Cybersecurity Assessor- Department of Education

Please note: This position description is for RFQ response. There is no active vacancy at this time.

About FedSync:

Since our inception, FedSync has stood for Accountability, Integrity, Teaming, Value, Innovation, and Quality-the core values that define who we are. Our vision is to collaborate with innovative, forward-thinking leaders to deliver solutions that look beyond today. Our mission is to provide the federal government with proven, innovative solutions that transform organizations by equipping them with the right tools and people to meet tomorrow's challenges. At FedSync, our people matter-both our employees and our clients.

Position Overview

The Cybersecurity Assessor evaluates enterprise systems, networks, and applications to identify vulnerabilities, assess risks, and ensure compliance with security policies and regulatory standards. This role serves as a bridge between Business Analysts and Cybersecurity Engineers, translating compliance requirements into actionable remediation tasks while maintaining organizational risk thresholds. Two (2) Cybersecurity Assessors are required for this engagement. Work will be a hybrid schedule withe 3 days in the office and 2 days of telework.

Key Responsibilities

• Conduct security and compliance assessments across internal systems and third-party vendors, supporting adherence to organizational and regulatory requirements.
• Evaluate the security practices of external service providers and manage vendor-related risks throughout the assessment lifecycle (TPRM).
• Perform daily RMF lifecycle control assessments, including evidence collection, walkthroughs, and testing of technical and administrative controls.
• Analyze assessment results, document findings, and support remediation efforts by tracking issues and helping teams prioritize corrective actions.
• Maintain and manage POA&M documentation, ensuring risk remains within tolerance and findings are remediated within defined SLAs.
• Work with business and technical stakeholders to clarify compliance requirements and support the resolution of identified risks.
• Use industry-standard GRC platforms and third-party risk tools to centralize documentation and streamline assessment workflows.
• Convert complex assessment findings into actionable insights using Power BI and Excel, maintaining dashboards that communicate enterprise security posture.
• Conduct Security Impact Analyses for new and existing system interconnections.

Minimum Qualifications

• 5+ years of experience in cybersecurity assessments, GRC, or compliance roles.
• Expertise in GRC methodologies, security control auditing, and third-party risk assessments.
• Proven ability to interpret federal compliance mandates (NIST SP 800-53, 800-37) and evaluate technical and administrative controls.
• Strong competency in conducting Security Impact Analyses and managing POA&M documentation.
• Experience with GRC platforms and third-party risk tools required.

Required Certifications (one or more)

• CISA, CRISC, CGEIT, CISSP
• CompTIA Security+, CCSK
• CAP / ISC2 CGRC

Technologies & Tools

• GRC Platforms: Archer / ServiceNow
• Third-Party Risk Tools: OneTrust / Prevalent
• MS Excel (Advanced), MS Power BI, MS Visio
• JIRA, Microsoft Office Suite

Acceptable background check including criminal history background check and credit Check.