IT Security Risk Auditor

Connexion Systems + Engineering

Bedford, MA

JOB DETAILS
SALARY
$55–$72 Per Hour
SKILLS
Auditing, CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, Code of Federal Regulations, CompTIA Security+, Computer Science, Computer Security, Contract Requirements, Defense Federal Acquisition Regulations Supplement (DFARS), Federal Acquisition Regulations (FAR), Government Policies, Government Regulations, Identify Issues, Information Technology & Information Systems, Information Technology/Systems Audit, Information/Data Security (InfoSec), Insurance Certifications, Internet Security, Laboratory Systems, Maintain Compliance, Microsoft Excel, Network Security, Open Source, Presentation/Verbal Skills, Protective Services, Publications, Regulatory Compliance, Research & Development (R&D), Risk, Risk Analysis, Risk Management Framework (RMF), SAP, Security Auditing, Security Compliance, Security Monitoring, Solid State Drive (SSD), Time Management, U.S. National Institute of Standards and Technology (NIST), United States Department of Defense (DoD), Writing Skills
LOCATION
Bedford, MA
POSTED
3 days ago
IT Security Risk Auditor 

3 year contract

Pay Range: $55-$72/hr

Hybrid: predominantly onsite to start eventually leading to 2-3 days/week on site

Clearance: eligible to obtain Top Secret (interim sufficient to start)


The Security Services Department’s (SSD) overall mission is to enable research and development while keeping the community safe and secure through the protection of information, network, facilities and personnel.

The IT Security Risk Auditor position performs audits of classified and unclassified Information Systems (IS) to ensure that they are being maintained in a compliant manner and are following applicable laws and government regulations, such as National Industrial Security Program Operation Manual (NISPOM) guidelines regarding the protection of classified information systems, National Institute of Standards and Technology (NIST) standards and special publications, Cybersecurity Maturity Model Certification (CMMC), DCSA Assessment and Authorization Process Manual (DAAPM) and Laboratory Information System Security Procedures. The candidate must be knowledgeable in fundamental computer security principles and policies: Security Technical Implementation Guides (STIGs), NIST 800-53/Risk Management Framework (RMF), CNSSI 1253, and DOD Manual 5205.07 Volumes 1-4, NIST SP 800-171 and DAAPM 2.0.

Responsible for maintaining and auditing programs to validate compliance with various government regulations and Information Security policies. The position is responsible for conducting comprehensive assessments of the management, operation, monitoring and technical security controls employed within or inherited by Information Systems to determine the overall effectiveness of the controls (i.e. the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome) with respect to meeting the security requirements of the Authorization to Operate (ATO) or other government regulation or contractual requirement for the system and for the ability to conduct open source and internal research to identify current threat indicators, exploits, and vulnerabilities.

Requirements:
• Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or related field is required with a minimum of seven (7) years’ experience conducting risk assessments.
• Experience in compliance auditing, security reviews, or vulnerability assessments.
• Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e. CISSP, CISA) may be considered substitutes for education and experience.
• In-depth knowledge of information security principles and policies such as Risk Management Framework (RMF) as presented by the National Institute of Standards and Technology (NIST), NIST SP 800-171 and Security Technical Implementation Guides (STIGs).
• The ability to read, understand and apply government regulation, policies and procedure such as the National Industrial Security Program Operating Manual (NISPOM), 32 CFR Part 117, FAR/DFARS Safeguarding CUI series (252.204-7012, etc.), computer security principles and policies, to include, Security Technical Implementation Guides (STIGs) and NIST 800-53 / Risk Management Framework (RMF) and NIST SP 800-171.
• Working experience directly related to Assessment and Authorization using at least one of the following:
o NIST 800-53/Risk Management Framework (RMF)
o Joint Special Access Program (SAP) Implementation Guide
o NIST SP 800-171 Understanding of CMMC Framework
o National Industrial Security Program Operating Manual (NISPOM) Chapter 8

Preferred:
• Information Assurance Certifications preferred (CISSP/CISA, Security+, CCP/CCA, or other industry-recognized Certification that validate knowledge in Cybersecurity framework or equivalent).
• Direct experience with DCSA facility compliance reviews and security audits.

Hybrid role:
-This position will be predominantly onsite for the first 3-4 months (probably 4 days/wk onsite). After the initial ramp up period, there may be an opportunity for more remote, 2-3 days/week. Long term, candidate must be comfortable with being onsite at least 2+ days and as needed for the project work.

Clearance:
-Interim clearance sufficient for start; but candidate will need to clear up to the Top Secret Level.

 
Must Have
Admin
Compliance & Auditing7 years
Degree Level
Bachelor's DegreeYes
Experience
Document audit findings, including non-compliance issues or deviations7 years
Identify potential compliance issues and recommend policy/procedure changes7 years
IT system security compliance (NIST, PCI, HIPPA, CMMC)3 years
Support preparation for audit/review activities7 years
Government Policy/Regulations
STIG Compliance3 years
Security
NISPOM 32 CFR Part 117 experience3 years
NIST 800-1713 years
NIST 800-533 years
Risk Management Framework (RMF)3 years
Soft Skills
Strong Verbal and Written CommunicationYes
Time ManagementYes
Software
MS Suite (Excel, ppt)7 years
Nice to Have
Certification
Security+ CE, CASP, CISSP, or similar security certificationYes
Security
Cybersecurity Maturing Model Compliance (CMMC)0 years

About the Company

C

Connexion Systems + Engineering

Connexion is an award-winning professional staffing firm that strives to be the unrivaled staffing solution for job seekers by expertly connecting talent with opportunity.  Over the last 20 years Connexion has built the most admired team of staffing experts in the industry.  We give back, change lives and offer unconditional support to the candidates we represent.

Put Connexion's 20 years of experience to work for you! Our professionals have unrivaled relationships and contacts with the hiring managers, human resources team and decision makers at the most desirable companies to work for.

Don't let your resume get lost in an inbox, Connexion's recruiting team will advocate on your behalf to get you the job you want

COMPANY SIZE
500 to 999 employees
INDUSTRY
Staffing/Employment Agencies
FOUNDED
1999
WEBSITE
https://www.csetalent.com/