Cyber Security Risk Assessment Lead

July 29, 2019
Washington, D.C., DC
Job Type


HarmonyTech is seeking a Cyber Security Risk Assessment Lead for security control assessments conducted in support of a Cybersecurity Risk Management Framework (CRMF) program at a large federal agency. This encompasses developing, managing and maintaining the assessment schedule, performing independent security control assessments (including interviews, examinations, and testing) and risk assessments for agency's information systems, providing remediation recommendations, and providing recommendations to the Department's Chief Information Security Officer (CISO).

The position is available in Washington, DC (no telework), requires public trust clearance, and US citizenship

  • Develop, manage, and maintain the Security Control Assessment (SCA) schedule.
  • Conduct Security Control Assessments (SCAs) in accordance with NIST guidelines and approved assessment SOP.
  • Translate vulnerability scan results into findings aligned to NIST security controls.
  • Develop, review and assess Security Assessment and Authorization (A&A) security documentation.
  • Conduct quality control reviews of all security reports and documentation prior to delivery to government client; track, report and take action to remediate any trends identified in quality control reviews.
  • Develop new and enhance existing processes, procedures, guidance, templates and reports for security assessment, continuous monitoring, and on-going authorization.
  • Assist customers with identifying, defining and implementing cybersecurity strategies, policies, and tactics, techniques and procedures.
  • Act within identified guidelines, standards, and policies.


The ideal candidate will have a solid understanding of information assurance practices and procedures, including the following skills:

  • 5-7 years of experience in the information security field.
  • One of the following certifications is a must: (ISC)2 Certified Information Systems Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) .
  • Experience documenting, implementing, and assessing cybersecurity controls using NIST SP 800-53 Revision 4 and FISMA requirements/guidance.
  • Capable of assessing and developing Security Assessment and Authorization (A&A) security documentation, as well as creating actionable Plan of Actions and Milestones (POA&Ms).
  • Proficiency conducting Security Control Assessments (SCAs) in accordance with NIST SP 800-53/53A Revision 4 guidelines.
  • Experience with translating vulnerability scan results into findings aligned to NIST SP 800-53 Revision 4 security controls.
  • Strong organizational and communication skills and ability to work in a multi-disciplinary team setting of subject matter experts, vendors, subcontractors, and clients.
  • Ability to write clear and concise memos and documentation.

Why you want to join us

  • You have a passion for solving our customers with complex business problems
  • Awesome learning and professional development opportunities
  • A culture built on teamwork and excellence


HarmonyTech offers a highly competitive salary and benefits package including:

  • Medical/Dental/Vision Insurance (company contributes 85% of the entire premium)
  • Short/Long Term Disability Coverage
  • Life and AD&D Insurance
  • 401(k) Retirement Plan with Company Match
  • Commuter Benefits (company contributes $100/mo for you to allocate between mass transit and parking expenses)
  • Tuition Reimbursement
  • Employee Referral Bonus
  • Paid Federal Holidays
  • Accrued Paid Time Off
  • Click the benefits package link above to check out the benefits we offer


HarmonyTech believes in a policy of equal employment and opportunity for all people based on merit. We are an Equal Opportunity Employer (EEO) and Drug-Free Workplace Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin or any other category protected by applicable federal, state or local laws.

The statements herein are intended to describe the general nature and level of work being performed by employees and are not to be construed as an exhaustive list of responsibilities, duties, and skills required of personnel. Additionally, they do not establish a contract for employment and are subject to change at the discretion of HarmonyTech.

Company Description

HarmonyTech is a leading-edge IT company that specializes in DevOps, Cloud Migration, Cyber Security, and Enterprise IT services. We have been delivering innovative information technology services and solutions to multiple federal agencies and commercial enterprises for several years. We are experienced in providing a broad range of IT services encompassing the full development lifecycle, with specialization in Microsoft solution stack, web and mobile application development, data analytics, Google Machine Learning, and Enterprise Search solutions.

HarmonyTech offerings are available on the GSA IT Schedule 70 under contract # GS-35F-546GA as well as SBA 8(a) program. Agencies can obtain information about HarmonyTech GSA IT Schedule 70 contract services by contacting the company directly at 703.639.4001 x101 or by visiting

Related Jobs