Security Control Assessor Representative (SCAR) (15.28)

Security Control Assessor Representative (SCAR)

OCT Consulting is a business management and technology consulting firm that provides support to Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.

Responsibilities and Duties

OCT currently has an opening for a Security Control Assessor Representative (SCAR) to work with our federal client. This hybrid role may require some onsite presence as the client desires for meetings and system support.

This position is contingent upon contract award.

Day to day responsibilities include:

● Serve as an independent assessor responsible for evaluating the effectiveness of implemented security controls across USAFA information systems in accordance with NIST SP 800-53A Rev. 5 and DoD RMF standards.

● Develop and maintain Security Assessment Plans (SAPs) for each assigned system, including assessment scope, testing schedule, security tools, control evaluation methods, and designated assessor personnel.

● Draft and coordinate Rules of Engagement (ROE) documents for penetration testing and vulnerability scanning activities to ensure alignment with mission requirements and operational constraints.

● Conduct or oversee security control assessments for management, operational, and technical controls, leveraging interviews, evidence review, technical validation, and security testing.

● Document assessment results and risk impacts in the Security Assessment Report (SAR), providing a clear summary of control effectiveness, risk posture, and any residual vulnerabilities.

● Support SAR preparation activities including:

o Vulnerability assessments and validation

o Security categorization reviews

o System Security Plan (SSP) analysis

Security Control Assessor Representative (SCAR)

o Risk issue resolution and remediation status reporting

o Preparation of SAR briefings, findings presentations, and meeting support

materials

● Provide independent contributions to the Authorization to Operate (ATO) process by delivering the SAR, risk determinations, and supporting documentation for inclusion in the final ATO package.

● Generate draft Plan of Action and Milestones (POA&M) entries based on control deficiencies and observations documented during assessments, excluding any actions already remediated by the implementation team.

● Prepare a Residual Risk Statement with a recommendation for risk acceptance or mitigation, which feeds into the Authorizing Official’s risk decision process and the Risk Acceptance Recommendation Report.

● Determine and document the risk impact of unmitigated vulnerabilities on organizational operations, mission capabilities, and other dependent systems or stakeholders.

● Contribute to the assembly of the overall security authorization package, ensuring completeness and readiness for AO review.

● Participate in and support continuous monitoring efforts, including annual control re-assessment activities, targeted testing of inherited or system-specific controls, and the documentation of monitoring results in accordance with NIST SP 800-137.

● Maintain strict independence from the ISSM, ISSO, and ISSE functions to preserve objectivity, while collaborating professionally with system owners and stakeholders to clarify findings and recommended remediation paths.

Qualifications/Requirements

● Must be a U.S. Citizen

● Required Certifications: CISA / GSNA / CySA+ or CISSP

● Bachelor of Science degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an Accreditation Board for Engineering and Technology (ABET) accredited or Certified Association Executive (CAE) designated institution preferred.

● At least ten years of relevant experience acting as a Security Control Assessor Representative (SCAR) preferably in the United States Air Force or DoD space.

● Must have knowledge of NIST SP 800-53A Rev. 5, SP 800-37, SP 800-137, FIPS 199, FIPS 200, risk analysis and documentation, ATO package structure

● Must have Active Tier 3 (or higher) security clearance.

● Proximity to USAF Academy, CO 80840 a plus

Benefits

OCT offers competitive compensation packages and a full suite of benefits which includes:

● Medical, Dental, and Vision insurance

● Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions of the employee’s gross salary

● Paid Time Off and Standard Government Holidays

● Life Insurance, Short- and Long-Term disability benefits

● Training Benefits

Salary Range:  $50,000- 250,000 yearly commensurate with experience, education, etc.

About OCT Consulting

OCT Consulting LLC is a minority-owned, Small ​Disadvantaged Business (SDB) providing professional services and information technology solutions to the Federal government and commercial clients. Founded in 2013, we bring the advantage of agility in operations along with a management team with a track record of leading successful engagements at major Federal

government agencies.

At OCT, we are committed to ensuring equal opportunity for all individuals, recognizing that merit and qualifications are the foundation of our hiring, promotion, and development practices. We believe in creating a work environment where employees can thrive based on their abilities, skills, and achievements. Our practices ensure fair treatment and equal access to opportunities for all, regardless of race, ethnicity, gender, sexual orientation, age, abilities, or other personal characteristics. We are dedicated to providing career growth and professional development based on individual merit and fostering a workplace where everyone’s contributions are valued and recognized.