FedRAMP Senior Consultant

FedRAMP Senior Consultant

ABOUT THE COMPANY 

Are you looking to elevate your career? Do you want opportunity for growth and leadership? Do you have an entrepreneurial mindset? RISCPoint is a partner-owned, rapidly growing business leading cybersecurity and compliance consultancy firm. We are a tight knit team of experienced professionals that focus on integrating seamlessly with our clients to harmonize their security and compliance obligations with their business success. We are looking for talented professionals, passionate about the industry to join our team. 

We value continuous improvement, personal growth, learning and mentoring. We believe that when we are at our best, we provide the most value to our clients and our teammates respectively. 

KEY RESPONSIBILITIES 

As our Public Sector Practice continues to grow, RISCPoint is looking for senior consultants to maintain our ability to provide quality deliverables and expert advice to our clients. The Senior Consultant will report directly to Public Sector Managers and is a trusted member of the RISCPoint Public Sector Team. You will be responsible for leading projects and staff consultants, coordinating with other consultants and project teams across service lines and delivering best-in-class consulting services to clients.  

Responsibilities include: 

• Providing leadership within our Public Sector team and aligning the Public Sector team with our company vision, while leading service execution in support of client and RISCPoint goals. 
• Interfacing with and providing regular updates to the Public Sector Managers and assuming accountability for client deliverables.  
• Advise RISCPoint clients regarding information security and broader compliance programs in support of industry leading standards such as FedRAMP, FISMA, NIST 800 Series, and CMMC. 
• Work closely with client IT leadership teams as a subject matter expert to enhance their cyber security posture in all areas of Information Technology to meet their goals and objectives, as well as with regulatory compliance requirements. 
• Conduct client workshops and walkthrough meetings to develop and implement cloud governance models across people, process, and technology controls to position client solutions for favorable external party evaluation. 
• Advise and contribute to client’s risk and compliance needs to clearly articulate continuous monitoring plans and actions, consistent with relevant cybersecurity standards, including managing Plans of Action and Milestones (POA&Ms).  
• Assess the risks and rewards to our clients based on potential cybersecurity decisions. 
• Coordinate with partners at audit firms, managed service providers, regulators and other third parties to drive business outcomes for our clients.  
• Manage and develop staff consultants while effectively managing a portfolio of engagements.  
• Work with the Public Sector Leadership Team to define appropriate skills and staffing levels within the Public Sector practice while optimizing the mix of resources.  
• Provide coaching, feedback, developmental opportunities, etc. to staff consultants. 

QUALIFICATIONS 

Education 

• Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field or combination of relevant education and equivalent work experience.  

Experience 

• Minimum of 3 years of experience in security and privacy risk assessment, consulting, or related roles. 
• Leading and managing projects and maintaining project timelines and delivery dates. 
• Deep familiarity with, or experience as a 3PAO to obtain FedRAMP Ready or FedRAMP Authorized status for platforms, systems, and applications. 
• Specialized knowledge in producing and/or validating FedRAMP documentation. 
• Strong grasp of security frameworks with strong NIST experience (in order of preference): FedRAMP, RMF, NIST SP 800-53, FISMA, NIST SP 800-171 
• Demonstrated knowledge of NIST publications, such as: NIST SP 800-30, 800-37, 800-53, 800-53A, 800-60 Vol 1 & 2, and 800-171 
• Excellent communication skills, adept at conveying technical concepts to diverse audiences including client executives. 
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies along with strong understanding of security fundamentals, including the CIA triad. 
• Familiarity with Authorization Boundary Diagrams (ABD’s). 
• Technical experience with AWS and/or Azure a plus. 

Certifications 

• At least one advanced cybersecurity certification such as: CISSP (preferred), CISM, CISA, CCSP, or other relevant security certifications, multiple are preferred. 
• Advanced vendor-specific cloud-related technology certifications, a plus, such as: AWS, Azure, Google Cloud, Cisco Cloud, VMWare, etc. 
• PMP and/or Baltimore Cyber Range Certification a plus. 

SKILLS 

• Ability to autonomously deliver according to team expectations. 
• Deadline-oriented, with an exceptional degree of self-motivation and ownership. 
• Thrive in a dynamic and fast-paced environment. 
• Excellent oral and written communication skills. 
• Ability to work independently as well as collaboratively. 
• Driven to succeed with an appetite to be challenged. 
• Meticulously detailed. 

COMPENSATION & BENEFITS 

• Generous Salary + Bonus 
• Company Paid Health Insurance 
• Company Paid Dental Insurance 
• Company Paid Vision Insurance 
• Company Paid Life Insurance 
• 401k with 3% Company Contribution (Traditional & Roth Options) 
• Flexible Vacation Policy 
• Annual Company Retreat 

• Note: This position is 100% remote.