Consultant – Federal Services CCA (CMMC, FedRAMP, NIST)

Consultant - Federal Services CCA (CMMC, FedRAMP, NIST)

About Us

Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.

About The Role

Tevora is looking for a passionate Information Security Consultant to join the Federal practice who has a solid balance between business acumen and technical expertise. Comfortable across all disciplines of information security, this consultant will be responsible for assessing compliance and risk on a wide variety of client projects for some of the world's largest organizations.

A day in the life could include

• Lead information security risk and compliance assessments, audits, gap analyses, and remediation planning.
• Actively contributing to projects with a primary focus on CMMC, FedRAMP, StateRAMP, NIST 800-53, FISMA, and NIST 800-171.
• Communicating with and present to project stakeholders to effectively convey requirements of technical and process improvements.
• Assisting in the development of customized policies, procedures, controls, disaster recovery plans and technical documentation for applications, systems, and infrastructure.
• Develop internal processes to support the overall maturity of the Federal practice.
• Possess a working knowledge of IT security and various frameworks (i.e. CMMC, FedRAMP, NIST 800-30, 800-53, 800-60, 800-171, PCI DSS, NYS DFS 500).

Necessary skills and qualifications

• Knowledge of and hands-on experience with CMMC, FedRAMP, and NIST 800-53/NIST 800-171 audits and attestations.
• Deep familiarity with, or experience as a 3PAO to obtain FedRAMP Ready or FedRAMP Authorized status for platforms, systems, and applications.
• Deep familiarity with, or experience as a C3PAO to obtain CMMC Certification status.
• Knowledge of security architecture, infrastructure, network and systems design.
• Practical and working knowledge of common IT and security concepts including firewall management, server management, SIEM, IDS/IPS, web proxies, access control and authentication, with advanced knowledge in at least one of these areas.
• Experience in securing operating systems
• Security policy frameworks and control design
• Experience in managing policy exceptions, including working directly with the teams to document exceptions, identifying compensating controls and remediation action plans.
• Required: CCA
• At least one advanced cybersecurity certification such as: CISSP (preferred), CCA, CCP, PCI QSA, CISA, CISM, ISO 27001, CRISC).
• BCR completion
• Bachelor's Degree from an accredited 4-year university
• Minimum 4 years of experience in information security, information technology, enterprise risk or compliance field.
• US Citizen with Passport
• Valid driver's license
• No criminal record and no bankruptcies or other negative reports on credit reports.

The successful consultant will

• Connect easily with clients and colleagues to communicate effectively across business and technical boundaries to offer recommendations as an expert with best practices.
• Work independently without detailed guidance.
• Have proficiency in writing executive level reports and technical documentation