Overview:
The FedRAMP Advisory & Assessment Lead is responsible for working across internal stakeholders and product engineering teams to drive key aspects of continuous monitoring requirements, support customer on-boarding, and drive continuous improvements within the FedRAMP program.
Responsibilities include:
Lead rapid assessment teams to identify gaps, risks and remediations for information system
Identify FedRAMP Boundary components in customer deployments
Coordinate with internal stakeholder engineering teams to demonstrate the implementation of security compliance control implementations for technical, management, and operational requirements
Perform vulnerability and compliance scanning, analyze results, provide assessments and reviews.
Audit security control to ensure compliance with cloud requirements and governance models
Support the development of technical material, operational processes, security policies, and other core documents
Manage compliance metrics
Manage program for Plans of Action and Milestones (POA&Ms)
Manage onsite assessments and coordinate with external stakeholders
Skills and competencies Five or more years' experience in:
Experienced in writing Technical documentation and knowledge of Cloud and Security concepts
Experience on NIST SP 800 Series, FedRAMP and FISMA and NIST SP 800-171
Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA)
Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.
Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, FISMA A&A, and continuous monitoring, and POA&M management.
Understanding of Third-party Assessment Organizations (3PAO)
Experience with and knowledge of:
National Institute of Standards and Technology (NIST) standards
Strong governance, risk and compliance experience
Cloud Computing Security Requirements Guide (SRG)
Experience and familiarity with cloud data security (FISMA/FedRAMP compliance) and working with public cloud solutions (AWS, Google, and Azure)
Experience writing proposals and understanding basic contract language - Deep experience NIST SP 800 Series, FedRAMP, FISMA and NIST SP 800-171
ISO27001 - specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization's risk management
Control Objectives for Information and Related Technologies (COBIT)
General skills include:
Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities
Excellent English language, grammar, and spelling skills for writing, editing, and proofreading
Ability to work independently or as a member of a team on various tasks.
Skilled at organizing and translating information into clear written documentation; articulating complex concepts and processes in writing
Proven ability to effectively research subject matter
Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel
Strong experience with Microsoft product suite, particularly Microsoft Word, PowerPoint and SharePoint
Strong writing skills - must submit samples Industry-specific requirements
Knowledge, experience and subject matter expertise in the following:
FedRAMP (Federal Risk Authorization Management Program)
NIST SP 800-53 Rev 4
NIST SP 800-37
NIST SP 800-171
FISMA (Federal Information Systems Management Act)
NIST RMF (Risk Management Framework) Supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies
NIST FIPS 199, Data Classification
Privacy Impact Assessment (PIA)
DHS Continuous Monitoring Program Education
Bachelor's degree in a relevant field (e.g., English, Business Writing, Business Administration, etc.)
About the recuiterMember since Mar 14, 2020 Pankaj Taneja
from Odisha, India