit Organizations
#J-18808-Ljbffr
Security Control Assessor (SCA)
role at
Youth Enrichment Services 2 days ago Be among the first 25 applicants Join to apply for the
Security Control Assessor (SCA)
role at
Youth Enrichment Services Description Bizzell US is seeking an experienced
Security Control Assessor (SCA)
to lead security assessment activities for FOH systems and applications. The SCA will conduct testing, prepare Authority to Operate (ATO) documentation, and coordinate directly with the HHS Office of the Chief Information Officer (OCIO) and Information System Security Officers (ISSOs) to ensure systems meet all federal and HHS cybersecurity standards. This role is critical in ensuring secure deployment and ongoing compliance of FOHs information systems. Key Responsibilities Security Assessments & Testing
Conduct comprehensive Security Control Assessments (SCAs) for GOTS and custom applications. Validate the implementation and effectiveness of NIST SP 800-53 controls and FIPS-199 categorizations. Perform technical testing as outlined in SCA Test Plans, including vulnerability scans, penetration testing (as required), and security documentation review.
ATO Documentation & Reporting Develop and maintain all required artifacts for ATO submissions, including:
Security Assessment Plan (SAP) Security Assessment Report (SAR) POA&M (Plan of Action and Milestones) Risk Assessment Reports
Ensure deliverables comply with HHS policy and templates provided by the OS Compliance Management Team.
Stakeholder Coordination Collaborate with HHS OCIO, ISSOs, system owners, developers, and infrastructure teams to collect evidence and address control gaps. Coordinate and schedule assessments, walkthroughs, and evidence reviews. Participate in security briefings, data calls, and ATO working sessions.
Policy Alignment & Quality Control Ensure alignment with federal cybersecurity standards such as NIST 800-37, 800-53, FISMA, and HHS security policies. Maintain a thorough understanding of evolving compliance requirements and best practices. Support continuous monitoring efforts and provide recommendations for improvement based on control effectiveness reviews.
Requirements Required Qualifications
Bachelors degree in Cybersecurity, Information Systems, or related field. 5+ years of experience conducting SCAs or working in a security compliance role. Strong knowledge of NIST Risk Management Framework (RMF), ATO process, and federal IT security controls. Experience developing ATO documentation and interfacing with federal security leads. Proficient with vulnerability assessment tools (e.g., Nessus, Tenable) and documentation platforms.
Preferred Qualifications
Active CISSP, CISA, CAP, or similar cybersecurity certification. Prior experience supporting HHS or other federal health agencies. Experience using ServiceNow GRC or similar governance tools. Familiarity with GOTS systems and HHS OS Compliance Management SharePoint structure.
Work Environment
Hybrid work with some on-site presence in Rockville, MD. Must be available for security briefings, document walkthroughs, and audit prep activities during core business hours (EST).
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Other, Information Technology, and Management
Industries
Non-profit Organizations
#J-18808-Ljbffr