NavitsPartners
Senior Control Assessment Analyst - ITAJS
NavitsPartners, Washington, District of Columbia, us, 20022
Job Title:
Senior Control Assessment Analyst Location:
Washington, DC Type:
Contract Job Description:
We are seeking a skilled Senior Control Assessment Analyst to support a high-impact cybersecurity program aligned with the NIST Risk Management Framework (RMF). The analyst will be responsible for developing control assessment methodologies, maintaining schedules, and executing security and privacy control assessments for newly developed, acquired, and ongoing information systems. Responsibilities: Assessment Methodology Development Create tailored control assessment approaches for SaaS solutions and external organizations lacking FedRAMP authorization. Align assessment methodologies with FISMA, OMB, and NIST standards (including NIST SP 800-37, SP 800-53A, and SP 800-171A). Ensure methodologies enable efficient, risk-based authorization decisions. Planning and Scheduling Develop and maintain a real-time Master Assessment Schedule. Adjust for prioritization changes, delays, and resource shifts to provide accurate timelines for assessments. Control Tailoring and Overlays Review and update control overlays for categories such as web applications and FedRAMP-authorized SaaS platforms. Control Assessment Plans (CAPs) Review artifacts such as FIPS-199 Memos, SSPPs, and Contingency Plans. Develop CAPs outlining: Methodologies and assessment scope Assessment team members and stakeholders Control baselines and procedures Timelines, dependencies, and access requirements
Control Assessments Execution Ensure assessor independence and objectivity. Conduct technical, operational, and management control assessments. Validate control inheritance and overlays. Document results, supporting evidence, and evaluation outcomes. Reporting and Authorization Support Prepare Control Assessment Reports (CARs) detailing findings, associated risks, and recommended remediations. Support authorization briefings and issue resolution with stakeholders. Conduct post-authorization assessments for production deployment validation. Security Impact Analysis (SIA) Perform impact analysis for system changes. Identify affected controls and assessment procedures. Ongoing Control Monitoring Assess a selected subset of controls per the continuous monitoring strategy. Produce an annual summary report highlighting risks, trends, and recommendations. Qualifications: Minimum 5 years of experience in control assessments and A&A support in compliance with NIST frameworks. Proven experience with: NIST SP 800-53 (Rev. 5 or newer) Assessment planning, execution, and risk evaluation Developing and maintaining POA&Ms Inventory management of information systems
Strong ability to brief stakeholders on findings, risks, and remediations. Preferred Certifications: CISSP
- Certified Information Systems Security Professional CAP
- Certified Authorization Professional (preferred)
Senior Control Assessment Analyst Location:
Washington, DC Type:
Contract Job Description:
We are seeking a skilled Senior Control Assessment Analyst to support a high-impact cybersecurity program aligned with the NIST Risk Management Framework (RMF). The analyst will be responsible for developing control assessment methodologies, maintaining schedules, and executing security and privacy control assessments for newly developed, acquired, and ongoing information systems. Responsibilities: Assessment Methodology Development Create tailored control assessment approaches for SaaS solutions and external organizations lacking FedRAMP authorization. Align assessment methodologies with FISMA, OMB, and NIST standards (including NIST SP 800-37, SP 800-53A, and SP 800-171A). Ensure methodologies enable efficient, risk-based authorization decisions. Planning and Scheduling Develop and maintain a real-time Master Assessment Schedule. Adjust for prioritization changes, delays, and resource shifts to provide accurate timelines for assessments. Control Tailoring and Overlays Review and update control overlays for categories such as web applications and FedRAMP-authorized SaaS platforms. Control Assessment Plans (CAPs) Review artifacts such as FIPS-199 Memos, SSPPs, and Contingency Plans. Develop CAPs outlining: Methodologies and assessment scope Assessment team members and stakeholders Control baselines and procedures Timelines, dependencies, and access requirements
Control Assessments Execution Ensure assessor independence and objectivity. Conduct technical, operational, and management control assessments. Validate control inheritance and overlays. Document results, supporting evidence, and evaluation outcomes. Reporting and Authorization Support Prepare Control Assessment Reports (CARs) detailing findings, associated risks, and recommended remediations. Support authorization briefings and issue resolution with stakeholders. Conduct post-authorization assessments for production deployment validation. Security Impact Analysis (SIA) Perform impact analysis for system changes. Identify affected controls and assessment procedures. Ongoing Control Monitoring Assess a selected subset of controls per the continuous monitoring strategy. Produce an annual summary report highlighting risks, trends, and recommendations. Qualifications: Minimum 5 years of experience in control assessments and A&A support in compliance with NIST frameworks. Proven experience with: NIST SP 800-53 (Rev. 5 or newer) Assessment planning, execution, and risk evaluation Developing and maintaining POA&Ms Inventory management of information systems
Strong ability to brief stakeholders on findings, risks, and remediations. Preferred Certifications: CISSP
- Certified Information Systems Security Professional CAP
- Certified Authorization Professional (preferred)