
Security Control Assessor at ECS. Location Information: Work from home, VA. . ECS is seeking a . Security Control Assessor. . to work . Remotely.. . . . Salary Range: 90,000-110,000. . General Description of Benefits. . . . . . . Strong written and verbal communication skills. . . . . Strong communication ability across all levels of management. . . . . Experience in planning assessments and a collaborative member with a team of security control assessors . . . . Three (3) years’ experience supporting security assessment teams is required. . . . . Experience in presenting control requirements and deficiencies to both technical and non-technical audiences. . . . . Experience performing detailed, full-scope technical security control testing for each of the component types, including development of security and privacy assessment plans is required. . . . . Ability to analyze information system configurations and technical specifications against NIST SP 800-53 and other overlays . . . . Possesses a strong understanding of the NIST Special Publication 800-53 security and privacy controls, the NIST Cybersecurity Framework and other information security and privacy laws and regulations. . . . . Experience with development and writing of risk-based documentation. . . Experience with Power automate, Power BI, & Microsoft Project Online.. . . Qualifications. . . Experience performing Certification and Accreditation (C&A) activities, including risk assessments, Security Plans, Security Controls Assessments (SCA), Certification and Accreditation documents. . . . . Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. . . . . Experience with cloud technology offerings from AWS and Azure and assessing systems hosted within those environments. . . . . Experience performing assessment in accordance with the policies, procedures, and standards of the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the OCC. . . . Certifications/Licenses:. . . . Bachelor’s degree or higher in Computer Science’s, MIS/IT, Engineering, Information Security/IA, or related discipline to work requirement . . . . Five (5) or more years of Information Security experience required. . . . . Two (2) years of experience with the use of eGRC tools. . . . . One of the following certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Risk and Information Systems Control (CRISC), or Certified Information Security Auditor (CISA). . . . . . . .