• Engineer and implement security controls to support system ATO and ongoing authorization • Lead and support Risk Management Framework (RMF) activities from system categorization through authorization and continuous monitoring • Develop, review, and maintain ATO documentation including SSPs, SAPs, SARs, POA&Ms, and supporting artifacts • Map and implement security controls in accordance with NIST SP 800-53, DoDI 8510.01, and DoD cybersecurity policies • Support security control assessments and coordinate with Authorizing Officials (AOs) and assessors • Perform security engineering analysis to ensure system designs meet confidentiality, integrity, and availability (CIA) requirements • Conduct vulnerability assessments and support remediation efforts to reduce risk prior to and after ATO • Analyze system changes and assess security impact to maintain ATO posture • Support continuous monitoring activities, including vulnerability scanning, STIG compliance, and annual assessments • Utilize eMASS to manage RMF artifacts, control status, and ATO packages • Provide guidance on secure system configurations, hardening, and best practices • Support audits, inspections, and compliance reviews

• Control Risks is looking to bring on a consultant as a part of an embedded project with a top tier client of ours in the tech industry. • This role will conduct onsite operational security assessments of the client’s data center facilities within North America. • The Consultant will travel to the client’s facilities to conduct detailed interviews with facility stakeholders and perform a physical site assessment to ensure compliance with existing security standards and requirements. • Utilize the client’s existing standards to assess compliance with physical, technical, and operational security requirements • Conduct interviews with a wide array of security stakeholders to determine the operational security practices in place at each facility • Ensure findings are collected and presented in a clear and consistent manner to facilitate reliable analysis across a high volume of sites • Provide clear and consistent recommendations regarding security policies and practices • Maintain technical proficiency in the security industry, sharing knowledge throughout the firm and enhancing the department's current document templates and methodology • Continuously enhance client relationships through consistent delivery of high-quality reports and professional presentation

• Conducting vulnerability assessments of the assigned security infrastructure • Provide mitigation recommendations/ security architecture reviews to Government decision makers • Research/ Development/ Testing/ Implementation and Documentation changes to software • Work with networking to close out open vulnerabilities • Ensure all DISA STIGS are applied to networks, network devices and information systems where applicable

• Lead the design, development, delivery, and quality assurance of the organization’s global safety and security training framework • Establish consistent, high-quality internal training for Relief International staff and partners operating in complex and high-risk contexts • Deliver training directly and build internal capacity across all countries of operation • Ensure an inclusive approach for safety and security training across the organization • Deploy in support of country teams/incident management in a responder capacity • Develop a global organizational training strategy for safety and security training based on industry and sector best practice • Develop modular training that can be adapted on a need basis • Create training for both online/e-learning and in-person • Align training with recognized training bodies and standards for quality assurance