Manager, FedRAMP

Summary

Join Aprio's Risk Advisory & Assurance Services team as a FedRAMP Manager and help clients maximize their opportunities. You will work with the latest cloud services and technology companies, testing their systems against NIST 800-53 controls. Hone your technical skills in cryptography, network structures, and system security tools, and improve your understanding of organizational controls. Aprio supports further education through additional training and industry certifications. The position offers competitive compensation and a flexible work environment. Aprio is a progressive, fast-growing firm with a top-rated culture and vast growth opportunities.

Requirements

• In-depth knowledge of FedRAMP & DoD DISA security control requirements and how they overlap with additional frameworks
• Experience with the FedRAMP and RMF assessment and authorization processes, having completed at least 10 FedRAMP/DoD assessments
• Experience understanding and applying relevant technical knowledge to FedRAMP & DoD DISA environments
• A solid understanding of the FedRAMP Framework and DoD Impact levels IL4, IL5, and IL6
• Previous work experience with a FedRAMP 3PAO
• Working knowledge of cybersecurity consulting services, methodology, and relevant professional standards
• Requisite knowledge of applicable technology and security domains
• High level of attention to detail and quality of work product
• Client service oriented
• Excellent time management, organizational, and verbal and written communication skills
• Ability to work on-site or remotely as a valuable contributor to a collaborative team
• Capable of simultaneously managing assigned tasks for multiple projects
• Proficient in using Microsoft Word, Excel, and PowerPoint, as well as Aprio’s service delivery applications
• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field or equivalent professional experience in cybersecurity, cloud compliance, or a similar domain
• Minimum 5+ years of relevant professional services experience in financial auditing, operational auditing, information systems auditing, internal auditing, information security management or consulting and/or risk consulting

Responsibilities

• Review and validate System Security Plans (SSPs), POA&Ms (Plan of Actions and Milestones), and associated artifacts
• Prepare and deliver detailed assessment reports for Authorization to Operate (ATO) decisions
• Collaborate with CSP teams to identify gaps in their security posture and recommend remediation strategies
• Perform in-depth security assessments of cloud service providers (CSPs) against FedRAMP Moderate and High baseline requirements
• Evaluate technical controls across cloud environments, including access control, encryption, and system monitoring
• Validate the effectiveness of incident response plans, vulnerability scans, Continuous monitoring, and remediation activities
• Perform a variety of responsibilities from start to finish during a project, including
• Interviewing cloud service providers (CSP) Subject Matter Experts for different fields of the organization, such as Human Resources, SecDevOps, SOC/NOC, and Internal Compliance
• Performing walkthroughs of various cloud infrastructure-as-a-service architectures (e.g., AWS, Azure, or OCI)
• Reviewing system security configurations as they pertain to NIST 800-53 security control baselines
• Analyzing vulnerability reports, validating encryption configurations, and much more!

Preferred Qualifications

• Maintains one or more of the following FedRAMP-required R311 certifications
• Cisco Certified Network Associate Security (CCNA Security)
• Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
• Cybersecurity Analyst (CySA+)
• GIAC Certified Incident Handler (GCIH)
• GIAC Systems and Network Auditor (GSNA)
• GIAC Certified Intrusion Analyst (GCIA)
• Certified Information Systems Auditor (CISA)
• Certified Information System Security Professional or Associate (CISSP or Associate)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Information Systems Security Officer (CISSO)
• CyberSec First Responder (CFR)
• CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)
• CompTIA Cloud+ (Cloud+)
• Global Industrial Cyber Security Professional (GICSP)
• Securing Cisco® Networks with Threat Detection Analysis (SCYBER)

Benefits

• Medical, Dental, and Vision Insurance on the first day of employment
• Flexible Spending Account and Dependent Care Account
• 401k with Profit Sharing
• 9+ holidays and discretionary time off structure
• Parental Leave – coverage for both primary and secondary caregivers
• Tuition Assistance Program and CPA support program with cash incentive upon completion
• Discretionary incentive compensation based on firm, group and individual performance
• Incentive compensation related to origination of new client sales
• Top rated wellness program
• Flexible working environment including remote and hybrid options