Senior Consultant, FedRAMP Assessment

📋 Description

• Offers guidance to clients regarding factors impacting the scope of work, adding extra value in the process.

• Develops documentation and formulates suggestions based on findings to enhance the customer's security posture in alignment with relevant controls.

• Leads audits and assessments, which includes preparing audit plans, reviewing documentation and evidence, evaluating procedures, and conducting client interviews.

• Maintains extensive knowledge in one or more cybersecurity frameworks.

• Prepares, reviews, and approves assessment reports.

• Manages priorities, tasks, and hours on projects alongside the project manager to meet delivery utilization targets.

• Ensures timely delivery of high-quality products and services.

• Promptly escalates client and project issues to management to engage the necessary resources for resolution.

• Provides mentorship to team members in areas such as auditing, assessment, technical review, and writing.

• Engages with clients throughout the entire engagement, interacting with personnel at all levels of client organizations.

• Establishes and nurtures positive collaborative relationships with clients and stakeholders.

• Continuously pursues professional development to maintain industry-specific certifications and a strong depth of knowledge in the practice area.

• Collaborates with project managers, quality management, sales, and other delivery team members to enhance customer satisfaction and meet project objectives.

• Develops account relationships, identifying upsell and cross-sell opportunities and escalating these to sales.

• Drafts audit programs that adequately address both the regulatory body's required objectives and the client's environmental complexities.

• Leads interviews and walkthroughs with clients to assess the conformity of environments against defined requirements.

• Evaluates security vulnerabilities in accordance with the appropriate security frameworks.

• Pursues and verifies conclusions drawn from inquiry procedures with clients while ensuring meticulous interview notes are documented.

• Conducts offline and remote evidence inspections of client-provided documentation, appropriately marking artifacts that require follow-up or clarification.

• Educates clients on compliance activities and interprets them effectively.

• Understands how to implement quality standards and adheres to minimum benchmarks for quality assurance throughout the documentation of each work product or deliverable.

⛳️ Requirements

• A bachelor's degree (four-year college or university) in IT or business, or an equivalent combination of education and work experience.

• Five to ten (5-10) years of experience as a consultant in professional IT services.

• Must possess one of the following certifications: CISSP, CISA, CISM, CCSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, CFR, CCISO, GCED, GCIH, GSLC.

• Extensive experience with government compliance, including FISMA, FedRAMP, and DoD RMF.

• Strong knowledge of NIST Special Publications 800-30, 800-37, and 800-53.

• Experience with all phases of delivering Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that have secured and maintained full authorization to operate (ATO).

• Familiarity with virtualization or cloud technologies.

• Knowledge of statutes and regulations across various industries pertinent to IT (e.g., SOX 404, HIPAA, FedRAMP, GLB, Patriot Act).

• Proficient understanding of information security-related solutions, tools, and utilities.

• Exceptional verbal and written communication skills.

• Willingness to travel up to 25% of the time.

🏝️ Benefits

• Paid parental leave.

• Flexible time off.

• Certification and training reimbursement.

• Digital mental health and well-being support membership.

• Comprehensive insurance options.