Senior Consultant – FedRAMP Assessment

This is a fully remote position, open to applicants in United States.

📋 Description

• Offers guidance to clients on matters influencing the scope of work in a way that enhances value.

• Creates documentation and provides recommendations based on findings to enhance the customer’s security posture in line with relevant controls.

• Oversees audits and assessments, including the preparation of audit plans, evaluation of documentation and evidence, procedure assessments, and client interviews.

• Maintains a robust knowledge base in one or more cybersecurity frameworks.

• Prepares, reviews, and approves assessment reports.

• Coordinates priorities, tasks, and hours on projects alongside the project manager to meet delivery utilization goals.

• Guarantees that high-quality products and services are delivered punctually.

• Timely escalates client and project issues to management to engage the necessary resources for resolution.

• Provides mentorship to team members in audit, assessment, technical review, and writing.

• Engages with clients throughout the entire engagement, interacting with all levels of client organizations.

• Fosters and maintains positive collaborative relationships with clients and stakeholders.

• Engages in continuous professional development to maintain industry-specific certifications and deepens knowledge in the practice area.

• Works collaboratively with project managers, quality management, sales, and other delivery team members to enhance customer satisfaction and fulfill project deliverables.

• Builds account relationships and identifies opportunities for upselling and cross-selling, escalating these to sales.

• Develops audit programs that adequately address both the regulatory objectives and the complexity of the client environment.

• Leads interviews and inquiry walkthroughs with clients to assess environmental conformity against stated requirements.

• Evaluates security vulnerabilities against appropriate security frameworks.

• Investigates and verifies conclusions drawn from inquiry procedures with clients while ensuring thorough interview notes are documented.

• Conducts offline and remote inspections of client-provided documentation, marking artifacts that require follow-up or further clarification appropriately.

• Educates clients on compliance activities and interprets them effectively.

• Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable.

• Operates in a remote work environment.

• Willingness to travel up to 20%.

⛳️ Requirements

• Bachelor's degree (four-year college or university) in IT or business, or an equivalent combination of education and experience.

• Five to ten (5-10) years of consulting experience within professional IT services.

• Extensive experience with government compliance, including FISMA, FedRAMP, and DoD RMF.

• Strong understanding of NIST Special Publications 800-30, 800-37, 800-53.

• Experience with all stages of delivering Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that have achieved and maintained full Authorization to Operate (ATO).

• Familiarity with virtualization or cloud technologies.

• Knowledge of statutes and regulations across various industries relevant to IT (e.g., SOX 404, HIPAA, FedRAMP, GLB, Patriot Act).

• Proficient in information security-related solutions, tools, and utilities.

• Exceptional verbal and written communication skills.

• Willingness to travel up to 20%.

• Must possess an active CISSP and one of the following certifications: Cisco Certified Network Associate Security (CCNA Security), Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops), Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), GIAC Systems and Network Auditor (GSNA), GIAC Certified Intrusion Analyst (GCIA), Certified Information Systems Auditor (CISA), Certified Information System Security Professional or Associate (CISSP or Associate), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Officer (CISSO), CyberSec First Responder (CFR), CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE), CompTIA Cloud+ (Cloud+), Global Industrial Cyber Security Professional (GICSP), Securing Cisco® Networks with Threat Detection Analysis (SCYBER), BCR Cyber Technical Proficiency Testing Activity.

🏝️ Benefits

• Competitive perks and benefits to support you and your family.

• Paid parental leave.

• Flexible time off.

• Certification and training reimbursement.

• Digital mental health and wellbeing support membership.

• Comprehensive insurance options.