Security Control Assessor

Your Success is Our Success. Global CI is an award-winning 30-year IT Services company founded on the principles of providing high-quality, value-added technology consulting services. Our vision is to create a better future by improving the lives of the people we serve through emerging technologies. Join us and together we will advance the future of technology services. Global CI offers competitive compensation and non-salary benefits to all eligible employees. Job Description Mix of Jr and midlevel roles Security Control Assessor ( multiple roles) Overview The Security Control Assessor (SCA) is responsible for planning, executing, and documenting security control assessments in accordance with NIST SP 800-53 Revision 5, NIST SP 800-53A Rev. 5, and applicable federal security assessment methodologies. The SCA evaluates the effectiveness of implemented security controls across systems, environments, and organizations to determine compliance, residual risk, and readiness for Authorization to Operate (ATO). Key Responsibilities Develop and execute Security Assessment Plans (SAPs) aligned with NIST 800-53A Rev. 5 assessment procedures. Conduct independent security control assessments (SCAs) to validate that implemented controls meet applicable federal and agency security requirements. Perform evidence reviews, interviews, and technical testing (e.g., configuration validation, vulnerability scans, policy reviews). Document findings, weaknesses, and residual risks in Security Assessment Reports (SARs) and provide recommendations for remediation. Assess the implementation and effectiveness of security controls across all NIST control families, including Access Control (AC), Audit and Accountability (AU), Configuration Management (CM), Incident Response (IR), Risk Assessment (RA), and System & Communications Protection (SC). Collaborate with Information System Owners (ISOs), Information System Security Officers (ISSOs), and Authorizing Officials (AOs) to clarify assessment results and risk posture. Map findings to Risk Management Framework (RMF) steps 4 and 5, supporting authorization decisions. Participate in Continuous Monitoring (ConMon) and annual assessment activities for ongoing authorization. Ensure assessment procedures are consistent with NIST, FedRAMP, and agency-specific security requirements. Maintain up-to-date understanding of changes in NIST guidance, FISMA, and Zero Trust Architecture (ZTA) frameworks that impact assessment criteria. Required Qualifications Bachelor's degree in Computer Science, Information Assurance, Cybersecurity, or a related field (or equivalent experience). 5+ years of experience performing security control assessments under NIST RMF or FedRAMP. In-depth knowledge of NIST SP 800-53 Rev. 5, NIST SP 800-53A Rev. 5, and NIST SP 800-37 Rev. 2. Experience using security assessment tools such as Nessus, Splunk, ACAS, OpenVAS, or equivalent. Familiarity with vulnerability management, configuration baselines, and system security documentation (SSP, POA&M, SAR). Strong analytical, documentation, and reporting skills. Ability to communicate technical findings clearly to both technical and non-technical audiences. Active security clearance (Public Trust, Secret, or higher) or ability to obtain one. Preferred Qualifications Certifications such as CISSP, CISA, CAP, CEH, or Security+. Experience performing assessments in FedRAMP, DoD RMF, or Client CDM environments. Knowledge of Zero Trust principles and their alignment with NIST SP 800-207. Familiarity with ServiceNow IRM/CAM GRC platforms for tracking assessment evidence and results. Prior experience supporting federal agencies such as SSA, HHS, or Client Benefits include: Comprehensive medical, dental, vision, life, and short & long-term disability insurance + health savings account Matching 401k retirement plan + IRA's and Roth IRA's Generous paid time off and paid holidays Employee recruitment/referral bonus Paid community service hours Tuition reimbursement Employee discounts At Global Commerce & Information, Inc. we celebrate, support, and are committed to creating a diverse and inclusive environment. We're proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other legally protected characteristics. Global Commerce & Information, Inc maintains a drug-free workplace.

Created: 2026-03-04