Security Control Assessor (Authorizing Official) Position Summary: As Security Control Assessor (Authorizing Official/AO) you will provide cybersecurity support to the National Geospatial-Intelligence Agency (NGA) in Springfield, VA. You will award authorization to operate (ATO) for systems and/or networks based on the determination of acceptable risk. Clearance Requirement:
Must have an active DoD Top Secret/SCI security clearance
Essential Functions and Responsibilities:
Manage and approve accreditation packages (e.g., ISO/IEC 15026- 2).
Establish acceptable limits for the software application, network, or system.
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
Manage accreditation packages (e.g., ISO/IEC 15026-2)
Required Education, Skills, and Experience:
Bachelor's degree in technical discipline from an accredited college or university
Certification Requirements:
Jr: Must be IAT Level II (Security+) compliant
Mid: Must have IAM Level II (CAP, CASP, CISM, CISSP, GSLC, CCISO, or HCISPP certification)
Sr.: Must be IAM Level III compliant (CISM, CISSP etc.) for Sr. role
Three (3) year of full-time professional experience in establishing, implementing, and tracking project plans (more experience required for sr. level openings).
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Knowledge of cybersecurity and privacy principles and tools.
Knowledge of Security the Risk Management Framework (RMF) and Assessment and Authorization process.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Ability to coordinate cyber operations with other organization functions or support activities.
Physical Demands and Expectations:
Regular physical activity to include walking, climbing stairs, bending, stooping, reaching, lifting (up to 15 pounds), and standing; occasional prolonged sitting
Ability to speak, read, hear and write, with or without assistance
Ability to use phone and computer systems, copier, fax and other office equipment
Must have an active DoD Top Secret/SCI security clearance
Essential Functions and Responsibilities:
Manage and approve accreditation packages (e.g., ISO/IEC 15026- 2).
Establish acceptable limits for the software application, network, or system.
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
Manage accreditation packages (e.g., ISO/IEC 15026-2)
Required Education, Skills, and Experience:
Bachelor's degree in technical discipline from an accredited college or university
Certification Requirements:
Jr: Must be IAT Level II (Security+) compliant
Mid: Must have IAM Level II (CAP, CASP, CISM, CISSP, GSLC, CCISO, or HCISPP certification)
Sr.: Must be IAM Level III compliant (CISM, CISSP etc.) for Sr. role
Three (3) year of full-time professional experience in establishing, implementing, and tracking project plans (more experience required for sr. level openings).
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Knowledge of cybersecurity and privacy principles and tools.
Knowledge of Security the Risk Management Framework (RMF) and Assessment and Authorization process.
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Ability to coordinate cyber operations with other organization functions or support activities.
Physical Demands and Expectations:
Regular physical activity to include walking, climbing stairs, bending, stooping, reaching, lifting (up to 15 pounds), and standing; occasional prolonged sitting
Ability to speak, read, hear and write, with or without assistance
Ability to use phone and computer systems, copier, fax and other office equipment