Security Controls Assessor/IT Auditor Remote Must be GC or US Citizen per clientResponsibilities:

　　Lead and conduct multi-level (application, database, operating system, middleware, monitoring tools, and business processes) security control assessments of HRSA systems based on predefined test objectives and test plans. Coordinate, and track interviews with system owners, ISSOs, and administrators on operational, management, and technical processes. Draft Security Control Assessment Plans (SCAP) to include the scope and methodology for testing. Develop test procedures and/or document recommendations for test plan modifications that improve validation of control objectives. Assist the assessment team obtaining, reviewing, and interpreting evidence provided to validate security controls are implemented properly and performing effectively. Review the security controls in the information system and its environment of operation to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security requirements. Work with the HRSA Risk Management (RM) team to determine risks to the system based on vulnerability results and compensating or mitigating controls in place. Produce the Security Assessment Report (SAR) that documents the results of the assessment. Review asset, application, and code scan results from various tools for assessed systems Review compliance scans against defined HRSA baselines for assessed systems. Provide recommendations to system owners and Information System Security Officers (ISSOs) for remediating identified vulnerabilities. Write supporting documentation for security control assessment and other risk management processes and procedures. Provide process improvement recommendations for day-to-day operations. Provide technical guidance to the HRSA RM team and other stakeholders as needed. Experience in Information Security and with the use of security devices.Skills & Experience:

　　CISA Certification, required. CISSP, CISM, MCSE, or CAP preferred. 5+ years of experience in a similar role. Excellent knowledge of FISMA regulation, FIPS standards, NIST 800 series, NIST Special Publications, Risk Management Framework, and other applicable guidance. Excellent knowledge of IT security and infrastructure. Experience with vulnerability assessment and reporting including comprehensive understanding of Vulnerability Management methodologies and procedures. Expertise in firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, and security audits. Great analytical skills to review various aspects of an organization’s information system. Strong attention to detail with an analytical mind and outstanding problem-solving skills. Great awareness of cybersecurity trends and hacking techniques. Self-educating capacity to stay abreast of all IT-related discoveries and conventions and ability to learn new skills quickly. Familiar with a range of software (MS Office Suite, Synopsis Suite, Tenable Nessus, RSA Archer). Excellent written and verbal communication skills. Strong interpersonal skills. Prior training experience is a plus. Experience troubleshooting systems. Ability to work under pressure in a fast-paced environment.System One, and its subsidiaries including Joulé, ALTA IT Services, CM Access, TPGS, and MOUNTAIN, LTD., are leaders in delivering workforce solutions and integrated services across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible full-time employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

　　System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.