• Conduct advisory projects including workshops, gap analyses, system security plan development, policies and procedures development, risk assessments, and other consulting services as required.
• Prepare compliance documentation and/or reporting.
• Collect and interpret information provided by clients, map to appropriate requirements and collaborate with project leads to determine overall level of compliance.
• Manage priorities and tasks to achieve delivery utilization targets.
• Ensure quality products and services are delivered on time.
• Ensure continuous professional development by maintaining industry specific certifications.
• Maintain strong depth of knowledge in the practice area.
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish and maintain positive collaborative relationships with clients and stakeholders
• Interpret and provide guidance on all technical and non-technical FedRAMP security controls.
• Provide IT system security consultation within cloud-based and on-premises environments in accordance with NIST SP 800-53, 800-37, OMB, ISO, HITRUST, HIPAA, PCI, or other authoritative IT security guidance.
• Assist with the development of System Security Plans, Associated Plans, Information System Security Policies, Rules of Behavior, Privacy Impact Analyses, and FIPS 199 categorization in accordance with NIST requirements
• Assist with the development of ISO, HITRUST, HIPAA, or PCI related documentation and prepare customers for associated assessments.
• Assist with the identification of information security problems and challenges and research and develop technical solutions to rectify them
• Interpret and provide guidance on all technical and non-technical FedRAMP security controls.

• 3+ years of experience as a consultant within professional IT services
• 2+ years of experience working with one or more of the following: National Institute of Standards and Technology (NIST) frameworks (800 series), FISMA, FedRAMP, DoD RMF
• Working knowledge of virtualization or cloud technologies
• Working knowledge of client-server and traditional on-premises architecture
• Familiarity with statutes and regulations across multiple industries relevant to IT (e.g. SOX 404, HIPAA, FedRAMP, GLB, Patriot Act)
• Knowledge of information security related solutions, tools, and utilities
• Bachelor's degree in (four-year college or university) in IT or business, or equivalent combination of
• education and work experience

• Security+
• Certified Information Systems Auditor (CISA)
• Certificate of Cloud Security Knowledge (CCSK)
• ISO 9001:2015 Lead Auditor
• Certified Information Systems Security Professional (CISSP)
• Certified Information Privacy Professional (CIPP/US)
• CAP
• CISM
• CCSP
• CRISC
• CCISO
• AWS/GCP/Azure specific certifications

PI239748816