Manager, FedRAMP

Position Responsibilities:

• Review and validate System Security Plans (SSPs), POA&Ms (Plan of Actions and Milestones), and associated artifacts.
• Prepare and deliver detailed assessment reports for Authorization to Operate (ATO) decisions.
• Collaborate with CSP teams to identify gaps in their security posture and recommend remediation strategies.
• Perform in-depth security assessments of cloud service providers (CSPs) against FedRAMP Moderate and High baseline requirements.
• Evaluate technical controls across cloud environments, including access control, encryption, and system monitoring.
• Validate the effectiveness of incident response plans, vulnerability scans, Continuous monitoring, and remediation activities.
• Perform a variety of responsibilities from start to finish during a project, including:
•  Interviewing cloud service providers (CSP) Subject Matter Experts for different fields of the organization, such as Human Resources, SecDevOps, SOC/NOC, and Internal Compliance
• Performing walkthroughs of various cloud infrastructure-as-a-service architectures (e.g., AWS, Azure, or OCI)
• Reviewing system security configurations as they pertain to NIST 800-53 security control baselines
• Analyzing vulnerability reports, validating encryption configurations, and much more! 

Qualifications:

• In-depth knowledge of FedRAMP & DoD DISA security control requirements and how they overlap with additional frameworks.
• Experience with the FedRAMP and RMF assessment and authorization processes, having completed at least 10 FedRAMP/DoD assessments.
• Experience understanding and applying relevant technical knowledge to FedRAMP & DoD DISA environments.
• A solid understanding of the FedRAMP Framework and DoD Impact levels IL4, IL5, and IL6.
• Previous work experience with a FedRAMP 3PAO.
• Working knowledge of cybersecurity consulting services, methodology, and relevant professional standards.
• Requisite knowledge of applicable technology and security domains.
• High level of attention to detail and quality of work product.
• Client service oriented.
• Excellent time management, organizational, and verbal and written communication skills.
• Ability to work on-site or remotely as a valuable contributor to a collaborative team.
• Capable of simultaneously managing assigned tasks for multiple projects.
• Proficient in using Microsoft Word, Excel, and PowerPoint, as well as Aprio’s service delivery applications.
• Education and Certifications:
• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field or equivalent professional experience in cybersecurity, cloud compliance, or a similar domain.
• Minimum 5+ years of relevant professional services experience in financial auditing, operational auditing, information systems auditing, internal auditing, information security management or consulting and/or risk consulting.

Preferrable Certifications

• Maintains one or more of the following FedRAMP-required R311 certifications
• Cisco Certified Network Associate Security (CCNA Security)
• Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
• Cybersecurity Analyst (CySA+)
• GIAC Certified Incident Handler (GCIH)
• GIAC Systems and Network Auditor (GSNA)
• GIAC Certified Intrusion Analyst (GCIA)
• Certified Information Systems Auditor (CISA)
• Certified Information System Security Professional or Associate (CISSP or Associate)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Information Systems Security Officer (CISSO)
• CyberSec First Responder (CFR)
• CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)
• CompTIA Cloud+ (Cloud+)
• Global Industrial Cyber Security Professional (GICSP)
• Securing Cisco® Networks with Threat Detection Analysis (SCYBER)