Quality Assurance Lead
- Expired: over a month ago. Applications are no longer accepted.
Iron Vine Security is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire a Quality Assurance Lead to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.
· Strong written and verbal communication skills.
· Experience in planning assessments and be a senior member in a team of security control assessors
· Three (3) years of managing technical security QA team/SA&A Package Independent Validation & Verification (IV&V).
· Six (6) years of experience developing RMF documentation.
· Six (6) years of experience conducting security and privacy control assessments.
· Eight (8) years of Information Security experience.
· Bachelor’s degree or higher
· Two (2) years of experience with eGRC tools is required.
· Certified in Certified Information Systems Security Professional (CISSP), Certified Risk and Information Systems Control (CRISC), or Certified Information Security Auditor (CISA) is required
Additional Experience Preferred:
· Experience performing Certification and Accreditation (C&A) activities, including risk assessments, Security Plans, Security Controls Assessments (SCA), Certification and Accreditation documents.
· Experience with ServiceNow GRC tool suite, including CAM
· Experience conducting quality reviews of authorization briefing decks, memos, and
· Security Assessment Reports prior to submission to federal staff for review.
· Perform technically Quality Assurance (QA) across all contract activities and tasks, including project, program plans and schedules to ensure quality, error-free products are delivered. In addition to this standard QA review,
· Perform QA with special technical and analytical review and focus on critical areas in support of the CA&C RMF Program activities.
· Examine the assessment deliverables for inconsistencies, inaccuracies, incompleteness, generic finding and recommendation statements, incongruent risk analysis and business context.
· Ensure as part of the QA review that testing procedures were followed properly and that assessment results documentation has recorded observations and evidence, and traceability from the requirement through to the finding, etc. to allow for a reader to follow exactly what was missing or incomplete regarding NIST SP 800-53 security control requirement implementation.
· Document and provide system-specific and concise findings and recommendations that are also concise, system-specific, and actionable.
· Ensure assessment deliverables contain system-specific risk analysis results for each finding identified during each assessment in accordance with NIST SP 800-30, as amended, the Enterprise Risk Appetite, and security policies.
Falcon IT & Staffing Solutions
TechnologyView all jobs at Falcon IT & Staffing Solutions