Senior Cloud Security FedRamp Specialist

START DATE: ASAP END DATE: 12/31/2024

NOTE: Possibility to extend services through June 2025

Remote with organization s discretion to request occasional onsite at FRB locations in Washington DC.

Please US Citizen required others wont be responded to.

RAPID (Rapid Agile Product Innovation & Development) Security and Privacy Workstream is seeking an experienced individual to provide services in support of the continuous monitoring of FedRAMP authorized cloud solutions. We are looking for an experienced information security specialist to work directly with crossdivision subject matter experts (SMEs) and provide insight advice support and recommendations to ensure the success of the continuous monitoring process with a targeted focus in FedRAMP FISMA Privacy Act and OMB requirements. The selected individual shall have experience successfully reviewing FedRAMP continuous monitoring packages and advising on secure cloud control implementation. The successful candidate shall be adept at working collaboratively in a consensusbased environment while serving as an individual contributor who develops information security related work products.

Your resume must demonstrate the below knowledge and experience:

• Bachelor s degree or higher in information security or a related field or equivalent experience
  
• At least one advanced cybersecurity certification such as: CISSP CCSP CRISC or other relevant security certifications; multiple are preferred
  
• At least seven (7) years of information security experience including cloud security and continuous monitoring activities
  
• Extensive NIST experience: NIST SP 80030 rev 1 80037 rev 1 or 2 80053 rev 5 80060 Vol 1 rev 1 & 2 rev 1 and 800171 rev 3
  
• Experience with implementing systems in a FedRAMP FISMA and SOX compliant environment
  
• Proven ability to forge consensus and work collaboratively without positional authority to influence stakeholder groups in different hierarchical structures
  
• Demonstrate strong project execution and project management capabilities
  
• Experience with FedRAMP reporting requirements including but not limited to risk assessments Plan of Action and Milestones (POA&M) and remediation plans
  

Preferred Knowledge and Experience:

• Experience with government compliance including OMB requirements FISMA FedRAMP RMF and CSF
  
• Experience with cloud environments architectures technologies and services FedRAMP experience and certification
  
• Advanced knowledge and experience with project management methodology information security compliance and implementation of security architectures and related standards
  
• Knowledge of the laws and regulations governing information security and compliance Excellent communication skills (verbal and written) and able to adjust to changing priorities and customer needs
  
• Strong interpersonal and organizational agility skills.
  
• Must be able to deal effectively with all levels of management and staff
  
• Detailoriented and committed to excellent customer service
  

You shall deliver but not limited to the following:

• Review current continuous monitoring program and provide recommendations for improvement
  
• Conduct monthly FedRAMP continuous monitoring package analysis this includes reviewing deviation requests and POA&Ms as well as documenting a summary for the client.
  
• Advises clients on FISMA/FedRAMP compliance activities while staying current with the legislation and National Institute of Standards and Technology (NIST) and Office of Management and Budget (OMB) requirements.
  
• Ensure organizational structure recommendations integrate cohesively into the overall DFM and Board strategic direction and are in alignment with other high priority work across the division.
  
• Identify and help plan for longterm financial considerations due to cloud migration and business transformation.
  
• Review and advise on post implementation decommissioning scheme for legacy applications as well as migration and maintenance of historic data.
  
• Review additional process and procedures and make recommendations for improvement to the client
  
• Provide adhoc support services.