ABOUT THE ROLE
Federal Associate Managers are leaders in federal cybersecurity who bring deep knowledge of client engagement and practice management. Using your strong experience with FISMA and FedRAMP and familiarity with the NIST Risk Management Framework (RMF) you will support and lead teams to perform assessments for cloud computing technologies in meeting federal compliance.
You will oversee engagements through the management of standard project execution, client service activities, and staff consultants. In addition to developing junior level staff, you will have the opportunity to provide input on methodology development, technical assessment strategy, and engagement planning for A-LIGN’s service offerings as a technical SME. We have eliminated time reporting, chargeability goals, and sales pressure!
Success in this position, requires a strong understanding of security-related system controls and of the various testing methods used to ascertain control effectiveness. You will work in a team atmosphere with experienced leadership, and you’ll be assigned technical engagements to oversee and ensure client-ready deliverables are provided.
REPORTS TO: Senior Manager/Director
PAY CLASSIFICATION: Full-Time, Exempt
- Develop and maintain client relationships & ensure deadlines are met
- Oversee senior staff to lead projects from initiation to project closure
- Provide direction for scheduling, project sequencing, and resource management
- Monitor the progress of engagements and key project activity dates
- Provide updates to Federal Practice Lead and Senior Manager & attend manager meetings
- Mediate complications as they may arise, relating to client, staff, or project execution
- Review work papers, drafts, and final reports with high attention to detail
- Ensure security assessments are performed in accordance with NIST SP 800-53, 800-37, 800-171, and other authoritative IT security guidance
- Review and analyze Security Authorization Packages for completeness and compliance with FedRAMP requirements and other authoritative IT security guidance
- Provide support as needed to complete Security Authorization Packages and Security Assessments
- Collaborate across multiple internal teams to ensure successful delivery of results based on scope of work
- Bachelor’s degree in management information systems, information security, computer science, or relevant discipline; or combination of relevant education and work experience
- Minimum 5 years of experience in information security, with strong NIST experience (in order of preference): FedRAMP, RMF, NIST SP 800-53, FISMA, NIST SP 800-171
- Demonstrated knowledge of NIST publications, such as: NIST SP 800-30 rev 1, 800-37 rev 1 or 2, 800-53 rev 4, 800-53A rev 4, 800-60 Vol 1 & 2 rev 1, and 800-171 rev 1
- Strong experience with government compliance, including FedRAMP, FISMA, RMF, and CSF
- Experience as a consultant with a Big 4 or second tier consulting firm preferred
- Experience with commercial cloud environments; architectures, technologies, and services
- Familiarity with other Security Frameworks (ISO, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plus
- At least one advanced cybersecurity certification such as: CISSP (preferred), CISM, CISA, CCSP, CRISC, CAP, CASP, or other relevant security certifications, multiple are preferred
- Advanced vendor-specific cloud-related technology certifications, a plus, such as: AWS, MS Azure, Google Cloud, Cisco Cloud, VMWare, etc.
- PMP is a plus
- Ability to meet deadlines with a high degree of motivation working in a fast-paced environment
- Ability to lead multiple assessment engagements and train junior staff
- Ability to work individually as well as collaboratively
- Excellent communication skills to include the ability to explain technical matters to a non-technical audience
- Provide technical expertise and remain current on cloud computing, cybersecurity, and technology trends in the marketplace
- Broad IT background with technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle
- Broad knowledge of cloud computing, containerization, microservices architecture, orchestration tools; DevOps tools such as Terraform, Hashicorp products, ELK Stack, Kafka, Hadoop Clusters, Kubernetes, HA Proxy/NGNIX; Service Directory services such as Register, consul-template, spring; and Configuration Management tools such as Chef, Puppet, Ansible, Salt, etc.
- Employer Paid Health, Vision, Dental
- 401 (K) Plan with Employer Matching
- Competitive Bonus Structure
- Employer Paid Life Insurance and Disability Insurance
- Generous Paid Time Off Plan
- Virtual Employment
- Technology Allowance
- Vacation Bonus
- Paid Office Closure December 24-January 1
- Paid Holidays Schedule
- Certification Reimbursement
- Flu Shot Reimbursement
- TSA PreCheck Reimbursement
- AAA Reimbursement
A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,400 global organizations to confidently mitigate cybersecurity risks. We work with small businesses to global enterprises with services spanning across SOC, Penetration Testing, PCI DSS, HITRUST, ISO and privacy compliance. Our proprietary compliance management platform is transforming the compliance experience by enabling an anytime, anywhere approach to audits. For more information, visit www.A-LIGN.com.