NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Security Control Assessor/Auditor/Risk Assessor to join our team in Arlington, Virginia (US-VA), United States (US).

NTT seeks to hire someone to provide information security Assessment and Authorization (A&A) support to Contractor and Government facilities processing information. This person will enhance the Information System (IS) security awareness of system owners, PMO's, directorates and the Cybersecurity Services Section. Ensure that proper IS security resources are appropriately applied, and act as an IS liaison between the CISO/CIO and System owners, PMO's and various offices.

Personnel assigned to this role will serve primarily on the Cybersecurity Support and Assessment Units.

This role is responsible for coordinating with both the Cybersecurity Services Section and other

sections or divisions. Other sections include, but are not limited to, IT Operations, Engineering & Integration, and Software Operations. Other divisions include, but are not limited to, the Office of Investigative Technology. The contractor shall employ a mixture of technical and non-technical

personnel for this role.

Job Duties:

• Analyzes IT system functionality and integration with management processes, structure, culture, and performance.
• Conducts cybersecurity analysis using qualitative and quantitative tools and techniques to assess the effectiveness of the network, system, or application's security posture.
• Provides coaching, workshops, or training regarding the DEA SPAA process and associated sub-processes.
• Perform aspects of the NIST six-step Risk Management Framework and ongoing information system authorization through continuous monitoring processes.
• Provide the technical expertise and judgement for security control validation of system-specific, hybrid, and common controls to determine the extent to which the controls are implemented correctly operating, operating as intended, and producing the desire outcome with respect to meeting the security requirements for the information system.
• Provide the technical expertise and judgment to validate the security controls employed within or inherited by the information system using assessment procedures and provide specific recommendations on how to correct weaknesses or deficiencies in the controls and reduce or eliminate identified vulnerabilities.
• Provide the technical expertise and judgment to determine the security impact of proposed or actual changes to the information system and its environment of operation to determine the extent to which proposed or actual changes may affect the security control(s) currently in place, produce new vulnerabilities in the system, or generate new requirements for new security controls no needed previously.
• Coordinate with other subject matter experts, such as the enterprise architect, to assess impacts to proposed changes and provide recommendations to senior management.
• Provide the technical expertise and judgment to deliver the results of the security control validation documented in the security assessment report at a level of detail appropriate for the assessment in accordance with the reporting format prescribed by organizational and/or federal policies, including recommendations for correcting any weaknesses or deficiencies in the controls.

• Provide the technical expertise and judgement to validate the security controls employed within or inherited by the information system, after the initial authorization on an ongoing basis.
• Demonstrated experience developing tailored artifact request lists that serve as evidence for assessments.
• Demonstrated experience reviewing and integrating vulnerability scan results into consolidated findings reports.
• Proven success with developing executive level findings briefings and communicating/defending assessment results and progress to internal and external stakeholders.
• Ability to prioritize tasks to support assessments on multiple boundaries at a given time.
• Ability to present IT security risks to executive management.
• Perform A&A activities to include coordinating with stakeholders; developing/reviewing documentation; and identifying, documenting, communicating assessment results.
• Documentation to be developed includes Security Assessment Plans and Security Assessment Reports.
• Documentation to be reviewed includes, but is not limited to, System Development Lifecycle documentation, network topology diagrams, System Security Plans and other documents that comprise existing A&A packages, audit logs, system configurations, as well as policies, procedures, and processes related to NIST 800 series security controls.

Basic Qualifications:

• BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline
  • Education Substitution:An advanced degree in Computer Science, Information Systems, Engineering, Business, or other related scientific/technical discipline may be considered equivalent to two (2) years general experience or two (2) years information security specialized experience. Any combination of certificates such as Microsoft's MCSE, or Cisco's, CCNA, CCDA, or CCNP, may be considered equivalent to two (2) year of general experience/information technology experience. Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels II or III may be considered equivalent to two (2) years of information security experience.
• Minimum of three (3) years relevant experience accomplishing risk management objectives using the NIST Risk Management Framework; evaluating the security posture of IT systems in accordance with national, Department of Justice, DEA security policies or other government agency (e.g., NIST and Committee on National Security Systems)
• Experience working within an IT environment holding positions such as: system administrator, network administrator, Software assessor, database administrator
• Active Secret security clearance; ability to obtain Top Secret, if requested

Preferred Qualifications:

• Technical understanding of emerging technologies and their implementation within Government system and network environments.
• Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, satellite control systems, and information processing systems.
• Technical understanding of information technology systems, software, and networks
• Knowledge of and experience with ICD 503, NIST 800 series and the Government's certification and accreditation process.
• Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, satellite control systems, and information processing systems
• In-Depth Technical understanding of information technology systems, software, and networks.
• Perform Risk Management Framework (RMF) Step 4 Security Control Assessments within the context of and with a demonstrated understanding of all stages of the NIST RMF framework.
• Assess systems of varying scope and complexity and comprised of various components and subsystems, while working on multiple assessments simultaneously.
• In depth knowledge and experience applying the National Institute of Standards and Technology (NIST) Special Publications and FIPS as a framework for conducting A&A activities on federal IT systems.
• Demonstrated experience with creating, revising, and reviewing System Security Plans (SSP), Security Assessment Plans (SAP), Plan of Action & Milestones (POA&M), Security Assessment Reports (SAR) for low, moderate, and high systems.
• Understanding security controls within network systems to identify vulnerabilities
• Analysis of management, operations, and technical security controls.
• Understanding of Risk Management Frameworks
• Analysis of the security of new or existing computer applications & software
• Understanding of secure software testing and validation procedures
• Perform risk analysis whenever an application or system undergoes a major or minor change
• Preferred Certifications: Security +, CCNA, CISSP, CISA, CSQA, CMSQ, CISM

This position is most closely aligned to the Security Control Assessor, NIST: SP-RM-002.

Additional NIST work role alignments include:

• Security Architect, NIST: SP-ARC-002
• Systems Security Analyst, NIST: OM-AN-001
• Information Systems Security Manager, NIST:OV-MG-001
• Information Systems Security Developer, NIST:SP-SYS-001
• IT Project Manager, NIST:OV-PMA-002

Candidates for this position will be required to adhere to NTT DATA's and its clients' COVID-19 health and safety protocols. NTT DATA is committed to complying with the Safer Federal Workforce Task Force COVID-19 Workplace Safety Guidance for Federal Contractors and Subcontractors to the extent it is enforced by the federal government or any of its clients. If this position becomes subject to a COVID-19 vaccination mandate based on applicable law or client requirement, candidates will be required to become fully vaccinated as defined by NTT DATA or be approved for an exemption in accordance with applicable law.

#FEDSEC

About NTT DATA Services

NTT DATA Services is a global business and IT services provider specializing in digital, cloud and automation across a comprehensive portfolio of consulting, applications, infrastructure and business process services. We are part of the NTT family of companies, a partner to 85 % of the Fortune 100.

NTT DATA Services is an equal opportunity employer and considers all applicants without regarding to race, color, religion, citizenship, national origin, ancestry, age, sex, sexual orientation, gender identity, genetic information, physical or mental disability, veteran or marital status, or any other characteristic protected by law. We are committed to creating a diverse and inclusive environment for all employees. If you need assistance or an accommodation due to a disability, please inform your recruiter so that we may connect you with the appropriate team.

Nearest Major Market: Arlington Virginia

Nearest Secondary Market: Washington DC

Job Segment:
Cloud, Testing, Developer, Information Security, Information Systems, Technology