Job Description:

Capgemini Government Solutions (CGS) LLC is seeking a highly motivated Senior Security Controls Assessor to join our team in the Washington, D.C. metro to support our government clients. The Senior Security Controls Assessor is a multifaceted role that collaborates with other teams across the business.

The successful candidate will have the opportunity to apply and grow their skillset, work with a motivated and entrepreneurial team, engage with a wide range of stakeholders, and build CGS' capabilities.

• Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.
• Perform independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A).
• Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses.
• Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation.
• Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.).
• Develop and implement a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6
• Document and provide findings and recommendations that are concise, system-specific, and actionable.
• Analyze security tool reports and resolve residual risk or false positives from technical reports and artifacts before assigning findings.Add no more than 5-7 bullet points

Required Skills:

• Three (3) years' experience performing security control assessments required.
• Experience in planning assessments and be a senior member in a team of security control assessors
• Experience in communicating control requirements and deficiencies to both technical and non-technical audiences.
• Experience performing detailed, full-scope technical security control testing for each of the component types, including development of security and privacy assessment plans is required.
• Ability to analyze information system configurations and technical specifications against NIST SP 800-53r4/5 and other overlays
• Possesses a solid grasp of the NIST Special Publication 800-53 security and privacy controls, the NIST Cybersecurity Framework and other information security and privacy laws and regulations.
• Experience with development and writing of risk-based documentation.
• Experience with Step 4 of RMF process- Assessing Security Controls
• Strong written and verbal communication skills.
• Good communication ability across all levels of management.
• Ability to acquire Public Trust clearance or higher as required
• Bachelor's degree or higher in Computer Science's, MIS/IT, Engineering, Information Security/IA, or related subject area to work requirements no more than 3-5 required skills.
• Five (5) years of experience related to security control evaluation and compliance with Federal RMF requirements.
• Two (2) years of experience with the use of eGRC tools in Federal environment

• Experience performing Assessment and Authorization (A&A) activities, including risk assessments, Security Plans, Security Controls Assessments (SCA), Authorization document development and/or review.
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures applying standards-based concepts and capabilities.
• Experience with cloud technology offerings from AWS and Azure and assessing systems hosted within those environments
• Experience performing assessment in accordance with the policies, procedures, and standards of the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the FDIC

Capgemini supports all aspects of your well-being throughout the changing stages of your life and career. For eligible employees, we offer:

• Flexible work
• Healthcare including dental, vision, mental health, and well-being programs
• Financial well-being programs such as 401(k) and Employee Share Ownership Plan
• Paid time off and paid holidays
• Paid parental leave
• Family building benefits like adoption assistance, surrogacy, and cryopreservation
• Social well-being benefits like subsidized back-up child/elder care and tutoring
• Mentoring, coaching and learning programs
• Employee Resource Groups
• Disaster Relief

About Capgemini

Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of over 360,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of 22 billion.

Disclaimer

Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.

This is a general description of the Duties, Responsibilities and Qualifications required for this position. Physical, mental, sensory or environmental demands may be referenced in an attempt to communicate the manner in which this position traditionally is performed. Whenever necessary to provide individuals with disabilities an equal employment opportunity, Capgemini will consider reasonable accommodations that might involve varying job requirements and/or changing the way this job is performed, provided that such accommodations do not pose an undue hardship.

Capgemini is committed to providing reasonable accommodations during our recruitment process. If you need assistance or accommodation, please reach out to your recruiting contact.

Click the following link for more information on your rights as an Applicant http://www.capgemini.com/resources/equal-employment-opportunity-is-the-law

Please be aware that Capgemini may capture your image (video or screenshot) during the interview process and that image may be used for verification, including during the hiring and onboarding process.

Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Capgemini.