IT Security RIsk Auditor
Salary undisclosed
Apply on
Original
Simplified
Our client has an opening for an IT Security Risk Auditor onsite in Lexington, MA
Applicants must be eligible to obtain a Top Secret security clearance
The IT Security Risk Auditor is responsible for maintaining and auditing programs to validate compliance with various government regulations and client Information Security policies. The position is responsible for conducting comprehensive assessments of the management, operation, monitoring and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls (i.e. the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome) with respect to meeting the security requirements of the Authorization to Operate (ATO) or other government regulation or contractual requirement for the system and for the ability to conduct open source and internal research to identify current threat indicators, exploits, and vulnerabilities.
Requirements:
Bachelor's degree in Computer Science, Information Technology, Computer Information Systems, or related field is required with a minimum of seven (7) years' experience conducting risk assessments.
Experience in compliance auditing, security reviews, or vulnerability assessments.
Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e. CISSP, CISA) may be considered substitutes for education and experience.
Candidate must possess an in-depth knowledge of information security principles and policies such as Risk Management Framework (RMF) as presented by the National Institute of Standards and Technology (NIST), NIST SP 800-171 and Security Technical Implementation Guides (STIGs).
The ability to read, understand and apply government regulation, policies and procedure such as the National Industrial Security Program Operating Manual (NISPOM), 32 CFR Part 117, FAR/DFARS Safeguarding CUI series , etc.), computer security principles and policies, to include, Security Technical Implementation Guides (STIGs) and NIST 800-53 / Risk Management Framework (RMF) and NIST SP 800-171.
Working experience directly related to Assessment and Authorization using any of the following:
o NIST 800-53/Risk Management Framework (RMF)
o Joint Special Access Program (SAP) Implementation Guide
o NIST SP 800-171 Understanding of CMMC Framework
o National Industrial Security Program Operating Manual (NISPOM) Chapter 8
Preferred:
Information Assurance Certifications preferred (CISSP/CISA, Security+, CCP/CCA, or other industry-recognized Certification that validate knowledge in Cybersecurity framework or equivalent).
#CJ
About Equiliem
Equiliem believes in empowering success. It's our job to cultivate relationships that connect people and employers in a way that is inclusive, intelligent, and allows both to thrive.
Across the U.S., leading companies in healthcare, government, engineering, manufacturing, professional services, and energy rely on us for their workforce solutions. Our recruiting and HR services include contract and direct hire staffing, Payrolling/EOR, Independent Contractor Compliance, and Managed Services.
For almost 30 years, we've helped shape our industry. Today, we continue to research, ask questions, and continuously enhance the candidate journey and client experience.
EEO Employer
Equiliem is an equal opportunity employer. We do not discriminate or allow discrimination based on race, color, religion, creed, sex, age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Equiliem will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or .
Applicants must be eligible to obtain a Top Secret security clearance
The IT Security Risk Auditor is responsible for maintaining and auditing programs to validate compliance with various government regulations and client Information Security policies. The position is responsible for conducting comprehensive assessments of the management, operation, monitoring and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls (i.e. the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome) with respect to meeting the security requirements of the Authorization to Operate (ATO) or other government regulation or contractual requirement for the system and for the ability to conduct open source and internal research to identify current threat indicators, exploits, and vulnerabilities.
Requirements:
Bachelor's degree in Computer Science, Information Technology, Computer Information Systems, or related field is required with a minimum of seven (7) years' experience conducting risk assessments.
Experience in compliance auditing, security reviews, or vulnerability assessments.
Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e. CISSP, CISA) may be considered substitutes for education and experience.
Candidate must possess an in-depth knowledge of information security principles and policies such as Risk Management Framework (RMF) as presented by the National Institute of Standards and Technology (NIST), NIST SP 800-171 and Security Technical Implementation Guides (STIGs).
The ability to read, understand and apply government regulation, policies and procedure such as the National Industrial Security Program Operating Manual (NISPOM), 32 CFR Part 117, FAR/DFARS Safeguarding CUI series , etc.), computer security principles and policies, to include, Security Technical Implementation Guides (STIGs) and NIST 800-53 / Risk Management Framework (RMF) and NIST SP 800-171.
Working experience directly related to Assessment and Authorization using any of the following:
o NIST 800-53/Risk Management Framework (RMF)
o Joint Special Access Program (SAP) Implementation Guide
o NIST SP 800-171 Understanding of CMMC Framework
o National Industrial Security Program Operating Manual (NISPOM) Chapter 8
Preferred:
Information Assurance Certifications preferred (CISSP/CISA, Security+, CCP/CCA, or other industry-recognized Certification that validate knowledge in Cybersecurity framework or equivalent).
#CJ
About Equiliem
Equiliem believes in empowering success. It's our job to cultivate relationships that connect people and employers in a way that is inclusive, intelligent, and allows both to thrive.
Across the U.S., leading companies in healthcare, government, engineering, manufacturing, professional services, and energy rely on us for their workforce solutions. Our recruiting and HR services include contract and direct hire staffing, Payrolling/EOR, Independent Contractor Compliance, and Managed Services.
For almost 30 years, we've helped shape our industry. Today, we continue to research, ask questions, and continuously enhance the candidate journey and client experience.
EEO Employer
Equiliem is an equal opportunity employer. We do not discriminate or allow discrimination based on race, color, religion, creed, sex, age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Equiliem will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or .
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job Similar Jobs
