Zero Trust Senior Auditor / Assessor

ZERO TRUST SENIOR AUDITOR (ASSESSOR)

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

Zermount Inc. is seeking a Zero Trust (ZT) Senior Auditor (Assessor) who will be responsible for the oversight, development, and execution of assessments of our client's enterprise and systems to determine the compliance with ZT principles. The ZT Senior Auditor (Assessor will collaborate with cross-functional teams to identify principles that have been implemented correctly and gaps in Zero Trust principles / security controls to meet compliance with ZT requirements in accordance with CISA Maturity Model, Executive Orders (EO's) (e.g., EO 14028), OMB Mandates (OMB M's) (e.g., OMB M 22-09, M 21-31, etc.) and other Federal Requirements, and Department policies.

Duties & Responsibilities:

The ZT Senior Auditor (Assessor) will provide the following support and services:

• Perform complex risk analyses which also include risk assessment to identify compliance with ZT, and security requirements based upon the analysis of people, processes, technologies, and requirements of all pillars in the CISA ZTA Maturity Model.
• Perform assessment and analysis of designs, architectures, configurations, and implementation of ZT principles and security capabilities.
• Provide recommendations, solutions, and capabilities to ensure the required ZT principles are implemented to meet the requirements of the ZT maturity model and requirements based on EO and OMB M.
• Review and analyze system, application, or network changes, upgrades and provide input and cybersecurity impacts. Conduct assessment of ZT architectural and configuration changes made by the O&M team(s).
• Conduct a ZT review and assessment of all existing cybersecurity and IT capabilities. Provide results and reports on:
• Criteria for Zero Trust readiness and assessment results
• Conduct analysis to identify gaps in existing capabilities to meet compliance and target ZT maturity model level.
• Assist with reviewing and interpreting Executive Orders (EOs), OMB memos, Public Law (PL), DHS directives such as Binding Operational Directives (BODs), DHS Undersecretary Memos, NIST SPs, and recommended best practices and provide recommendations and potential solutions to meet requirements.
• Provide guidance and insights necessary for meeting requirements established through the OMB M's or EO's.
• Assist and support for all internal and external ZT data calls, requests, audits, compliance, and updates - ensuring accurate information and statuses are obtained and provided.
• Conduct assessments to determine the implementation of ZT principles across all pillars (identity, device, network, application and workload, and data) to assist the client in meeting the requirements set forth by EO 14028 and OMB M 22-09.
• Develop and execute assessments of existing security architecture and recommend enhancements using ZT principles and requirements.
• Provide responses and solutions for ZT related questions, concerns, and issues, providing guidance and strategic recommendations to leadership and other stakeholders, to ensure compliance with ZT, EO and OMB requirements.
• Collaborate with security engineers, architects, and other IT professionals to design, implement, and maintain ZTA capabilities, and ensure continuous compliance with ZT target maturity model level.
• Conduct periodic reviews and audits to ensure the proper function of ZT principles/capability implementations and adherence to regulatory requirements.
• Provide responses to ZT violations, assisting in the investigation and mitigation of weaknesses.
• Create detailed reports, and briefings outlining the results of ZT assessments, including areas of strength, areas of improvement, and recommendations for moving forward.
• Stay current with the latest developments in ZT methodologies and related cybersecurity trends.

Qualifications:

• At least 5 years of experience in cybersecurity, information technology, or related field.
• Experience and Knowledge of ZT architecture, principles, methodologies, EO 14028, OMB M 22-09, Federal, DoD, and CISA Zero Trust Architecture, Maturity Model, Technical Reference Architectures, NIST, Cloud, and Risk Management Framework (RMF).
• Strong understanding of Zero Trust principles and how they can be applied to various types of information systems.
• Proficient in risk assessment methodologies and security architecture frameworks.
• Experience with cloud-based environments and technologies.
• Knowledge of common cybersecurity threats and how to counteract them using ZT principles.
• Excellent communication skills, with the ability to explain complex concepts in a clear, concise manner.
• Strong problem-solving skills, with a proactive attitude towards identifying potential issues and implementing solutions.
• Must be able to conduct system analysis to detect issues with performance.
• Well versed in developing and implementing IT solutions to resolve technical challenges.
• Ability to work independently and as part of a team.
• Ability to navigate complex and politically sensitive client environments with professionalism, patience, and tact.
• Demonstrated ability to effectively engage and manage relationships with highly political clients while maintaining a professional demeanor, exhibiting patience, and navigating sensitive situations with tact.

Zero Trust Specific Qualifications: Systems Maturity Model

Education:

• Minimum of a Bachelor of Science (or higher) in one of the following: computer engineering, computer science, IT, cyber security, or a related field.
  • Relevant years of experience may be used in substitution for situations where the candidate does not have a Bachelor's degree in the required field.

Certifications:

• A minimum of at least one of the following certifications is required: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certificate of Cloud Security Knowledge (CCSK), Certified Chief Information Security Officer (CCISO), or certification included in DoD 8570.1 IAT Level II or III categories.

Clearance level:

• Minimum of an active Secret Clearance.

Work Location:

• Remote.

Hours of Operation:

• Business Hours: 8:00 am EST - 4:30 pm EST.