Cybersecurity Quality Assurance Analyst Independent Verification and Validation (IV&V)
Share
Job Location:
Monthly Salary:
Experience Required:
Posted on:
2 days ago
Vacancies:
1 Vacancy
Job Summary
This is a remote position.
1. POSITION TITLE
Cybersecurity Quality Assurance Analyst
Independent Verification and Validation (IV&V)
2. SUMMARY
The Cybersecurity Quality Assurance Analyst supports independent verification and validation activities and ensures that all cybersecurity assessment products meet technical security and quality standards before delivery. The analyst reviews evidence validates compliance with federal frameworks and confirms the accuracy and consistency of risk documentation. The goal is to ensure high quality defensible assessment outputs that meet customer and regulatory requirements.
3. RESPONSIBILITIES
Review cybersecurity assessment documentation for accuracy completeness and compliance
Conduct independent verification and validation of technical findings and risk statements
Evaluate evidence against federal and industry standards
Assess vendor cybersecurity risk and review third party risk documentation
Validate compliance with ISO SOC and NIST standards
Identify deficiencies or deviations from required quality and security standards
Provide feedback and guidance to assessment teams to maintain quality consistency
Maintain documentation audit trails and quality records
Support internal audit activities and process improvement initiatives
Prepare reports for management review and quality control oversight
Recommend enhancements to assessment processes and methodologies
Requirements
6. MINIMUM EXPERIENCE AND SKILLS
Senior level positions require seven or more years of relevant cybersecurity experience
Advanced degree in a cybersecurity or technical field preferred with experience or directly relevant certifications substituting for academic credentials
At least five years of experience in Information Security Governance Risk and Compliance demonstrating:
Expertise in writing technical and risk management reports
Strong analytical problem solving and organizational skills
Experience assessing and mitigating risks associated with vendor relationships and vendor control evaluations
Experience performing risk-based due diligence
Technical understanding of cybersecurity concepts and working knowledge of ISO 27001 SOC 1 and SOC 2 NIST SP 800-53 and NIST SP 800-171
At least three years of experience in third party cybersecurity risk management demonstrating:
Experience evaluating third party cyber risk
Experience developing and implementing sustainable third party cyber risk processes
Experience conducting assessments using NIST SP 800-53 within a federal agency
Strong verbal and written communication skills
Effective technical writing and documentation capabilities
Experience in cybersecurity control assessment environments
Ability to document cyber assessments and communicate results clearly
Understanding of the Systems Development Life Cycle and its application to secure systems
7. MINIMUM EDUCATION
Advanced degree preferred
Experience and certifications may be substituted for formal education on a case by case basis
8. CERTIFICATIONS
Candidate must hold and provide proof of at least one of the following certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Third Party Risk Professional (CTPRP)
Certified Third Party Risk Assessor (CTPRA)
Required Skills:
5 years experience in federal government IT consulting Comfortable working with senior executive leadership and managing stakeholder engagement for high-visibility projects Strong knowledge of the SDLC both Agile and Waterfall and NISTs Risk Management Framework Active Secret Clearance (or ability to obtain Secret Clearance) U.S. Citizenship required (NO EXCEPTIONS)
Company Industry
IT Services and IT Consulting
Key Skills
- Account Management
- Apache Web Server
- Jpa
- ABAP
- Community Support
- Islamic Banking
