Cybersecurity Assessor

Position: Cybersecurity Assessor

Position Summary: The Cybersecurity Assessor evaluates enterprise systems, networks, and applications to identify vulnerabilities, assess risks, and ensure compliance with security policies and regulatory standards. They provide actionable recommendations and collaborate with technical and business teams to strengthen security controls and reduce organizational risk.

Key Duties and Responsibilities: • Expertise in GRC methodologies, security control auditing, and third-party risk assessments. Proven ability to interpret federal compliance mandates (NIST SP 800-53, 800-37) and evaluate technical and administrative controls. Strong competency in conducting "Security Impact Analyses" and managing Plan of Action and Milestones (POA&M) documentation. Compliance & Assessment Support: Conduct security and compliance assessments across internal systems and third-party vendors, supporting adherence to organizational and regulatory requirements. • Third-Party Risk Assessments: Evaluate the security practices of external service providers and assist with managing vendorrelated risks throughout the assessment of lifecycle. • Findings & Remediation Tracking: Analyze assessment results, document findings, and support remediation efforts by tracking issues and helping teams prioritize corrective actions. • Cross-Functional Coordination: Work with business and technical stakeholders to clarify compliance requirements and support the resolution of identified risks within accepted thresholds. • Risk Documentation & Reporting: Use risk management tools and reporting dashboards to maintain assessment documentation, track risk metrics, and contribute to security posture reporting. • Cross-Functional Synergy: Serve as a bridge between Business Analysts and Cybersecurity Engineers, translating compliance requirements into actionable remediation tasks while maintaining organizational risk thresholds. • GRC Tool Proficiency: Use industry-standard GRC platforms (e.g., Archer, ServiceNow) and Third-Party Risk tools (e.g., OneTrust, Prevalent) to centralize documentation and streamline assessment workflows. • Data-Driven Risk Reporting: Convert complex assessment findings into actionable insights with Power BI and Excel, maintaining dashboards that communicate enterprise security posture to stakeholders. • Security Control Execution & Validation: Perform daily RMF lifecycle control assessments, including evidence collection, walkthroughs, testing of technical/administrative controls, and POA&M tracking to ensure risk remains within tolerance.

Requirements: • 5+ years experience in a similar role • Required certifications: CISA, CRISC, CGEIT, CISSP, CompTIA Security+, CCSK, CAP/ISC2 CGRC • Experience with the following technologies: GRC Platforms (Archer/ServiceNow), Third-Party Risk Tools (OneTrust/Prevalent), MS Excel (Advanced), MS Power BI, MS Visio, JIRA, and Microsoft Office Suite.