FedRAMP Cloud Assessor

TACG is looking for a highly skilled FedRAMP Could Security Assessor. They will be working on a team tasked with providing cyber security support services for its software development lifecycle, which includes production support, governance, security, controls, and operations for the cloud environment. They will serve as the Subject Matter Expert (SME) for the Organization’s Cloud, Mobility and future emerging technologies environment; possessing in-depth knowledge of business risk management, security engineering, and regulatory compliance with FedRAMP, FISMA, and NIST.

Responsibilities (include but are not limited to):

• Conduct a FedRAMP readiness study to provide the Agency with an assessment of their capabilities to achieve FedRAMP accreditation. This includes performing a current state FedRAMP readiness review of the Agency on-premises cloud capabilities and providing the Agency with a roadmap to become FedRAMP accredited.
• Reviewing existing Agency security documentation, performing interviews of key personnel, and reviewing technical control implementations of the existing Cloud environments.
• Collaborate with 3PAO’s to prepare application materials demonstrating that the organization meets both technical competence in security assessment of cloud systems and management requirements for organizations performing inspections
• Review and assess security assessment plan to include a comprehensive set of procedures for assessing the effectiveness of security controls employed in the cloud environment and enabling more consistent, comparable, and repeatable assessments of security controls customized for cloud applications
• Develop security assessment reports to include all the assessment results and assigned mitigation strategy for each risk; perform analysis on each finding to promote a better understanding of the risks to organizational operations; organizational assets, and individuals
• Develop NIST / FISMA / FedRAMP SA&A documentation for systems and networks undergoing certification and validate the quality of deliverables produced by the team
• Assess risks, identify mitigation requirements and develop accreditation recommendations; be responsible for tracking SA&A requirements for assigned systems within the agency and validate that tasks are on schedule, and ensure the delivery of quality documentation
• Assist in the creation of SA&A packages with the responsibility for gathering information from system owners, applying data to the appropriate templates, and attending meetings in support of the effort
• Assist in responding to requests for information from OMB A-123, FISMA, GAO, and external auditors. Follow Agency procedures to gather and track information
• Develops and implements information assurance/security standards and procedures
• Coordinates, develops, and evaluates security programs for an organization; recommends information assurance/security solutions to support customers’ requirements
• Actively participate in client discussions and meetings

Essential Job Requirements:

Education:

• Bachelor of Science in Computer Science, Information Security, Management Information Systems, Computer Information Systems or Engineering or other related fields.
• Security +, CCSK, SANS, ISC2, or other relevant certification.

Experience:

 

• 4+ years Information Assurance experience
• 3+ years of working experience in security related field
• Experience in developing and implementing Information Assurance plan for a new information system development effort.
• Excellent problem solving skills and strong attention to detail.
• Ability to work effectively in a rapidly changing, team-based environment.
• Excellent communication and collaboration skills with business and technical communities.
• Working knowledge of a structured modeling technique (e.g., BPMN, IDEF, UML, etc.)
• Proficient in Microsoft Office suite
• Experience in technical writing/editing of IT Security materials.
• Experience working with Federal Agencies.
• Conducting FedRAMP Readiness Assessments and reviewing ATO packages for FedRAMP Cloud environments.
• Experience implementing NIST 800-53 rev.4 security controls in a FedRAMP Cloud environment for the Federal Government.
• Experience with Cloud Architecture requirements necessary to provide public, private, or hybrid Cloud services.
• Experience designing security architecture solutions within Cloud Service Provider environments (e.g. AWS, Azure).
• Experience and Competency with Trusted Agent FISMA (TAF), RSA Archer, or similar GRC tool.

Position Pay Range$100,000—$140,000 USD

About Copper River & The Native Village of Eyak:

Owned by the Native Village of Eyak (NVE), a federally recognized Alaska Native Tribe, the Copper River Family of Companies are a collection of entities that deliver a complementary set of solutions and services to support the diverse missions and requirements of our clients. Proud participants of the Small Business Administration’s (SBA) 8(a) Business Development Program since 2006, our companies consist of both current and graduation SBA 8(a) entities. It is our collective purpose to support the Tribe and diversify the NVE’s ability to facilitate economic advancement.

The income generated from our companies helps the Native Village of Eyak fund health and social services, economic development, natural resource/environmental education, jobs, job training, and other benefits to the NVE in a manner that is consistent with Alaskan Native cultural values and traditions.

Copper River’s Culture

The Copper River Family of Companies has a positive, supportive, and thriving culture. At the foundation of our culture is a focus on collaboration. No matter your role or which operating company you work for, we are ONE TEAM working toward the same goals for our customers and for our collective owner- The Native Village of Eyak. How we treat each other is just as important as the work we deliver.

Benefits

• Comprehensive medical, dental, and vision coverage
• Flexible Spending Account - healthcare and dependent care
• Health Savings Account - high deductible medical plan
• Retirement 401(k) with employer match
• Open leave policy and paid holidays
• Additional benefits including tuition reimbursement, transportation expense account, employee assistance program, and more! 

Note: These benefits are only applicable to full time, regular associates at Copper River.

 

Disclaimer:

The Copper River Family of Companies provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.