Senior FedRAMP Consultant

This is a fully remote position, open to applicants in United States.

📋 Description

• Provides guidance to clients on matters impacting the scope of work, delivering added value.

• Oversees audits and assessments, which include preparing audit plans, reviewing documentation and evidence, evaluating procedures, and conducting client interviews.

• Maintains extensive knowledge in one or more cybersecurity frameworks.

• Prepares, reviews, and approves assessment reports.

• Manages priorities, tasks, and hours for projects alongside the project manager to meet delivery utilization targets.

• Ensures that high-quality products and services are delivered punctually.

• Timely escalates client and project issues to management to engage the necessary resources for resolution.

• Offers mentorship to team members in areas such as auditing, assessment, technical review, and writing.

• Engages with clients throughout the entire engagement, interacting with all levels of client organizations.

• Establishes and nurtures positive collaborative relationships with clients and stakeholders.

• Pursues continuous professional development to maintain industry-specific certifications and strong expertise in the practice area.

• Collaborates with project managers, quality management, sales, and other delivery team members to enhance customer satisfaction and fulfill project deliverables.

• Develops account relationships and identifies upsell and cross-sell opportunities, escalating these to sales.

• Drafts audit programs that adequately address both the regulatory body’s required objectives and the complexity of the client environment.

• Leads interviews and inquiry walkthroughs with clients to assess compliance of environments against specified requirements.

• Evaluates security vulnerabilities in relation to the relevant security frameworks.

• Pursues and corroborates conclusions drawn from inquiry procedures with clients while ensuring detailed interview notes are recorded.

• Conducts offline and remote inspections of client-provided documentation, marking artifacts that require follow-up or additional clarification appropriately.

• Educates clients on compliance activities and interprets these as necessary.

• Understands how to apply quality standards and adheres to minimum benchmarks for quality assurance throughout the documentation of each work product or deliverable.

⛳️ Requirements

• Bachelor's degree (four-year college or university) in IT or business, or an equivalent combination of education and work experience.

• Five to ten (5-10) years of experience as a consultant within professional IT services.

• Must possess one of the following certifications: CISSP, CISA, CISM, CCSP, CFR, CCISO, GCED, GCIH, GSLC.

• Extensive experience with government compliance, including FISMA, FedRAMP, and DoD RMF.

• Strong understanding of NIST Special Publications 800-30, 800-37, 800-53, 800-171.

• Experience with all phases of delivering Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that have secured and maintained full authorization to operate (ATO).

• Familiarity with virtualization or cloud technologies.

• Understanding of statutes and regulations across various industries relevant to IT (e.g., SOX 404, HIPAA, FedRAMP, GLB, Patriot Act).

• Familiarity with the Canadian Centre for Cyber Security Protected B framework is advantageous.

• Familiarity with the DOD CMMC process is a plus.

• Demonstrated knowledge of AWS, Azure, and GCP cloud offerings is required.

• Knowledge of information security-related solutions, tools, and utilities.

• Excellent verbal and written communication skills.

• Willingness to travel up to 20%.

🏝️ Benefits

• Paid parental leave.

• Flexible time off.

• Certification and training reimbursement.

• Digital mental health and wellbeing support membership.

• Comprehensive insurance options.