×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant

Security Control Assessor

Job in Washington, District of Columbia, 20022, USA
Listing for: Customer Value Partners
Full Time position
Listed on 2026-01-27
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

Overview

CVP is an award-winning healthcare and next-gen technology consulting firm recognized for excellence and innovation in the solutions we have provided our clients across healthcare, national security, and the public sector.

We are seeking a Security Control Assessor to join our team of experts tasked with securing the critical networks and systems our clients depend on.

Responsibilities
  • Provide expertise in and perform actions related to:
    • Assessment and Accreditation
    • Risk Management
    • Reviewing scan results
    • Audit log reviews
    • Vulnerability Management
    • Handling of Privacy-related and sensitive data
  • Advise and notify management (e.g., system owner, Chief Information Security Officer, (CISO), Chief Information Officer [CIO], and/or Authorizing Official (AO)) on:
    • Risk levels and security posture
    • Changes affecting the organization’s cybersecurity posture
    • Impact levels for Confidentiality, Integrity, and Availability for the information on a system.
  • Conduct interviews
    • Facilitate small group discussions
    • Answer questions in a clear and concise manner.
    • Ask clarifying questions and accurately capture responses.
  • Test and/or observe system operations to validate implementation statements in provided artifacts or the result of interviews
    • Analyze test data.
    • Collect, verify, and validate test data.
  • Communicate complex information, concepts, or ideas in a confident and well‑organized manner through verbal, written, and/or visual means.
    • Prepare and present briefings
    • Produce technical documentation.
  • Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non‑repudiation).
  • Assess security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800‑53, Cybersecurity Framework, etc.).
    • Understand security controls and how they are applied
    • Assess the effectiveness of security controls
    • Conduct tests that include verification that the features and assurances required for each protection level are functional.
  • Assess the configuration management (change configuration/release management) processes.
  • Assess changes in the system, its environment, and operational needs that could affect the accreditation.
  • Assess information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
  • Assess security systems designs.
  • Assist client and team with responses to data calls and audits
  • Assist with the preparation of accreditation packages
  • Collect and maintain data needed to meet assessment reporting
  • Conduct application vulnerability assessments.
  • Conduct periodic testing of the security posture of the information system.
  • Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
  • Understand how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
  • Develop, review, endorse, and recommend action for both the Risk Executive and Authorizing Official.
  • Discern the protection needs (i.e., security controls) of information systems and networks.
  • Ensure plans of actions and milestones or remediation plans are in place for findings and vulnerabilities identified during risk assessments, audits, inspections, etc.
  • Ensure security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
  • Ensure security improvement actions are evaluated, validated, and implemented as required.
  • Exercise judgment when policies are not well‑defined.
  • Experience demonstrating strong analytical, troubleshooting and problem‑solving skills for security information and event management
  • Identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
  • Identify measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search