Security Control Assessor (Sca)
- Location:
- Virginia, Virginia Beach
- Requires Relocation:
- Yes
- Start Date:
- 05/11/2024
- End Date:
- 04/02/2025
- Offering Type:
- Permanent
- Hiring Paths:
- The public
- Service Type:
- Excepted
- Travel Percentage:
- Occasional travel
About Naval Supply Systems Command
The Navy and Marine Corps team offers innovative, exciting and meaningful work linking military and civilian talents to achieve our mission and safeguard our freedoms. Department of the Navy provides competitive salaries, comprehensive benefits, and extensive professional development and training. From pipefitters to accountants, scientists to engineers, doctors to nurses-the careers and opportunities to make a difference are endless. Civilian careers-where purpose and patriotism unite!
Job summary
Join the Navy Exchange Service Command (NEXCOM) as a Dynamic Security Control Assessor (SCA) with a passion for fortifying IT systems against evolving threats! Expert in evaluating and validating security controls, leveraging cutting-edge risk management frameworks to ensure top-notch cybersecurity.
Major duties
Skilled at conducting in-depth assessments that uncover vulnerabilities and delivering innovative solutions to bolster security posture. Driven to protect critical information and support organizational resilience in an ever-changing digital landscape!
Requirements
Key Requirements Candidate must meet all qualification requirements by the closing date of this announcement. A one-year probationary period will be required upon selection. Social Security Card must be presented at time of appointment. If you are selected for this position, the documentation that you present for purposes of completing the Department of Homeland Security (DHS) Form I-9 will be verified through the DHS E-verify system. Federal Law requires verifying eligibility of all new hires. The Navy Exchange Service Command is an E-Verify Participant. Incumbents of this position must be U.S. Citizens. Candidates/Incumbent must be eligible for and obtain a Secret Clearance. Other Requirements Must be US Citizen. SECNAV M-5239.2, DoN, Information Assurance (IA) Workforce Manual requires incumbents of this position to possess and maintain current, two types of certifications as follows: IA Certification: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+), GIAC Security Leadership Certification (GSLC). Technical Certification: Operating System/Computing Environment (OS/CE) certificate of training as dictated by Supervisor and approved by Command Cyber IT/CSWF-PM. Candidate is also required to sign a Privileged Access Agreement. Candidates without the required certification may be placed into this job but must obtain the required certification within 6 months of appointment; failure to obtain this requirement will result in termination of employment. This position in accordance with SECNAV M-5510.30 will require a favorable Single Scope Background Investigation (SSBI).
Qualification
A total of 8 years of experience, consisting of the following combination: Qualified candidates must be U.S. Citizens. GENERAL EXPERIENCE: 3 years' experience in security, technical or investigative work which demonstrated the ability and aptitudes required to perform technical, managerial or analytical work involving management information systems. OR SUBSTITUTION OF EXPERIENCE FOR EDUCATION: One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelor's degree in IT security or computer information systems for 3 years of general experience. AND SPECIALIZED EXPERIENCE: 5 years of demonstrated experience in at least two of the following: Risk management validation; IT security compliance and reporting; Technical risk analysis; and Authorization and accreditation. And experience in the performance of: System Security Assurance: ensuring that entire systems meet security requirements, function securely, and undergo comprehensive testing for overall security assurance. Security Assessments: conducting security assessments and developing Security Assessment Plans (SAPs). Technical Understanding: interpreting network diagrams, vulnerability scans, and compliance scans. Security Documentation: creating and maintaining various security documents, including Security Assessment Plans. Risk Management Framework: conducting security control assessments following a Risk Management Framework approach, along with conducting risk assessments and developing security assessment reports. And in-depth knowledge of: NIST 800-53, risk mitigation strategies for computer operating systems, networks, or cloud services, and security controls and compliance frameworks. This position is designated in accordance with SECNAV M-5510.30 and will require a favorable Single Scope Background Investigation (SSBI). Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.
Education
4-year bachelor's degree in a related field preferred.
Evaluations
Your qualifications will also be evaluated on the Minimum Qualification Requirements as described in your profile and resume. Credit will be given for appropriate paid and unpaid experience or volunteer work.