Consultant - Federal Services CCA (CMMC, FedRAMP, NIST)
About Us
Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.
About The Role
Tevora is looking for a passionate Information Security Consultant to join the Federal practice who has a solid balance between business acumen and technical expertise. Comfortable across all disciplines of information security, this consultant will be responsible for assessing compliance and risk on a wide variety of client projects for some of the world's largest organizations.
A day in the life could include
- Lead information security risk and compliance assessments, audits, gap analyses, and remediation planning.
- Actively contributing to projects with a primary focus on CMMC, FedRAMP, StateRAMP, NIST 800-53, FISMA, and NIST 800-171.
- Communicating with and present to project stakeholders to effectively convey requirements of technical and process improvements.
- Assisting in the development of customized policies, procedures, controls, disaster recovery plans and technical documentation for applications, systems, and infrastructure.
- Develop internal processes to support the overall maturity of the Federal practice.
- Possess a working knowledge of IT security and various frameworks (i.e. CMMC, FedRAMP, NIST 800-30, 800-53, 800-60, 800-171, PCI DSS, NYS DFS 500).
Necessary skills and qualifications
- Knowledge of and hands-on experience with CMMC, FedRAMP, and NIST 800-53/NIST 800-171 audits and attestations.
- Deep familiarity with, or experience as a 3PAO to obtain FedRAMP Ready or FedRAMP Authorized status for platforms, systems, and applications.
- Deep familiarity with, or experience as a C3PAO to obtain CMMC Certification status.
- Knowledge of security architecture, infrastructure, network and systems design.
- Practical and working knowledge of common IT and security concepts including firewall management, server management, SIEM, IDS/IPS, web proxies, access control and authentication, with advanced knowledge in at least one of these areas.
- Experience in securing operating systems
- Security policy frameworks and control design
- Experience in managing policy exceptions, including working directly with the teams to document exceptions, identifying compensating controls and remediation action plans.
- Required: CCA
- At least one advanced cybersecurity certification such as: CISSP (preferred), CCA, CCP, PCI QSA, CISA, CISM, ISO 27001, CRISC).
- BCR completion
- Bachelor's Degree from an accredited 4-year university
- Minimum 4 years of experience in information security, information technology, enterprise risk or compliance field.
- US Citizen with Passport
- Valid driver's license
- No criminal record and no bankruptcies or other negative reports on credit reports.
The successful consultant will
- Connect easily with clients and colleagues to communicate effectively across business and technical boundaries to offer recommendations as an expert with best practices.
- Work independently without detailed guidance.
- Have proficiency in writing executive level reports and technical documentation
#J-18808-Ljbffr
