FISMA/FedRAMP Assessor
Marathon TS
- USA
- Permanent
- Full-time
- Lead assessments from initiation to project closure
- Monitor the progress of engagements and key project activity dates
- Drive working sessions with clients to ensure expectations and direction are aligned and timelines are being met
- Execute security assessments in accordance with NIST SP 800-53, 800-37, 800-171, and other authoritative IT security guidance
- Develop Security Authorization Packages and ensure completeness and compliance with FedRAMP requirements and other authoritative IT security guidance
EDUCATION
- Bachelor's degree in management information systems, information security, computer science, or relevant discipline; or combination of relevant education and work experience
- Master's degree is a plus
- Minimum 3 years of experience in information security, with strong NIST experience (in order of preference): NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP 800-171
- Demonstrated knowledge of NIST publications, such as: NIST SP 800-30 rev 1, 800-37 rev 1 or 2, 800-53 rev 4, 800-53A rev 4, 800-60 Vol 1 & 2 rev 1, and 800-171 rev 1
- Experience with government compliance, including FISMA, FedRAMP, RMF, and CSF
- Experience with commercial cloud environments; architectures, technologies, and services
- At least one advanced cybersecurity certification such as: CISSP, CISM, CISA, CCSP, CRISC, CAP, CASP, or other relevant security certifications, multiple are preferred
- At least one vendor-specific cloud-related technology certifications such as: AWS, MS Azure, Google Cloud, Cisco Cloud, VMWare, etc. is preferred
- PMP is a plus
- Ability to meet deadlines with a high degree of motivation working in a fast-paced environment
- Ability to lead multiple assessment engagements and train junior staff
- Excellent communication skills to include the ability to explain technical matters to a non-technical audience
- Broad IT background with technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle