Job Title: FedRAMP Compliance Subject Matter Expert (SME)
Department: FedRAMP Advisory
Pay Type: SALARIED EXEMPT
Report To: Director, Security & Compliance Advisory
LOCATION: Full-time, Remote, United States - East Coast Hours
Summary of Position Role/Responsibilities
Quzara, a leading cybersecurity firm, is seeking a highly skilled FedRAMP Compliance Subject Matter Expert (SME) to join our team. This role is crucial for leading our efforts in assessing and enhancing the security compliance of information systems within cloud environments. The ideal candidate will be pivotal in managing and executing activities related to security documentation, vulnerability compliance scanning, and the coordination of internal and external compliance assessments. By joining our team, you will contribute to maintaining and elevating our standards of security in compliance with federal regulations.
Essential Functions of the Job
- Lead rapid assessment teams to identify gaps, risks, and remediations for information systems.
- Define FedRAMP boundaries in customer deployments and ensure these comply with federal regulations.
- Collaborate with internal engineering teams to ensure security controls meet all technical, management, and operational requirements.
- Conduct vulnerability and compliance scans, analyze the results, and provide detailed assessments and reviews.
- Audit existing security controls to verify compliance with cloud requirements and governance models.
- Support the development and refinement of technical materials, operational processes, and security policies.
- Manage and report on compliance metrics to track and enhance security measures.
- Draft and review proposals that include a clear understanding of contract language and compliance requirements.
- Oversee the development and implementation of Plans of Action and Milestones (POA&Ms).
- Coordinate and lead onsite assessments with external stakeholders, including preparing and managing necessary documentation.
- Engage with subject matter experts to develop, edit, and revise critical documentation, including standard operating procedures and system security plans.
- Utilize tools such as MS Visio to create and edit technical drawings that clearly outline system configurations and architectures.
- Document client deliverables comprehensively, ensuring they encompass all legal, physical, and technical controls involved in an organization’s risk management strategy.
Marginal Functions of the Job
- Other duties as assigned.
Normal Work Schedule
This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.
Education, Training, and Experience
- Bachelor’s degree in English, Business Writing, Business Administration, or related field from an accredited university.
- Preferred: DHS Continuous Monitoring Program Education.
- Minimum five years of experience in writing technical documentation with a strong understanding of cloud and security concepts.
- Minimum five years of experience with NIST SP 800 Series, FedRAMP, FISMA, and NIST SP 800-171.
- At least three years of experience in cloud data security and working with public cloud solutions (AWS, Google, Azure).
- Proficient in producing and editing technical drawings using MS Visio or similar tools.
- Familiarity with the COBIT framework.
- Must be authorized to work in the United States without visa sponsorship.
- Requires clearance as the position involves FedRAMP Advisory or Assessment as a 3PAO.
- Excellent verbal and written communication skills with the ability to articulate complex information to technical and non-technical audiences.
- Demonstrated ability to work collaboratively with internal and external stakeholders.
- Strong organizational skills with the ability to manage multiple projects simultaneously.
EEO Statement
The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.
