Location: 100% Remote
Top 5 skills:
1. Deep technical experience driving the NIST RMF framework, interpreting NIST 800-171 and NIST 800-53 controls, and an understanding of CMMC. This includes activities like documenting SSP (System Security Plans), and POA&Ms (Plan of Action and Milestone's), Security Assessment Reports, and Risk Assessment Reports, etc.
2. Secret Clearance preferred. The candidate Must be a US citizen. If the candidate already has a Secret clearance, the company presenting the candidate for hire MUST be cleared to hold the candidates' clearance, and the clearance MUST BE held by the contract company that the candidate is will be working with while under contract with the Company. The company must have valid Secret facility clearance with The Defense Counterintelligence and Security Agency (DCSA) and is required to provide proof to the Company by Sending a copy of the Facility clearance (FCL) via the DCSA National Industrial Security System (NISS) – the Company will not sponsor the company for an FCL.
3. Deep technical knowledge: full understanding of security for the technology stack. Security of applications, infrastructure, network, desktop, access security, mobile, cloud security is a plus, Azure cloud/security is even better, etc.
4. A good understanding of overall Risk Management Frameworks (RMFs), how they work, and how they apply to businesses. a. what is risk management, b. what is risk tolerance, c. what is risk mitigation....etc.
5. Must have very clear communications skills, both written and verbal.
About the Company's Technology:
Career-Level position within field. Requires experience and proficiency in discipline. Conducts complex work important to the organization. Works with minimal supervision with wide latitude for independent judgment.
To qualify, candidates must have:
- Approximately 10-12 years of experience in information systems architecture methodologies, management, and tracking/analyzing budgets
- Sound judgment and tact
- Excellent management, interpersonal, communication, and organizational skills
- Ability to work and team effectively with clients and other management personnel
- Advanced degree in Computer Science or a related discipline; or equivalent work experience
Technology has always been at the heart of what we do and deliver at the Company. We need technology to keep an organization the size of ours working efficiently. We have 300,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and are key to us being more innovative as an organization.
The Company's Technology supports our technology needs through three business units:
Client Technology (CT) focuses on developing new technology services for our clients. It enables the Company to identify new technology-based opportunities faster and pursue those opportunities more rapidly.
Enterprise Workplace Technology (EWT) supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. EWT will also support our internal technology needs by focusing on a better user experience.
Information Security (Info Sec) prevents, detects, responds and mitigates risk, protecting the Company and client data, and our information management systems.
The opportunity
As a Security Consultant for the Government and Public Sector (GPS) practice within the Global Information Security team, the individual will be responsible for providing security guidance to IT Service Delivery teams who are responsible for delivering cloud-based and emerging technology solutions that support our US federal government clients. The consultant will provide security guidance, identify and prioritize security-related requirements, promote secure-by-default designs and facilitate delivery of information security services throughout the system development life cycle (SDLC). The Security consultant will also be expected to perform security assessments of cloud-based information systems and infrastructure, develop appropriate risk treatment and mitigation options based on cloud security controls, and effectively articulate findings and recommendations to IT project teams and management. The successful candidate should have a solid background working within the NIST RMF, development of conducting security assessment reviews and reports, risk assessment reviews, security controls, security policies, and all facets of risks /security assessment activities. This candidate should also have broad experience over an array of information security and technical disciplines and be able to provide pragmatic, business-aligned security guidance. The Security consultant will be expected to work on multiple projects and tasks concurrently.
Your key responsibilities:
• Coordinate and drive risk and security assessment activities and deliver processes and documentation in accordance with the NIST Risk Management Framework.
• Develop and refine effective controls for cloud-hosted implementations that align with NIST, DFARS and DOD (CMMC) security requirements
• Assist IT Service Delivery team in documenting the security controls for cloud-hosted implementations of information systems for US federal government clients
• Define and provide security guidance that balances business benefit and risks in both on premise and cloud-based systems (applications and infrastructure)
• Engage IT project teams involved in developing or deploying business applications, throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls
• Perform security assessments and audits of information systems and infrastructure
• Maintain and enhance the Information Security assessment methodology
• Develop appropriate risk/security treatment and mitigation options to address findings and vulnerabilities identified during security reviews or audits
• Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders
• Work with other team members in the area of cloud security and emerging technologies
Skills and attributes for success:
• Demonstrated integrity in a professional environment
• Ability to team well with others to facilitate and enhance understanding & compliance with security policies
• Ability to convey risks to IT and business stakeholders
• Ability to work effectively with customers, management, staff members, vendors and consultants and articulate findings and recommendations
• Strong English communication and writing skills
• Excellent interpersonal, communication, organizational, and project management skills
To qualify for the role, you must have:
• Experience working with the NIST Risk Management Framework (RMF), experience with US federal Certification & Accreditation (C&A) packages, the NIST including Security Assessment Reporting, Risk Assessment Reviews and Reporting, Plans of Action and Milestones (POAMs) and System Security Plans (SSPs)
• Experience providing and validating security requirements related to information system design and implementation
• Experience conducting security assessments, vulnerability assessments, vendor and third-party risk assessments and recommending remediation strategies
• Experience utilizing NIST Special Publications 800 (Security) Series documentation
• Familiarity with information system attack methods and vulnerabilities
• Ability to pass US Government Security Clearance
• US Citizenship
Ideally, you will also have:
• Experience with providing security controls for large scale deployments, preferably in cloud environments
• Experience providing and validating security requirements related to a broad range of operating systems and databases
• Experience in the use of tools and methods to identify security exposures and business risks
• Advanced degree in Information Assurance, Information Security, or a related discipline
• Knowledge of OWASP top 10 and remediation of attacks against web applications
• Knowledge of Cloud Security Alliance’s cloud security controls
• Exceptional judgment, tact, and decision-making ability
• Knowledge of common information security standards such as ISO 27001/27002, SOC, etc.
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• Candidates are preferred to hold or be actively pursuing related professional certifications such as CISSP, CAP, GSEC, CCSP, CISM or CISA
• Experience working for a US federal government agency, US federal contractor or state government agency
• Undergraduate degree in Information Assurance, Information Security, or a related discipline or equivalent experience
What we look for:
In addition to the above-mentioned experience and skills, we are looking for individuals with experience in cloud computing from a security and infrastructure point of view. Significant experience in the
Microsoft Azure, Google Cloud, or AWS platforms is strongly preferred.
What working at the Company offers:
The Company is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.
About the Company:
As a global leader in assurance, tax, transaction and advisory services, we are using the finance products, expertise and systems we have developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional Company experience lasts a lifetime.
#CB-SPG
Yoh, A Day & Zimmermann Company
Alpharetta Georgia
United States
Customer Service / Call Center
(No Timezone Provided)
Location: 100% Remote
Top 5 skills:
1. Deep technical experience driving the NIST RMF framework, interpreting NIST 800-171 and NIST 800-53 controls, and an understanding of CMMC. This includes activities like documenting SSP (System Security Plans), and POA&Ms (Plan of Action and Milestone's), Security Assessment Reports, and Risk Assessment Reports, etc.
2. Secret Clearance preferred. The candidate Must be a US citizen. If the candidate already has a Secret clearance, the company presenting the candidate for hire MUST be cleared to hold the candidates' clearance, and the clearance MUST BE held by the contract company that the candidate is will be working with while under contract with the Company. The company must have valid Secret facility clearance with The Defense Counterintelligence and Security Agency (DCSA) and is required to provide proof to the Company by Sending a copy of the Facility clearance (FCL) via the DCSA National Industrial Security System (NISS) – the Company will not sponsor the company for an FCL.
3. Deep technical knowledge: full understanding of security for the technology stack. Security of applications, infrastructure, network, desktop, access security, mobile, cloud security is a plus, Azure cloud/security is even better, etc.
4. A good understanding of overall Risk Management Frameworks (RMFs), how they work, and how they apply to businesses. a. what is risk management, b. what is risk tolerance, c. what is risk mitigation....etc.
5. Must have very clear communications skills, both written and verbal.
About the Company's Technology:
Career-Level position within field. Requires experience and proficiency in discipline. Conducts complex work important to the organization. Works with minimal supervision with wide latitude for independent judgment.
To qualify, candidates must have:
- Approximately 10-12 years of experience in information systems architecture methodologies, management, and tracking/analyzing budgets
- Sound judgment and tact
- Excellent management, interpersonal, communication, and organizational skills
- Ability to work and team effectively with clients and other management personnel
- Advanced degree in Computer Science or a related discipline; or equivalent work experience
Technology has always been at the heart of what we do and deliver at the Company. We need technology to keep an organization the size of ours working efficiently. We have 300,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and are key to us being more innovative as an organization.
The Company's Technology supports our technology needs through three business units:
Client Technology (CT) focuses on developing new technology services for our clients. It enables the Company to identify new technology-based opportunities faster and pursue those opportunities more rapidly.
Enterprise Workplace Technology (EWT) supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. EWT will also support our internal technology needs by focusing on a better user experience.
Information Security (Info Sec) prevents, detects, responds and mitigates risk, protecting the Company and client data, and our information management systems.
The opportunity
As a Security Consultant for the Government and Public Sector (GPS) practice within the Global Information Security team, the individual will be responsible for providing security guidance to IT Service Delivery teams who are responsible for delivering cloud-based and emerging technology solutions that support our US federal government clients. The consultant will provide security guidance, identify and prioritize security-related requirements, promote secure-by-default designs and facilitate delivery of information security services throughout the system development life cycle (SDLC). The Security consultant will also be expected to perform security assessments of cloud-based information systems and infrastructure, develop appropriate risk treatment and mitigation options based on cloud security controls, and effectively articulate findings and recommendations to IT project teams and management. The successful candidate should have a solid background working within the NIST RMF, development of conducting security assessment reviews and reports, risk assessment reviews, security controls, security policies, and all facets of risks /security assessment activities. This candidate should also have broad experience over an array of information security and technical disciplines and be able to provide pragmatic, business-aligned security guidance. The Security consultant will be expected to work on multiple projects and tasks concurrently.
Your key responsibilities:
• Coordinate and drive risk and security assessment activities and deliver processes and documentation in accordance with the NIST Risk Management Framework.
• Develop and refine effective controls for cloud-hosted implementations that align with NIST, DFARS and DOD (CMMC) security requirements
• Assist IT Service Delivery team in documenting the security controls for cloud-hosted implementations of information systems for US federal government clients
• Define and provide security guidance that balances business benefit and risks in both on premise and cloud-based systems (applications and infrastructure)
• Engage IT project teams involved in developing or deploying business applications, throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls
• Perform security assessments and audits of information systems and infrastructure
• Maintain and enhance the Information Security assessment methodology
• Develop appropriate risk/security treatment and mitigation options to address findings and vulnerabilities identified during security reviews or audits
• Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders
• Work with other team members in the area of cloud security and emerging technologies
Skills and attributes for success:
• Demonstrated integrity in a professional environment
• Ability to team well with others to facilitate and enhance understanding & compliance with security policies
• Ability to convey risks to IT and business stakeholders
• Ability to work effectively with customers, management, staff members, vendors and consultants and articulate findings and recommendations
• Strong English communication and writing skills
• Excellent interpersonal, communication, organizational, and project management skills
To qualify for the role, you must have:
• Experience working with the NIST Risk Management Framework (RMF), experience with US federal Certification & Accreditation (C&A) packages, the NIST including Security Assessment Reporting, Risk Assessment Reviews and Reporting, Plans of Action and Milestones (POAMs) and System Security Plans (SSPs)
• Experience providing and validating security requirements related to information system design and implementation
• Experience conducting security assessments, vulnerability assessments, vendor and third-party risk assessments and recommending remediation strategies
• Experience utilizing NIST Special Publications 800 (Security) Series documentation
• Familiarity with information system attack methods and vulnerabilities
• Ability to pass US Government Security Clearance
• US Citizenship
Ideally, you will also have:
• Experience with providing security controls for large scale deployments, preferably in cloud environments
• Experience providing and validating security requirements related to a broad range of operating systems and databases
• Experience in the use of tools and methods to identify security exposures and business risks
• Advanced degree in Information Assurance, Information Security, or a related discipline
• Knowledge of OWASP top 10 and remediation of attacks against web applications
• Knowledge of Cloud Security Alliance’s cloud security controls
• Exceptional judgment, tact, and decision-making ability
• Knowledge of common information security standards such as ISO 27001/27002, SOC, etc.
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• Candidates are preferred to hold or be actively pursuing related professional certifications such as CISSP, CAP, GSEC, CCSP, CISM or CISA
• Experience working for a US federal government agency, US federal contractor or state government agency
• Undergraduate degree in Information Assurance, Information Security, or a related discipline or equivalent experience
What we look for:
In addition to the above-mentioned experience and skills, we are looking for individuals with experience in cloud computing from a security and infrastructure point of view. Significant experience in the
Microsoft Azure, Google Cloud, or AWS platforms is strongly preferred.
What working at the Company offers:
The Company is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.
About the Company:
As a global leader in assurance, tax, transaction and advisory services, we are using the finance products, expertise and systems we have developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional Company experience lasts a lifetime.
#CB-SPG