Director, FedRAMP Assessment Services

S

SecureIT

Director, FedRAMP Assessment Services

Reston, VA
Full Time
Paid
  • Responsibilities

    SecureIT is seeking a dynamic leader for our FedRAMP 3PAO Service Line who will work closely with our clients to ensure they meet the latest FedRAMP cloud security requirements. You will have the opportunity to work alongside industry experts, tackling complex challenges to educate, guide and protect our clients. As a candidate for this role, you’re able to seamlessly switch from executive-level risk conversations to diving deep into controls and technology. You are naturally curious and stay on top of emerging cybersecurity trends and threats. You are not afraid to question any existing processes and solutions, yet you display a keen sense of business value proposition and focus on the right priorities. You are a clear thinker, thrive in working across teams, and an expert in dealing with ambiguity. You believe that a core component of security’s role is to enable the business, not just to secure it. You thrive in working in a variety of technical environments, enjoy opportunities for client engagement, and have a bias for action to bring added value to our clients.

    What you’ll do…

    Delivery & Execution

         Lead teams and projects to:

    • Validate the appropriateness of the system boundary in accordance with FedRAMP guidance
    • Execute test procedures against in-scope cloud components in accordance with FedRAMP, FISMA, and NIST 800-53A R4/R5 requirements for the more complex technical and operational controls

    • Lead interviews with key technical personnel, determining technical and process evidence required to test controls, and analyzing that evidence

    • Ensure that required controls are effectively implemented and operating as intended and that sufficient testing has been performed to support our assessment

    • Develop Security Assessment Plans (SAP) and Security Assessment Reports (SAR)

    • Oversee and mentor staff assigned to relevant assessment projects

    • Provide guidance to staff on how to apply FedRAMP controls in specific situations and the associated testing techniques

    • Perform QA of assessment work throughout the project lifecycle

    Portfolio & Project Management

    • Manage all aspects of a project lifecycle and associated reporting, ensuring projects are completed on time and within budget and have the appropriate talent mix
    • Ensure an appropriate balance between quality and efficiency so that we can successfully deliver each assessment project while improving the bottom line
    • Provide updates on projects/portfolio progress and financials, and continuously look for opportunities to enhance reporting and processes, and incorporate lessons learned to improve our effectiveness, quality, and efficiency

    • Develop portfolio and staff utilization forecasts to project pipeline and resource needs

    • Collaborate internally and with industry to tech-enable how we deliver services to provide/enhance both quality and efficiencies


    Client Relationship Management

    • Serve as SecureIT’s primary POC and relationship manager for FedRAMP clients

    • Build and maintain strong client relationships, understand their business needs, and deliver exceptional client service


    People Leadership

    • Provide effective coaching and mentoring of staff and opportunities for growth and development
    • Work effectively across service lines to cross-matrix staff to provide diversity of experience and improve staff utilization

    Business Development/Growth

    • Assist/lead proposal development for FedRAMP assessments and organically grow work with existing clients to bring in recurring revenue

    • Effectively scope levels of effort for new projects

    • Contribute to marketing efforts

    Maintain SecureIT’s A2LA Certification as a 3PAO


    About You

    • You are a self-starter with a passion for cybersecurity
    • You have strong consulting, problem-solving, and analytical skills
    • You can foster collaborative, open, working relationships with clients, other SecureIT Service Lines, and various stakeholders
    • You have demonstrated strong and clear communication skills (Including translating technical information based on specific audiences) and the ability to interact effectively at all levels of an organization

    • You can effectively influence senior management, executives, and decision-makers

    • You have excellent organizational and time management skills along with an ability to adapt to changing requirements

    • You can easily transition between leading and managing projects to providing hands-on assessment support, depending on project needs

    • You can work independently and lead multiple complex FedRAMP or other cybersecurity assessments

    • You are a creative thinker able to identify opportunities to optimize SecureIT’s processes and capabilities

    • You have a strong professional network and are active in expanding it and cultivating new relationships

    • You are a growth-focused professional with a proven track record of exceeding personal revenue goals through exceptional client delivery

    Basic Qualifications:

    • Bachelor’s degree in Computer Science, Information Systems or a related discipline

    • 8-10+ years of progressive experience in security assessment/IT audit, leading and managing projects, and interfacing with clients

    • 4-6+ years’ experience of performing FedRAMP assessments and/or working in a related professional services advisory capacity

    • 4-6+ years’ experience in People Leadership

    • A proven track record of managing all aspects of a project lifecycle and associated reporting, ensuring projects are completed on time and within budget

    • Experience using the latest versions of NIST 800-37, NIST 800-53 and NIST 800-53a in executing assessment and security projects

    • Knowledge of virtualization and cloud technologies

    • Industry recognized professional certification—min. CISSP and one other (i.e., CASP+, CISA, CISM, GCED, GCIH, GSLC, CCSP, CISSP—ISSAP/ISSEP/ISSMP, CFR, CCISO)

    Preferred Qualifications:

    • Experience advising Cloud Service Providers, preferably working for a 3PAO
    • Experience managing multiple high-visibility and high-impact enterprise cybersecurity programs with cross-functional teams while maintaining superior results including planning, execution, and reporting
    • Business Development/Growth: Experience and successful track record in bringing in new clients and actively leveraging your network to do so
    • Industry recognized professional certifications—PMP

    About us...

    SecureIT provides full-spectrum cybersecurity and IT risk services to commercial organizations, government contractors, and the Federal Government and is known for being committed to quality and strong client relationships. Our company is made up of dedicated, smart, fun individuals, and we’re always looking for more to join the team. We’re a small organization, but we do big things that successfully impact the portfolio of commercial and federal clients that we serve. The experiences and skills that you bring to the table, and the new ones that you will acquire as part of our team, will be invaluable as we continue to grow our business through a diverse array of projects. We are firmly committed to our employees and foster an environment of continuous learning, professional growth, and collaboration. SecureIT offers an exciting and rewarding career path with an excellent benefits package.