{"id":785,"date":"2025-12-10T14:23:28","date_gmt":"2025-12-10T14:23:28","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=785"},"modified":"2025-12-10T14:23:32","modified_gmt":"2025-12-10T14:23:32","slug":"cybersecurity-quality-assurance-analyst-independent-verification-and-validation-ivv","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/cybersecurity-quality-assurance-analyst-independent-verification-and-validation-ivv\/","title":{"rendered":"\u200bCybersecurity Quality Assurance Analyst \u2013 Independent Verification and Validation (IV&#038;V)"},"content":{"rendered":"\n<p>\u200bThis is a senior-level <strong>Cybersecurity Quality Assurance Analyst<\/strong> role focused on <strong>Independent Verification and Validation (IV&amp;V)<\/strong> activities. The analyst ensures that all cybersecurity assessment products and risk documentation meet stringent technical, security, and quality standards, validating compliance against multiple federal and industry frameworks before customer delivery.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Position Type:<\/strong> Senior Level (Implied by requirements).<\/li>\n\n\n\n<li>\u200b<strong>Experience Required:<\/strong> <strong>Seven or more years<\/strong> of relevant cybersecurity experience for senior level; <strong>five years in Information Security Governance, Risk, and Compliance (GRC)<\/strong>; and <strong>three years in third-party cyber risk management<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Focus:<\/strong> IV&amp;V, quality control of assessment documentation, validation against <strong>NIST\/ISO\/SOC standards<\/strong>, and third-party\/vendor risk assessment.<\/li>\n\n\n\n<li>\u200b<strong>Certifications (Mandatory):<\/strong> Must hold and provide proof of at least one of the following certifications: <strong>CISSP, CISA, CISM, CTPRP, or CTPRA<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bResponsibilities: Quality Control, Validation, and Documentation<\/h2>\n\n\n\n<p>\u200bThe analyst is the final checkpoint, ensuring assessment integrity, regulatory compliance, and process consistency across the assessment lifecycle.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Documentation Review:<\/strong> <strong>Review cybersecurity assessment documentation<\/strong> for accuracy, completeness, and compliance.<\/li>\n\n\n\n<li>\u200b<strong>Technical Validation:<\/strong> Conduct <strong>independent verification and validation (IV&amp;V)<\/strong> of technical findings and risk statements.<\/li>\n\n\n\n<li>\u200b<strong>Standards Assessment:<\/strong> Evaluate evidence against federal and industry standards, specifically validating compliance with <strong>ISO 27001, SOC 1 and SOC 2, and NIST standards<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Third-Party Risk:<\/strong> Assess <strong>vendor cybersecurity risk<\/strong> and review third-party risk documentation, demonstrating experience assessing and mitigating risks associated with vendor relationships.<\/li>\n\n\n\n<li>\u200b<strong>Quality Assurance:<\/strong> Identify deficiencies or deviations from required quality and security standards. Provide feedback and guidance to assessment teams to maintain quality consistency.<\/li>\n\n\n\n<li>\u200b<strong>Auditing &amp; Reporting:<\/strong> Maintain documentation, audit trails, and quality records. Support <strong>internal audit activities<\/strong> and prepare reports for management review.<\/li>\n\n\n\n<li>\u200b<strong>Process Improvement:<\/strong> Recommend enhancements to assessment processes and methodologies.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Experience and Technical Expertise<\/h2>\n\n\n\n<p>\u200bThe role requires a high degree of specialization in GRC, risk mitigation, and specific federal assessment frameworks.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Information Security GRC (5+ Years):<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u200bExpertise in writing technical and risk management reports.<\/li>\n\n\n\n<li>\u200bExperience assessing and mitigating risks associated with <strong>vendor relationships<\/strong> and vendor control evaluations.<\/li>\n\n\n\n<li>\u200bTechnical understanding of cybersecurity concepts and working knowledge of <strong>ISO 27001, SOC 1 and SOC 2, NIST SP 800-53, and NIST SP 800-171<\/strong>.<\/li>\n\n\n\n<li>\u200bExperience performing risk-based due diligence.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u200b<strong>Third Party Risk Management (3+ Years):<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u200bExperience evaluating third-party cyber risk.<\/li>\n\n\n\n<li>\u200bExperience developing and implementing sustainable <strong>third-party cyber risk processes<\/strong>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u200b<strong>Federal Experience:<\/strong> Experience conducting assessments using <strong>NIST SP 800-53<\/strong> within a federal agency.<\/li>\n\n\n\n<li>\u200b<strong>Foundational Skills:<\/strong> Understanding of the <strong>Systems Development Life Cycle (SDLC)<\/strong> and its application to secure systems. Effective technical writing and documentation capabilities.<\/li>\n\n\n\n<li>\u200b<strong>Education &amp; Certifications:<\/strong> Advanced degree preferred, with relevant experience\/certifications substituting. Mandatory certification from the list (CISSP, CISA, CISM, CTPRP, or CTPRA).<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis is a senior-level Cybersecurity Quality Assurance Analyst role focused on Independent Verification and Validation (IV&amp;V) activities. The analyst ensures that all cybersecurity assessment products and risk documentation meet stringent technical, security, and quality standards, validating compliance against multiple federal and industry frameworks before customer delivery. \u200bResponsibilities: Quality Control, Validation, and Documentation \u200bThe analyst is [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[43,1098],"jobpost_job_type":[39],"jobpost_location":[],"jobpost_tag":[3619,3614,1936,3616,3615,3617,3112,3620,3618,1760],"class_list":["post-785","jobpost","type-jobpost","status-publish","hentry","jobpost_category-it","jobpost_category-technical-services","jobpost_job_type-remote","jobpost_tag-cissp-cisa-cism","jobpost_tag-cybersecurity-qa-analyst","jobpost_tag-grc","jobpost_tag-iso-27001-soc-1-soc-2","jobpost_tag-ivv","jobpost_tag-nist-sp-800-53-171","jobpost_tag-senior-level","jobpost_tag-technical-writing-2","jobpost_tag-third-party-risk-management","jobpost_tag-vendor-risk"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=785"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=785"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=785"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=785"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}