Cybersecurity Assessment Lead

Tharros is seeking a Cybersecurity Assessment Lead for an upcoming program supporting a US Navy customer located at NAS Oceana. The Cybersecurity Assessment Lead serves as the senior assessor overseeing cybersecurity assessment activities supporting Risk Management Framework (RMF) authorization processes for customer networks and training systems.

This position leads independent security control validation activities, ensures RMF packages are complete and compliant, and provides cybersecurity risk analysis to the Government Security Control Assessor (SCA) and Authorizing Official (AO). The Assessment Lead provides technical direction and quality oversight for cybersecurity assessment personnel supporting RMF validation and continuous monitoring activities.

• Lead cybersecurity assessment teams supporting RMF authorization activities across all performance locations.
• Perform or oversee independent security control assessments for DoD information systems.
• Validate implementation of required NIST 800-53 security controls.
• Support Security Control Assessors (SCA) in evaluating residual cybersecurity risk.
• Provide technical leadership and quality oversight for cybersecurity assessors supporting RMF validation efforts.

• RMF Assessment Support
  
  • Lead RMF assessment activitiesin accordance withDoD and Department of the Navy cybersecurity requirements. Conduct or oversee independent verification and validation of implemented security controls, including initial authorization assessments and periodic reassessments. Analyze testing results and provide cybersecurity risk assessments to the Government SCA and Authorizing Official.
  
  

• RMF Package Development and Reporting
  
  • Oversee preparation and delivery of RMF artifacts including:
  • Security Assessment Plans (SAP)
  • Security Assessment Reports (SAR)
  • Risk Assessment Reports (RAR)
  • System Security Plans (SSP)
  • Continuous Monitoring Strategies
  • Plans of Action & Milestones (POA&M)
  • Ensure cybersecurity artifacts are properly documented and maintained within the Enterprise Mission Assurance Support Service (eMASS) system.
  
  

• AMinimum 10 years of cybersecurity experience, includingsignificant experiencesupporting Risk Management Framework (RMF) assessment and authorization activities for DoD or Navy systems.
• Active Top Secret DoD Clearance.
• Demonstrated experience leading cybersecurity assessments or validation teams supporting DoD RMF authorization processes.
• Experience supporting Security Control Assessors (SCA) or equivalent cybersecurity assessment authorities.
• Demonstrated experience performing or leading security control assessments, system authorization support, and cybersecurity risk evaluationsin accordance with:
  
  • NIST SP 800-37
  • NIST SP 800-53
  • DoD RMF
  • DoNRMF Process Guide
  
  
• Expert knowledge of DoD RMF and the DoN RMF Process Guide.
• Experience using eMASS for RMF package preparation and maintenance.
• Knowledge of CNSSI 1253 and ICD 503 cybersecurity requirements.
• Strong leadership and team management capabilities.
• Ability to provide cybersecurity risk analysis to senior Government stakeholders.
• Strong technical writing skills for cybersecurity assessment documentation.
• Familiarity with Navy network architecture and training system environments.