Security Assessor/Auditor Team Member

Crownsville, MD
Posted 3 weeks ago

State of Maryland DoIT Security Operations Center (SOC)


Betis Group, Inc. is looking for a Security Assessor/Auditor with background experience in compliance security assessment efforts. The Security Assessor/Auditor will be responsible for planning and executing security assessment tasks for assigned state of Maryland government agencies and ensuring successful closure of assigned tasks and milestones. This role will be responsible for performing the following tasks: 

Position: Team Member 

Job Responsibilities:

– Serve as a Team Member on a security assessment project team
– Plan and conduct security assessment interview meetings, face-to-face virtual or in-person
– Plan and conduct security assessment interview meetings over audio conference
– Plan and execute security assessment data calls and follows ups over email/phone calls
– Assess, plan, and execute assigned security assessment project tasks and milestones to successful closure
– Provide daily updates on completed task vs. outstanding project tasks
– Raise project performance issues and risks or questions to the Project Lead to facilitate obtaining the necessary support and timely resolution
– Be the initial point of contact for agencies stakeholders’ questions, provide answers and clarifications and escalate unresolved questions
– Tactically navigate stalemate situations to manage competing interests and priorities among stakeholders
– Assess and understand at a high-level organization mission, goals, and objectives and relate cyber security principles and requirements to the mission
– Assess/audit and understand organization security objectives for mission support capability areas as captured in security policies, directives, orders, and underpinning legal and regulatory requirements i.e., Access Management, Incident Response, Identity Management, Asset Management
– Analyze and map management, operational, and technical security controls to mission support capability areas and develop assessment session talking points
– Assess/audit and understand organization management/operational plans, processes, procedures, standards, and guidelines to determine their level of alignment in support of objectives outlined in security policies, directives, and orders
– Assess/audit and organization technical security controls and determine their alignment in support of objectives outlined in security policies, directives, and orders
– Analyze assessment feedback and body of evidence/artifacts and identify maturity of controls and residual operating risks, based on organization mission objectives outlined in security policies, directives, orders, and standards
– Provide feedback to Project Lead on performance issues and improvements on implemented security assessment approaches, processes, procedures, methodologies etc. 
– Identify issues, gaps, and recommendations to be integrated into the final security assessment report

Education and Years of Experience: 

– At least eight (5) years of hands-on experience performing security assessments
– Bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Cybersecurity, or related discipline

Required Skills/Certifications:

– Excellent written and oral communication, and presentation skills
– Ability to translate and communicate technical security requirements to non-technical stakeholders to facilitate gathering information in security assessment sessions/interviews/data calls
– Self-starter, able to assess, plan, and execute assigned security assessment project tasks to successful closure
– Customer-oriented with excellent issue follow-through and resolution abilities
– Ability to develop, motivate, and manage project teams
– Outstanding interpersonal skills, strong work ethic, and self-motivated
– Able to perform gap analysis and initiate process, procedure, methodology improvements
– Utilize tools and analytical skills to plan and execute tasks

Desired Skills/Certifications:

– CISA, or CISM, or CRISC, or CAP, or relevant industry security certifications 
– Experience with relevant laws and regulations: FISMA, HIPAA, HITECH, IRS, GDPR etc
– Experience with any of the following security controls frameworks: NIST SP 800-53 Rev 4, SANS 20 Critical Security Controls, CIS Controls (Basic, Foundational, and Organizational), COBIT 5, HITRUST Common Security Framework, ISO 27001/2, SOC 1/SOC 2 
– Experience with any of the following assessment frameworks/models: Data Management Maturity Model (DMM), Capability Maturity Model Integration (CMMI), NIST Cyber Security Framework (CSF), NIST Risk Management Framework (RMF), NIST Privacy Framework

General Requirements:

– U.S. Citizenship required
– Location: Crownsville, MD 

Salary Commensurate with Experience

Job Features

Job CategoryCybersecurity, Project Management

Apply Online