Senior FedRAMP Cloud Consultant

This is a fully remote position, open to applicants in United States.

📋 Description

• Advises customers on matters impacting the scope of work, delivering added value.

• Develops documentation and authors recommendations based on findings to enhance the customer’s security posture in line with appropriate controls.

• Leads audits and assessments, including preparation of audit plans, reviewing documentation and evidence, evaluating procedures, and conducting client interviews.

• Maintains extensive knowledge of one or more cybersecurity frameworks.

• Prepares, reviews, and approves assessment reports.

• Manages project priorities, tasks, and hours in collaboration with the project manager to meet delivery utilization targets.

• Ensures timely delivery of quality products and services.

• Timely escalates client and project issues to management to engage necessary resources for resolution.

• Mentors team members in audit, assessment, technical reviews, and writing.

• Engages with clients throughout the entire engagement, interacting with all levels within client organizations.

• Establishes and nurtures positive collaborative relationships with clients and stakeholders.

• Commits to continuous professional development by maintaining industry-specific certifications and deepening knowledge in the practice area.

• Collaborates with project managers, quality management, sales, and other delivery team members to enhance customer satisfaction and meet project deliverables.

• Develops account relationships and identifies upsell and cross-sell opportunities, escalating to sales as necessary.

• Crafts audit programs that adequately address both regulatory objectives and the complexity of the client environment.

• Leads client interviews and walkthroughs to assess the conformity of environments against specified requirements.

• Evaluates security vulnerabilities against relevant security frameworks.

• Pursues and verifies conclusions drawn from inquiries with clients while ensuring meticulous interview notes are taken.

• Conducts offline and remote inspections of client-provided documentation, marking artifacts that require follow-up or clarification.

• Educates clients on compliance activities and interprets relevant requirements.

• Applies quality standards and adheres to minimum benchmarks for quality assurance throughout the documentation of each work product or deliverable.

• Willing to travel 20% of the time.

⛳️ Requirements

• Bachelor's degree (four-year college or university) in IT or business, or an equivalent combination of education and work experience.

• Five to ten (5-10) years of experience as a consultant in professional IT services.

• Must possess one of the following certifications: CISSP, CISA, CISM, CCSP, CFR, CCISO, GCED, GCIH, GSLC.

• Extensive experience with government compliance, including FISMA, FedRAMP, and DoD RMF.

• Strong understanding of NIST Special Publications 800-30, 800-37, 800-53, 800-171.

• Experience in all phases of delivering Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that have achieved and maintained full authorization to operate (ATO).

• Familiarity with virtualization or cloud technologies.

• Knowledge of statutes and regulations across various industries relevant to IT (e.g., SOX 404, HIPAA, FedRAMP, GLB, Patriot Act).

• Familiarity with the Canadian Centre for Cyber Security Protected B framework is an advantage.

• Knowledge of the DOD CMMC process is beneficial.

• Demonstrated knowledge of AWS, Azure, and GCP cloud offerings is essential.

• Understanding of information security-related solutions, tools, and utilities.

• Excellent verbal and written communication skills.

• Willingness to travel up to 20%.

🏝️ Benefits

• Paid parental leave.

• Flexible time off.

• Reimbursement for certification and training.

• Membership for digital mental health and wellbeing support.

• Comprehensive insurance options.