Security and Privacy Controls Specialist

Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector's IT environment. Our team is on the forefront of helping to solve the government's most complex IT challenges. If you are seeking a role that offers the opportunity to work on rewarding projects, consider a career with Cloud and Things.

Overview:

We are seeking a Security and Privacy Control Specialist who will support our client. The ideal candidate will be expected to design, develop, and maintain workbooks that document, describe, and assess security and privacy controls in alignment with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53A Revision 5. This role focuses on the creation and maintenance of these workbooks with the assistance of business subject matter experts, compliance officers, and reviewing the relevance of other security audits such as System and Organization Controls (SOC).

Duties:

• Workbook Development and Documentation:
  • Design and develop detailed workbooks that map NIST SP 800-53A Rev 5 controls to corresponding security and privacy assessment activities.
  • Clearly articulate control objectives, control enhancements, and assessment methods.
  • Solicit relevant information from subject matter experts to be used in the development of the necessary workbooks.
  • Incorporate templates, workflows, and reference materials to standardize control assessment processes.
  • Identify and review existing security audit reports and other artifacts for relevance and use in the workbooks.
• Collaboration and Stakeholder Engagement:
  • Work closely with security teams, system owners, and auditors to gather requirements and ensure workbook usability.
  • Collaborate with compliance managers to align documentation with federal regulatory requirements.
• Quality Assurance and Continuous Improvement:
  • Review and refine workbook content to ensure accuracy, consistency, and alignment with NIST guidelines.
  • Stay up-to-date with revisions to NIST SP 800-53A Rev 5 and other related standards, integrating updates into the workbooks as needed.
  • Solicit feedback from users and incorporate suggestions to enhance workbook functionality and relevance.

Mandatory Skills/ Experience:

• BA in Information Security, Cybersecurity, Information Technology, or a related field.
• 5+ years of experience in IT security, compliance, or risk management roles.
• Certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Authorization Professional (CAP).
• Experience with New York State security policy and standards.
• Proven expertise in applying NIST SP 800-53 and SP 800-53A frameworks, particularly at the Moderate baseline.
• Experience developing documentation, templates, and tools to support control assessments.
• Strong understanding of federal information security standards, policies, and frameworks.
• Excellent technical writing skills, with the ability to convey complex concepts in clear and concise language.
• Effective communication and interpersonal skills for cross-functional collaboration.
• Ability to solicit relevant information from subject matter experts and use it to develop the necessary workbooks.
• Experience creating and/or auditing New York State Medicaid System Security Plan Workbooks for Moderate Plus Impact Level Controls.
• Familiarity with federal information systems, Risk Management Framework (RMF), and Federal Information Security Modernization Act (FISMA) requirements.

Cloud and Things complies with all applicable federal, state, and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other category protected by applicable federal, state, or local laws.

Cloud and Things complies with all applicable federal, state, and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other category protected by applicable federal, state, or local laws.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Our goal is to solve problems and deliver results for our clients. At Cloud and Things, you can be a part of transforming the public sector's IT environment. Our team is on the forefront of helping to solve the government's most complex IT challenges. If you are seeking a role that offers the opportunity to work on rewarding projects, consider a career with Cloud and Things.

Overview:

We are seeking a Security and Privacy Control Specialist who will support our client. The ideal candidate will be expected to design, develop, and maintain workbooks that document, describe, and assess security and privacy controls in alignment with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53A Revision 5. This role focuses on the creation and maintenance of these workbooks with the assistance of business subject matter experts, compliance officers, and reviewing the relevance of other security audits such as System and Organization Controls (SOC).

Duties:

• Workbook Development and Documentation:
  • Design and develop detailed workbooks that map NIST SP 800-53A Rev 5 controls to corresponding security and privacy assessment activities.
  • Clearly articulate control objectives, control enhancements, and assessment methods.
  • Solicit relevant information from subject matter experts to be used in the development of the necessary workbooks.
  • Incorporate templates, workflows, and reference materials to standardize control assessment processes.
  • Identify and review existing security audit reports and other artifacts for relevance and use in the workbooks.
• Collaboration and Stakeholder Engagement:
  • Work closely with security teams, system owners, and auditors to gather requirements and ensure workbook usability.
  • Collaborate with compliance managers to align documentation with federal regulatory requirements.
• Quality Assurance and Continuous Improvement:
  • Review and refine workbook content to ensure accuracy, consistency, and alignment with NIST guidelines.
  • Stay up-to-date with revisions to NIST SP 800-53A Rev 5 and other related standards, integrating updates into the workbooks as needed.
  • Solicit feedback from users and incorporate suggestions to enhance workbook functionality and relevance.

Mandatory Skills/ Experience:

• BA in Information Security, Cybersecurity, Information Technology, or a related field.
• 5+ years of experience in IT security, compliance, or risk management roles.
• Certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Authorization Professional (CAP).
• Experience with New York State security policy and standards.
• Proven expertise in applying NIST SP 800-53 and SP 800-53A frameworks, particularly at the Moderate baseline.
• Experience developing documentation, templates, and tools to support control assessments.
• Strong understanding of federal information security standards, policies, and frameworks.
• Excellent technical writing skills, with the ability to convey complex concepts in clear and concise language.
• Effective communication and interpersonal skills for cross-functional collaboration.
• Ability to solicit relevant information from subject matter experts and use it to develop the necessary workbooks.
• Experience creating and/or auditing New York State Medicaid System Security Plan Workbooks for Moderate Plus Impact Level Controls.
• Familiarity with federal information systems, Risk Management Framework (RMF), and Federal Information Security Modernization Act (FISMA) requirements.

Cloud and Things complies with all applicable federal, state, and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other category protected by applicable federal, state, or local laws.

Cloud and Things complies with all applicable federal, state, and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other category protected by applicable federal, state, or local laws.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.