ABOUT THE ROLE
Federal Review Leaders are leaders in FISMA/FedRAMP who bring deep knowledge of both FISMA/FedRAMP documentation and the associated review process. Using your strong experience with FedRAMP and NIST RMF you will review all aspects of required framework deliverables and where needed participate in the multiple Federal review processes.
As a federal review leader, you will be responsible for supporting and leading reviews of client deliverables, providing comments for deliverable updates, when necessary, providing assessment guidance and best practice training, and assuring governing body reviews are successful. You will lead the review process with governing body reviewers, provide assessor support activities, and engage as needed throughout the assessment process. In addition to mentoring assessment and review staff, you will have the opportunity to provide input on methodology development, technical assessment strategy, and engagement planning for A-LIGN’s service offerings as a technical SME. We have eliminated time reporting, chargeability goals, and sales pressure!
Success in this position requires a strong understanding of security-related system controls and of the various testing methods used to ascertain control effectiveness. You will work in a team atmosphere with an experienced Manager, and you’ll be assigned technical reviews to ensure client-ready deliverables are provided.
PAY CLASSIFICATION: Full-Time, Exempt
- Lead the assessment review process.
- Monitor the progress of assessor work papers and deliverables.
- Drive working sessions with assessors to ensure review expectations and direction are aligned for success.
- Provide updates and enhancements to Federal Quality Manager
- Build a quality based deliverable process.
- Mediate or escalate complications as they may arise, relating to internal and client expectations.
- Review and improve work papers, drafts, and final reports with high attention to detail.
- Be a subject matter expert in accordance with FedRAMP, NIST SP 800-53, 800-37, 800-171, and other authoritative IT security guidance.
- Validate information system security plans to ensure NIST control requirements are met.
- Develop Security Authorization Packages and ensure completeness and compliance with FedRAMP requirements and other authoritative IT security guidance.
- Lead governing body review presentations and calls.
- Collaborate across multiple internal teams to ensure successful delivery of results based on scope of work.
- Bachelor’s degree in management information systems, information security, computer science, or relevant discipline; or combination of relevant education and work experience
- Master’s degree is a plus.
- Minimum 3-5 years of experience in information security, with strong NIST experience (in order of preference): NIST SP 800-53, FedRAMP, RMF, FISMA, NIST SP 800-171
- Minimum 2-3 years direct FedRAMP assessment or leadership experience.
- Demonstrated knowledge of NIST publications, such as: NIST SP 800-30 rev 1, 800-37 rev 1 or 2, 800-53 rev 4, 800-53A rev 4, 800-60 Vol 1 & 2 rev 1, and 800-171 rev 1
- Experience with government compliance, including FISMA, FedRAMP, RMF, and CSF
- Experience with commercial cloud environments; architectures, technologies, and services
- Familiarity with other Security Frameworks (ISO, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plus.
- At least one advanced cybersecurity certification such as: CISSP, CISM, CISA, CCSP, CRISC, CAP, CASP, or other relevant security certifications, multiple are preferred.
- At least one vendor-specific cloud-related technology certifications such as: AWS, MS Azure, Google Cloud, Cisco Cloud, VMWare, etc. is preferred.
- Passing Baltimore Cyber Range (BCR)
- PMP is a plus.
- Ability to meet deadlines with a high degree of motivation working in a fast-paced environment.
- Ability to lead engagements and train junior staff.
- Ability to work individually as well as collaboratively.
- Excellent communication skills including the ability to explain technical matters to a non-technical audience.
- Broad IT background with technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle
- Provide technical expertise and remain current on cloud computing, cybersecurity, and technology trends in the marketplace.
- Broad knowledge of cloud computing, containerization, microservices architecture, orchestration tools; DevOps tools such as Terraform, Hashicorp products, ELK Stack, Kafka, Hadoop Clusters, Kubernetes, HA Proxy/NGNIX; Service Directory services such as Register, consul-template, spring; and Configuration Management tools such as Chef, Puppet, Ansible, Salt, etc.
- Health, Vision, Dental Benefits
- 401 (K) Plan with Employer Matching
- Competitive Bonus Structure
- Employer Paid Life Insurance and Disability Insurance
- Generous Paid Time Off Plan
- Virtual Employment
- Home Office Reimbursement
- Vacation Bonus
- Paid Office Closure December 24-January 1
- Paid Holidays Schedule
- Certification Reimbursement
A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,400 global organizations to confidently mitigate cybersecurity risks. We work with small businesses to global enterprises with services spanning across SOC, Penetration Testing, PCI DSS, HITRUST, ISO and privacy compliance. Our proprietary compliance management platform is transforming the compliance experience by enabling an anytime, anywhere approach to audits. For more information, visit
Come Work for A-LIGN!
Apply online today at A-LIGN.com and learn about life at A-LIGN by following our Careers at A-LIGN LinkedIn!
A-LIGN is an Equal Opportunity Employer! Minorities, women, disabled, and veterans encouraged to apply!