Senior Manager, FedRAMP Advisory

Summary

Join Coalfire as a Senior Manager and lead a team of consultants, manage client escalations, and oversee engagements. You will leverage your deep understanding of compliance frameworks to provide advisory consulting, develop compliance reports, and ensure quality control. This role involves mentoring team members, managing project timelines, and contributing to service line growth. You will be responsible for directly managing and mentoring 3-6 team members and leading various projects for clients. Success in this position requires strong leadership, technical expertise, and a commitment to client satisfaction.

Requirements

• Minimum of 5 years or more of working experience in information technology, information security, technical assessment, or audits
• Substantial knowledge of security control requirements (NIST, FISMA, FedRAMP, StateRAMP, DoD, etc.) and how they overlap with additional frameworks
• Significant experience in understanding and applying relevant technical knowledge in FISMA/FedRAMP and other compliance framework assessments within moderate and large hyperscale CSP environments
• Knowledge in conducting multi-framework consolidated compliance assessment activities
• Detailed understanding of IT security technologies including network and application security, firewalls, access management, and data protection
• Experience with virtualization and cloud technologies
• Experience with client-server and traditional on-premises architecture
• Familiarity with statutes and regulations across multiple industries relevant to IT
• Demonstrated ability to lead moderately complex system assessments/consulting engagements independently
• Demonstrated ability to assist team members with proper artifact collection and interviewing clients to ascertain control implementation details
• Demonstrated ability to read and interpret all control families
• Demonstrated ability to read and interpret firewall rulesets and to create network/boundary/data flow diagrams
• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
• Strong consulting skills; ability to advise and challenge the status quo while building strong relationships
• Ability to build high-trust relationship and credibility quickly
• Ability to lead projects successfully and delegate up and across
• Ability to prioritize and manage multiple initiatives/projects
• Strong excel skills with ability to develop worksheets with complex formulas
• Ability to lead teams small to large teams in the assessment and internal environments
• Ability to speak to Cloud Service Providers to resolve issues and come to a conclusion of the assessment
• At least one of the following Advanced certifications or equivalent in cybersecurity or cloud: CISSP, CISA, CISM, CAP, CRISC, and/or cloud specific certification (AWS, GCP, or Azure) or specialty certification in security
• Bachelor's degree (four-year college or university) or equivalent education and experience

Responsibilities

• Manage priorities, tasks and hours on projects in conjunction with the project manager and management to achieve delivery utilization targets
• Escalate client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue
• Interface with clients through entire engagement, interacting with all levels of client organizations
• Establish and maintain positive, collaborative relationships with clients and stakeholders
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables
• Manage team, responsible for talent decisions in regard to performance management, compensation and hiring
• Provide mentorship and coaching to team members in areas of technology, consulting, technical review and writing
• Maintain strong depth of knowledge in the practice area, seek professional development opportunities, and maintain industry specific certifications
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales
• Ensure team members are achieving project margins and utilization targets
• Lead complex and less complex projects, guiding the customer and all resources successfully through the project lifecycle
• Lead advisory projects from start to finish to include workshops, gap analyses, document development projects, and ad hoc consulting support
• Execute examine, interview, and test procedures in accordance with compliance advisory security control framework (NIST, FISMA, FedRAMP, StateRAMP, DoD, etc.), etc.) requirements
• Ensure cybersecurity policies are adhered to and that required controls are implemented
• Validate respective information system security plans or policy/procedure documentation to ensure compliance advisory control requirements are met
• Author recommendations associated with findings on how to improve the customer’s security posture
• Closely follow industry development and trends to develop and maintain industry-specific policies, procedures, and training
• Lead IT system security consultation within cloud-based and on-premises environments in accordance with framework specific (NIST SP 800-53, 800-37, OMB, HITRUST CSF, ISO 27002, and other authoritative IT) security guidance
• Develop System Security Plans, Configuration Management, IT Contingency, and Incident Response Plans, security policies/procedures, risk assessment plan or other requirements in accordance with compliance framework requirements
• Prepare, review and/or update, and maintain IT Security supporting artifacts
• Provide guidance to Information System Owners
• Identify information security problems and challenges, researching and developing technical solutions to rectify them
• Demonstrate expertise in the control requirements and test procedures of NIST, FISMA, FedRAMP, StateRAMP, DoD, etc.  or other security compliance frameworks
• Ensure cybersecurity policies are adhered to and that required controls are implemented.  If the required controls are not implemented provide recommendations to the client to improve their security posture
• Validate respective information system security plans to ensure control requirements are met
• Develop technical content, such as procedures and policies, risk management tools, etc., that will be used by clients to assist them in elevating/build out their security programs for system authorization
• Mentor all project team members on compliance (NIST, FISMA, FedRAMP, StateRAMP, DoD, etc.) specific consulting methodologies
• Performing interviews of potential new hires for an intern, associate, consultant, senior consultant and senior manager roles

Preferred Qualifications

• Strong knowledge of container-based architectures
• Knowledge of various cloud environments, including AWS, GCP, and Azure
• Bachelors of Science degree in a technical field (CIS, MIS, IT, Engineering, or related field)

Benefits

• Paid parental leave
• Flexible time off
• Certification and training reimbursement
• Digital mental health and wellbeing support membership
• Comprehensive insurance options
• Flexible work model