SRC_FedReg_Senior Associate

The Fedreg Compliance Specialist will play a vital role in supporting clients exposed to US Federal requirements in their mission to protect sensitive government data and operations to meet compliance objectives. The ideal candidate should have the experience and understanding of industry standard security frameworks such as NIST 800-53, 800-171/172 

The Experienced Associate is expected to assist in the following activities  

• Working knowledge and expertise in performing security assessments based on industry standards such as NIST  800-53           (rev 4 and rev 5), NIST 800-171/172, Risk Management Framework (800-37).  

• Quick learner who can independently understand the Federal and regulatory frameworks such as DFARS, CMMC, FedRAMP, NIST 800-53, 800-171, StateRAMP, etc  

• Can independently work with stakeholders across different functional areas, including but not limited to the business, IT, Security, Legal & Compliance, and HR. 

• Understand clients’ security organization, including roles and responsibilities, interactions with other enterprise functions 

and role of third parties, etc. 

• Participate or facilitate workshops and/or individual interviews to identify, document gaps and current state of  

Cybersecurity. 

• Review IT and security architectures, design patterns, and other technical documentation. 

• Draft assessment reports including Executive Summary, observations/recommendations/peer comparisons, benchmark  

etc.  

• Suggest Cybersecurity strategic initiatives to achieve future/target state. 

• Create a roadmap for identified cyber initiatives. 

• Conduct NIST CSF, NIST 800-53, NIST 800-171/172, ISO, CRI etc. gap assessments or compliance testing. 

• Perform evidence validation to ensure compliance. 

• Define testing and sampling procedures. 

• Support development of  SOW’s, RFP’s in alignment to client’s requirements. 

Years of Experience   

• 2-5 years of Information Security industry experience and min 2+ relevant experience in NIST based assessments, NIST CSF Maturity Assessments, ISO, FFIEC, Cloud security CRI (desired). 

Position Requirements  

• Conduct Maturity assessments based on NIST frameworks. 

• Perform gap assessments and Control testing using NIST standard/frameworks. 

• Good understanding of compliance standards/frameworks like ISO 27001/27002, NIST, COBIT, SOX, GLBA, SSAE16/SOC 2, etc. will be an advantage. 

• Excellent written and oral communication skills, can express thoughts clearly, knows how to listen, take detailed notes and contribute in a team environment. 

Desired Knowledge  

• NIST CSF, NIST 800-53, NIST 800-171, Cloud security and other industry standards such as ISO, PCI, HITRUST etc. 

• Excellent leadership, teamwork and collaboration skills. 

• Ability to quickly acquire and utilize knowledge on new technologies and solutions, emerging threats and vulnerabilities. 

Desired Skills  

• Excellent MS-Office skills 

• Results oriented, high energy, self-motivated. 

• Flexible to learn cross-skills 

Professional and Educational Background  

• MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems). 

• Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC). 

Additional Information  

Travel Requirements: Not Applicable 

• Line of Service: Advisory 

• Industry: Consulting 

• Must be ready to work in a flexible environment with partial overlap with US hours 

Minimum Years of Experience: 

2 - 5 years