Cyber QA (IV&V) Lead

Job Description

This role is contingent upon award.This role shall lead thetechnical Quality Assurance (QA) by performing special technical and analytical reviews and focusing on critical areas in support of the client RMF Program. In addition, the Leadshall perform QA across all contract activities and tasks, including project, program plans, and schedules to ensure quality, error-free products are delivered. Key responsibilities include:

• Lead and conduct QA reviews of security assessment deliverables by
  • Examiningassessment deliverables for inconsistencies, inaccuracies, incompleteness, generic findings and recommendation statements, incongruent risk analysis, and business context
  • Ensuringtesting procedures were followed properly and that assessment results documentation has recorded observations and evidence, and traceability from the requirement to the finding
  • Ensuringassessment deliverables contain system-specific risk analysis results for each finding identified during each assessment
• Check authorization briefing decks, memos, and security assessment reports for quality, consistency, accuracy, and for errors prior to submissions to client staff
• Develop 15 client-approved QA checklists to conduct reviews the first year and 4 additional per year thereafter
• Submit completed checklists per SLAs defined in the Quality Management and Assurance Plan (QMAP)

Qualifications

Required Qualifications:

• Three (3) years of managing technical security QA team/SA&A Package Independent Validation & Verification (IV&V) is required
• Six (6) years of experience developing RMF documentation is required
• Six (6) years of experience conducting security and privacy control assessments is required
• Eight (8) years of Information Security experience is required
• Two (2) years of experience with eGRC tools is required
• Experience with ServiceNow GRC tool suite, including CAM, is preferred
• Certified in Certified Information Systems Security Professional (CISSP), Certified Risk and Information Systems Control (CRISC), or Certified Information Security Auditor (CISA) is required

Preferred Qualifications:

• Innovate and demonstrate the passion and initiative required to enable growth and progress
• Bring creative approaches to help us drive value for clients
• Ability to influence decisions with senior leadership and business partners when confronted with differing opinions on information security risks
• Demonstrate clear and concise written and verbal communication
• Proven influencing and relationship management skills
• Strong work ethic, ability to work under pressure, meet challenging deadlines
• Proven analytical skills
• Proficiency with Microsoft Office, advanced Excel skills (e.g. Macros, Pivot, complex formulas), and data visualization/analytics business applications such as Power BI
• Familiarity with technologies like Wintel, Unix/Linux, Middleware, Database, Network, Storage
• Knowledge of infrastructure technology software (e.g. Qualys, Skybox, ServiceNow)

Additional Information

• All offers are contingent upon proof of full vaccination against COVID-19 or successful accommodation for an exemption.
• All your information will be kept confidential according to EEO guidelines.
• MindPoint is committed to maintaining a diverse environment. All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.