Security Control Assessor/ It Auditor
Current● Reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are included in the system security package. ● Ensure Implementation of appropriate security control for Information System based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199. ● Review and update remediation on (POAMs), in organization's Cyber Security Assessment and Management (CSAM) system. Work with system administrators to resolve POAMs, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M. ● Perform vulnerability and baseline scans, using tools such as Tenable Nessus, CIS-CAT, Retina Vulnerability scanner, analysis scan results and document findings in POA&M. ● Collaborate with system administrators to remediate (POA&Ms) findings. Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization's continuous monitoring Plan. ● Monitor controls post authorization to ensure continuous compliance with the security requirements. ● Identify new, maintain and disposal of information system inventory in accordance with established policies and procedures, ensure accurate configuration management and property accountability. ● Modify and maintain procedures, operational process document, change control document, operational checklist, detailed system specifications and procedures. ● Conducted security assessment interviews to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.