Key Responsibilities
· Providing leadership within our FedRAMP team and aligning the FedRAMP team with our company vision, while leading service execution in support of client and RISCPoint goals.
· Interfacing with and providing regular updates to the FedRAMP Managers and assuming accountability for client deliverables.
· Advise RISCPoint clients regarding information security and broader compliance programs in support of industry leading standards such as FedRAMP, FISMA, NIST 800 Series, and CMMC.
· Work closely with client leadership teams as a subject matter expert to enhance their cyber security posture in all areas of Information Technology to meet their goals and objectives, as well as with regulatory compliance requirements.
· Conduct client workshops and walkthrough meetings to develop and implement cloud governance models across people, process, and technology controls to position client solutions for favorable external party evaluation.
· Advise and contribute to client’s risk and compliance needs to clearly articulate continuous monitoring plans and actions, consistent with relevant cybersecurity standards, including managing Plans of Action and Milestones (POA&Ms).
· Assess the risks and rewards to our clients based on potential cybersecurity decisions.
· Coordinate with partners at audit firms, managed service providers, regulators and other third parties to drive business outcomes for our clients.
· Manage and develop staff consultants while effectively managing a portfolio of engagements.
· Work with the Public Sector Leadership Team to define appropriate skills and staffing levels within the Public Sector practice while optimizing the mix of resources.
· Provide coaching, feedback, developmental opportunities, etc. to staff consultants.
Qualifications
· Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field or combination of relevant education and equivalent work experience.
Experience
· Minimum of 3 years of experience in security and privacy risk assessment, consulting, or related roles.
· Leading and managing projects and maintaining project timelines and delivery dates.
· Deep familiarity with, or experience as a 3PAO to obtain FedRAMP Ready or FedRAMP Authorized status for platforms, systems, and applications.
· Specialized knowledge in producing and/or validating FedRAMP documentation.
· Strong grasp of security frameworks with strong NIST experience (in order of preference): FedRAMP, RMF, NIST SP 800-53, FISMA, NIST SP 800-171
· Demonstrated knowledge of NIST publications, such as: NIST SP 800-30, 800-37, 800-53, 800-53A, 800-60 Vol 1 & 2, and 800-171
· Excellent communication skills, adept at conveying technical concepts to diverse audiences including client executives.
· Knowledge of new and emerging information technology (IT) and cybersecurity technologies along with strong understanding of security fundamentals, including the CIA triad.
· Familiarity with Authorization Boundary Diagrams (ABD’s).
· Technical experience with AWS and/or Azure a plus.
Certifications
· At least one advanced cybersecurity certification such as: CISSP (preferred), CISM, CISA, CCSP, or other relevant security certifications, multiple are preferred.
· Advanced vendor-specific cloud-related technology certifications, a plus, such as: AWS, Azure, Google Cloud, Cisco Cloud, VMWare, etc.
· PMP and/or Baltimore Cyber Range Certification a plus.
Skills
· Ability to autonomously deliver according to team expectations.
· Deadline-oriented, with an exceptional degree of self-motivation and ownership.
· Thrive in a dynamic and fast-paced environment.
· Excellent oral and written communication skills.
· Ability to work independently as well as collaboratively.
· Driven to succeed with an appetite to be challenged.
· Meticulously detailed.
Compensation & Benefits
· Generous Salary + Bonus
· Company Paid Health Insurance
· Company Paid Dental Insurance
· Company Paid Vision Insurance
· Company Paid Life Insurance
· 401k with 3% Company Contribution (Traditional & Roth Options)
· Generous Vacation Policy