Cybersecurity Compliance Assessor I

Columbia Advisory Group

Overview

The role of Cybersecurity Compliance Assessor I is two-part.  The first is to evaluate the security controls within the enterprise architecture to identify vulnerabilities.  Our general assessments measure clients against a subset of the NIST 800-53 catalog of security and privacy controls. Our assessors must have enough IT background to analyze information and prepare reports defining the client’s maturity level for each security objective. The second is to provide recommendations to address deficiencies and improve the overall security of the enterprise architecture. Our team provides strategic guidance to clients regarding technology and IT infrastructures. Compliance Assessors may also be called on to assist with IT Compliance projects and/or documentation (e.g., vendor selection & procurement, and privacy and cybersecurity user training, continuity of operations, disaster recovery, incident response, user and access management, change management, vulnerability testing, etc.).  Must be a US citizen due to federal client and able to pass a background check and drug screen.

Responsibilities

  • Read client policy and procedural documentation, and compare to regulatory and organizational requirements to identify gaps.
  • Interview client staff to understand and verify what processes and tools are followed and utilized.
  • Perform analysis through interviews and examination of documentation to measure implementation maturity levels.
  • Provide recommendations based on best practices and defined standards.
  • Follow basic audit and assessment guidelines as outlined by ISACA.
  • Deliver products to technical staff and Executive levels through remote and onsite presentations.
  • Utilize secure methods of delivery.
  • Liaise with staff at all levels of a client organization.

Requirements

U.S. Citizenship due to federal client.

  • 2-5 years of experience in Information Technology. Prefer Compliance, Infrastructure, Security, Business Analyst, and/or Project Management background.
  • Utilization of MS Office tools, including Word, Excel, PowerPoint, SharePoint, and Teams.
  • 2+ years of experience performing security assessments or focused on compliance-related projects.
  • Knowledge of NIST 800-53 or 800-171 controls.
  • Degree in computer science, IT, or a related field.
  • Excellent communication skills, written and verbal.
  • Ability to present to both Technical and Executive levels.
  • Knowledge of Word, Excel, PowerPoint, and SharePoint.
  • Experience in creating documentation (Policy, Procedures, Guidelines, Standards).
  • Customer service orientation.
  • Self-driven, able to work independently and contribute to team efforts.
  • Experience in working on multiple projects at any given time.
  • Must pass a CJIS background check; this will require being fingerprinted.
  • Must pass drug screening.

PREFERRED/NICE TO HAVES

  • 2 years’ experience as an IT consultant.
  • Professional certification, such as CISA, CISSP, CBAP, and/or PMP.

To apply for this job please visit careers-columbiaadvisory.icims.com.