Job description

What You'll Do - Provides advice to customers on issues affecting the scope of work in a manner that provides additional value - Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls - Leads audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews. - Maintains strong depth of knowledge in one or more cybersecurity frameworks. - Prepare, review and approve assessment reports. - Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets. - Ensures quality products and services are delivered on time. - Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue - Provide mentorship to team members in areas of audit, assessment, technical review and writing. - Interfaces with clients through entire engagement, interacting with all levels of client organizations - Establish and maintain positive collaborative relationships with clients and stakeholders - Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area. - Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables. - Establishes account relationships and identifies upsell and cross sell opportunities and escalates to sales. - Draft audit programs that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment - Leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements - Assess security vulnerabilities against the appropriate security frameworks - Pursues and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured - Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification - Educate and interpret compliance activities for clients - Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable - Remote work environment - Travel 20% What You'll Bring - Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience - Five to ten (5-10) years of experience as a consultant within professional IT services - Must hold one of the following certifications: CISSP, CISA, CISM, CCSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, CFR, CCISO, GCED, GCIH, GSLC - Deep experience with government compliance, including FISMA, FedRAMP, and DoD RMF - Strong knowledge of NIST Special Publications 800-30, 800-37, 800-53 - Experience with every step within the delivery of Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that have obtained and maintained full authorization to operate (ATO) - Experience with virtualization or cloud technologies - Familiarity with statutes and regulations across multiple industries relevant to IT (e.g. SOX 404, HIPAA, FedRAMP, GLB, Patriot Act) - Knowledge of information security related solutions, tools, and utilities - Excellent verbal and written skills - Willing to travel up to 25% Bonus Points - Hold Cloud Security focused certifications (AWS, Azure, CCSK, etc.)

Requirements