Cloud Risk and Compliance Analyst
ASM Research
Bethesda, MD
Full-time
Job Description
Operations Security Advisor I Cloud Risk and Compliance Analyst
Candidate will be expected to work on customer site up to two days per week.
- Provide Risk Management Framework (RMF) subject matter expertise to the client.
- Experience implementing security controls and compliance with a Cloud Service Provider CSP (AWS or Azure)
- Support ongoing compliance activities and monitoring efforts across applicable Regulations and Standards (NIST-800-53, FedRAMP)
- Collaborate with cross-functional teams to implement compliance initiatives and security controls
- Monitor and track activities related to control remediation or corrective action.
- Partner with business and IT teams to develop and deliver risk mitigation plans, implement additional control activities, or document risk acceptance
- Experience with FedRAMP compliance, Cloud systems and the Customer Responsibility Matrix (CRM)
- Coordinate with Authorizing Officials, System Owners, Engineers, ISSO and other applicable teams to create and update SSPs, SARs, SIAs, Security Impact Analysis and other applicable documentation for legacy on-prem and Cloud systems.
- Assess and determine the NIST 800-53 Control Status for multiple ATOs.
- Update and maintain POAMs and ATO packages in CSAM
- Ensure assessment and authorization packages are in compliance with Federal government compliance and client requirements.
- On-time submission of contract deliverables with special attention to quality and accuracy.
- Monitor, track, and report on daily, weekly, and monthly team program initiatives.
- Evaluate configuration management (CM) for information system security software, hardware, and firmware.
Other Job Specific Skills :
- Experience and knowledge of NIST SP 800-37, NIST SP 800-53r5, FedRamp
- Experience and knowledge of performing risk and vulnerability assessments for the purpose of change management (SIA).
- POAM management, tracking and reporting.
- Experience with RMF and Cloud authorization processes and procedures.
- Experience with categorization of Federal government systems.
- Experience in policy implementation with a Federal government client.
- Technical writing skills to include SOPs and Control Implementation.
30+ days ago