Zero Trust Senior Assessor; Auditor

4 days ago Be among the first 25 applicants

Military Friendly & Preferred - Hoh Sponsor

Zermount Inc. is seeking a Zero Trust (ZT) Senior Assessor (Auditor) who will be responsible for the oversight, development, and execution of assessments of our client’s enterprise and systems to determine compliance with ZT principles. The ZT Senior Assessor will collaborate with cross-functional teams to identify principles that have been implemented correctly and gaps in zero trust principles / security controls to meet compliance with ZT requirements in accordance with CISA Maturity Model, Executive Orders (EOs) (e.g., EO 14028), OMB Mandates (OMB M’s) (e.g., OMB M 22-09, M 21-31, etc.)

and other Federal Requirements, and Department policies.

• Perform complex risk analyses which also include risk assessment to identify compliance with ZT, and security requirements based upon the analysis of people, processes, technologies, and requirements of all pillars in the CISA ZTA Maturity Model.
• Perform assessment and analysis of designs, architectures, configurations, and implementation of ZT principles and security capabilities.
• Provide recommendations, solutions, and capabilities to ensure the required ZT principles are implemented to meet the requirements of the ZT maturity model and requirements based on EO and OMB M.
• Review and analyze system, application, or network changes, upgrades and provide input and cybersecurity impacts. Conduct assessment of ZT architectural and configuration changes made by the O&M team(s).
• Conduct a ZT review and assessment of all existing cybersecurity and IT capabilities. Provide results and reports on:
  • Criteria for Zero Trust readiness and assessment results
• Conduct analysis to identify gaps in existing capabilities to meet compliance and target ZT maturity model level.
• Assist with reviewing and interpreting Executive Orders (EOs), OMB memos, Public Law (PL), DHS directives such as Binding Operational Directives (BODs), DHS Undersecretary Memos, NIST SPs, and recommended best practices and provide recommendations and potential solutions to meet requirements.
• Provide guidance and insights necessary for meeting requirements established through the OMB M’s or EO’s.
• Assist and support for all internal and external ZT data calls, requests, audits, compliance, and updates - ensuring accurate information and statuses are obtained and provided.
• Conduct assessments to determine the implementation of ZT principles across all pillars (identity, device, network, application and workload, and data) to assist the client in meeting the requirements set forth by EO 14028 and OMB M 22-09.
• Develop and execute assessments of existing security architecture and recommend enhancements using ZT principles and requirements.
• Provide responses and solutions for ZT related questions, concerns, and issues, providing guidance and strategic recommendations to leadership and other stakeholders, to ensure compliance with ZT, EO and OMB requirements.
• Collaborate with security engineers, architects, and other IT professionals to design, implement, and maintain ZTA capabilities, and ensure continuous compliance with ZT target maturity model level.
• Conduct periodic reviews and audits to ensure the proper function of ZT principles/capability implementations and adherence to regulatory requirements.
• Provide responses to ZT violations, assisting in the investigation and mitigation of weaknesses.
• Create detailed reports, and briefings outlining the results of ZT assessments, including areas of strength, areas of improvement, and recommendations for moving forward.
• Stay current with the latest developments in ZT methodologies and related cybersecurity trends.

• At least 5 years of experience in cybersecurity, information technology, or related field.
• Experience and Knowledge of ZT architecture, principles, methodologies, EO 14028, OMB M 22-09, Federal, DoD, and CISA Zero Trust Architecture, Maturity Model, Technical Reference Architectures, NIST, Cloud, and Risk Management Framework (RMF).
• Strong understanding of zero trust principles and how they can be applied…