Security Control Assessor (SCA) Professional– Level IV/Subject Matter Expert (SME)

• Review and assess information systems (IS) for compliance with IC, DoD, and ND guidelines
• Provide IS security advice and guidance to government and industry partners
• Advise Information System Owners (ISO) on confidentiality, integrity, and availability impact values
• Offer technical guidance for Authorization and Accreditation (A&A) responses
• Evaluate IS threats and vulnerabilities, recommending additional safeguards as needed
• Support development and implementation of NRO IT-IA-IM policies
• Contribute to future NRO IS security policy development
• Conduct site visits and assessments, prepare written reports for government approval
• Ensure completion of security control assessments for each IS
• Support RMF process-related presentations, briefings, and reports
• Utilize NRO's RMF system of record for workflow duties and documentation
• Track and report on RMF process workflow activities and metrics
• Prepare Security Assessment Reports (SARs) and Authorization Recommendations
• Collaborate on Plans of Action and Milestones (POAMs) based on assessment findings
• Review and approve IS Security Assessment Plans
• Address security issues as requested by the government
• Support A&A for special programs and tactical operations
• Conduct reviews and write reports for ISAP or TISSRs
• Verify proper implementation and documentation of security controls in System Security Plans (SSPs)
• Assess severity of identified weaknesses and recommend corrective actions
• Act as IS liaison between Directorates and Offices (Ds&Os) and COMM

• Must possess and be able to maintain a TS/SCI clearance with polygraph
• BA/BS or higher STEM degree
• BS 8-10 years of experience, MS 6-8 years of experience, PhD 3-5 years of experience
• SCA experience
• Certifications (At least one of the below): CAP, CASP, CISM, CISSP (or Associate), GSCL, CGRC/CAP, Cloud+, CYSA+, GSEC, PenTest+
• Relevant experience in technical project management
• Advanced IS security skills and knowledge
• Familiarity with IA concepts
• Ability to review and recommend vulnerability and risk levels associated with SW and HW products
• Practical experience developing and implementing security related directives
• Practical experience performing IS' A&A as defined in applicable ICDs and guidance
• Practical experience utilizing risk management strategies for IT solutions
• Understanding of emerging technologies and their implementation w/in government systems and network environments
• Knowledge of IT concepts used in evaluation of security performance and integrity of state-of-the-art applications, communications systems, HW, SW, satellite controls systems, and information processing systems
• Practical experience assessing security of cloud-based systems including IaaS, PaaS, and/or SaaS deployment
• Ability to effectively coordinate A&A activities of industry and government IS' to meet acquisition milestone requirements
• Experience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs
• Ability to simultaneously manage and track multiple large-scale systems or programs involved in A&A process
• Experience developing and implementing security related directives and guidance for IT-IA-AM
• In-depth understanding of IT systems, SW, & networks
• Effective technical report and general correspondence writing ability

Education relevant to computer engineering, INFOSEC, cyber security, information management, and/or computer science