The SME Cybersecurity Consultant will play a critical role in conducting, guiding, and validating control testing efforts for federal and critical industry clients. This individual will leverage 10+ years of experience in cybersecurity, with a focus on compliance, control assessments, and risk management. The ideal candidate will be a recognized expert in NIST 800-53, NIST 800-37, and FISMA, with strong analytical and communication skills to support high-profile engagements.
-
Lead and perform comprehensive cybersecurity control assessments in accordance with NIST 800-53 v5, NIST 800-37, and FISMA requirements.
-
Serve as the subject matter expert (SME) for control testing methodologies, providing guidance and mentorship to assessment teams.
-
Review and validate control implementation and effectiveness, ensuring compliance with federal regulations and organizational policies.
-
Develop and deliver key artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms).
-
Analyze security documentation, configurations, and evidence to assess compliance with security and privacy controls.
-
Collaborate with cross-functional teams, including IT, security, and audit teams, to identify, document, and mitigate risks.
-
Provide technical expertise in the implementation of the Risk Management Framework (RMF) process, supporting system authorization and accreditation.
-
Assist in the preparation for audits, inspections, and other regulatory assessments, ensuring successful outcomes.
-
Stay informed about evolving federal cybersecurity regulations, standards, and threats to provide proactive recommendations.
-
Communicate assessment findings and recommendations effectively to both technical and non-technical stakeholders, including senior leadership and government clients.
Required Experience and Skills:
- MUST BE A U.S. CITIZEN
-
10+ years of experience in cybersecurity, with a strong focus on control testing and compliance in federal environments.
-
In-depth knowledge of NIST 800-53 v5, NIST 800-37, and FISMA frameworks and requirements.
-
Proven expertise in conducting control assessments, documenting findings, and developing remediation plans.
-
Strong understanding of the Risk Management Framework (RMF) process and its application to federal systems.
-
Experience in developing security artifacts, including SSPs, SARs, and POA&Ms.
-
Exceptional analytical skills, with the ability to assess complex systems and identify compliance gaps.
-
Excellent verbal and written communication skills, with experience briefing senior executives and federal clients.
-
Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
Preferred Qualifications:
- Certifications such as CISSP, CAP, CISM, or CRISC.
-
Experience in privacy control assessments and integrating privacy requirements into security programs.
-
Familiarity with cybersecurity tools and technologies used for testing and validation.