Enterprise Cybersecurity GRC Security Controls Assessor
The Opportunity:
Enterprise Cybersecurity (ECS) Governance, Risk, and Compliance (GRC) plays a pivotal role in safeguarding the organization's sensitive information and ensuring compliance with stringent cybersecurity regulations and guidance. As the Security Controls Assessor, you will support the GRC team responsible for the assessment and management of compliance and regulatory requirements with key stakeholders. You will work closely on Booz Allen’s internal information systems and environments assessing their compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 security controls and Cybersecurity Maturity Model Certification (CMMC) requirements. You will review technical and environmental details to assess the entire threat landscape and provide a hands-on approach with accountability for assessing and managing compliance and regulatory requirements with key stakeholders. Due to the nature of work performed within this facility, U.S. citizenship is required.
Join us. The world can’t wait.
You Have:
- 8+ years of experience in cybersecurity roles such as Security Control Assessor (SCA), System Steward, Information System Owner (ISO), Controls Validator, Information System Security Officer (ISSO), Information System Security Engineer (ISSE), or Information Systems Security Manager (ISSM)
- Experience performing in-depth assessments of cybersecurity controls, artifacts, and scanning results to evaluate effectiveness and ensure continuous compliance, and evaluating and advising on technical security implementations
- Experience partnering with IT, operations, and delivery teams to provide expert guidance, drive GRC initiatives, and foster a culture of security awareness
- Experience using automation and AI-driven tools to streamline control assessments, enhance evidence collection, and accelerate compliance validation activities
- Experience with the Department of Defense (DoD), Federal Information Security Modernization Act (FISMA) FedRAMP, NIST, Risk Management Framework (RMF), DevSecOps principles, and Infrastructure-as-Code (IAC), and leveraging it for security controls, assessments, and risk mitigation into specific, actionable technical tasks for IL5 environments
- Knowledge of network defense tools
- Knowledge of security control alignment and assessment against NIST SP 800-53 rev. 4 and rev. 5, NIST SP 800-171 rev. 2 and rev. 3, the Federal Risk and Authorization Management Program (FedRAMP), CMMC, or System and Organization Controls (SOC) 2 Type II
- Ability to manage the full risk lifecycle, from identification of vulnerabilities to implementation of mitigation strategies and final closure, using both qualitative and quantitative frameworks
- Ability to develop and communicate technical and non-technical metrics regarding compliance trends and vulnerability management across various business lines
- HS diploma or GED
Nice If You Have:
- Experience identifying problems, determining pragmatic solutions, identifying and obtaining needed resources, and executing with little supervision
- Ability to quickly comprehend complex problems, draw logical conclusions, make sound decisions, develop solutions, and negotiate and respond accordingly to drive closure
- Ability to communicate and collaborate effectively to engage and interact with senior and executive management
- Possession of excellent analytical and problem-solving skills
Compensation
At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen’s benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.
Salary at Booz Allen is determined by various factors, including but not limited to location, the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $77,600.00 to $176,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen’s total compensation package for employees. This posting will close within 90 days from the Posting Date.Identity Statement
As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Candidate AI Usage Policy
AI is a part of our daily work at Booz Allen, and we are committed to the responsible and ethical use of AI tools. However, we want to ensure a fair candidate process based on your own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) or other tools to assist with responses during interviews (whether in-person or virtual) is prohibited unless permission is explicitly provided.
Work Model
Our people-first culture prioritizes the benefits of collaboration, whether it occurs in person or virtually. To support engagement and effective communication, employees working virtually are generally expected to have their cameras on during meetings.
Remote: If this position is listed as remote, there may still be occasions when you are required to work in person at a Booz Allen or customer facility.
Hybrid: If this position is listed as hybrid, you will be expected to work from a Booz Allen facility frequently, in alignment with leadership expectations and the needs of the role. You may also be required to work from or visit a customer facility.
Onsite: If this position is listed as onsite, work will primarily be performed at a Booz Allen office or customer facility, where employees will collaborate directly with colleagues and customers as required by the role.
Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.