Senior Consultant - FedRAMP Assessment

What You'll Do

• Provides advice to customers on issues affecting the scope of work in a manner that provides additional value 
• Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls 
• Leads audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews.    
• Maintains strong depth of knowledge in one or more cybersecurity frameworks. 
• Prepare, review and approve  assessment reports. 
• Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets. 
• Ensures quality products and services are delivered on time. 
• Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue  
• Provide mentorship to team members in areas of audit, assessment, technical review and writing.   
• Interfaces with clients through entire engagement, interacting with all levels of client organizations 
• Establish and maintain positive collaborative relationships with clients and stakeholders 
• Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area.  
• Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.  
• Establishes account relationships and identifies upsell and cross sell opportunities and escalates to sales. 
• Draft audit programs that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment 
• Leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements 
• Assess security vulnerabilities against the appropriate security frameworks 
• Pursues and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured  
• Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification  
• Educate and interpret compliance activities for clients 
• Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable  
• Remote work environment
• Travel 20%

What You'll Bring

• Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience
• Five to ten (5-10) years of experience as a consultant within professional IT services
• Deep experience with government compliance, including FISMA, FedRAMP, and DoD RMF
• Strong knowledge of NIST Special Publications 800-30, 800-37, 800-53
• Experience with every step within the delivery of Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that have obtained and maintained full authorization to operate (ATO)
• Experience with virtualization or cloud technologies
• Familiarity with statutes and regulations across multiple industries relevant to IT (e.g. SOX 404, HIPAA, FedRAMP, GLB, Patriot Act)
• Knowledge of information security related solutions, tools, and utilities
• Excellent verbal and written skills
• Willing to travel up to 20%
• Must have an active CISSP and one of the following certifications:


• Cisco Certified Network Associate Security (CCNA Security)
• Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
• Cybersecurity Analyst (CySA+)
• GIAC Certified Incident Handler (GCIH)
• GIAC Systems and Network Auditor (GSNA)
• GIAC Certified Intrusion Analyst (GCIA)
• Certified Information Systems Auditor (CISA)
• Certified Information System Security Professional or Associate (CISSP or Associate)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Information Systems Security Officer (CISSO)
• CyberSec First Responder (CFR)
• CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)
• CompTIA Cloud+ (Cloud+)
• Global Industrial Cyber Security Professional (GICSP)
• Securing Cisco® Networks with Threat Detection Analysis (SCYBER)
• BCR Cyber Technical Proficiency Testing Activity

Bonus Points

• Hold Cloud Security focused certifications (AWS, Azure, CCSK, etc.)