Cloud Risk and Compliance Analyst

Operations Security Advisor I - Cloud Risk and Compliance Analyst

Candidate will be expected to work on customer site up to two days per week.

• Provide Risk Management Framework (RMF) subject matter expertise to the client.

• Experience implementing security controls and compliance with a Cloud Service Provider CSP (AWS or Azure)

• Support ongoing compliance activities and monitoring efforts across applicable Regulations and Standards (NIST-800-53, FedRAMP)

• Collaborate with cross-functional teams to implement compliance initiatives and security controls

• Monitor and track activities related to control remediation or corrective action.

• Partner with business and IT teams to develop and deliver risk mitigation plans, implement additional control activities, or document risk acceptance

• Experience with FedRAMP compliance, Cloud systems and the Customer Responsibility Matrix (CRM)

• Coordinate with Authorizing Officials, System Owners, Engineers, ISSO and other applicable teams to create and update SSPs, SARs, SIAs, Security Impact Analysis and other applicable documentation for legacy on-prem and Cloud systems.

• Assess and determine the NIST 800-53 Control Status for multiple ATOs.

• Update and maintain POAMs and ATO packages in CSAM

• Ensure assessment and authorization packages are in compliance with Federal government compliance and client requirements.

• On-time submission of contract deliverables with special attention to quality and accuracy.

• Monitor, track, and report on daily, weekly, and monthly team program initiatives.

• Evaluate configuration management (CM) for information system security software, hardware, and firmware.

Other Job Specific Skills

• Experience and knowledge of NIST SP 800-37, NIST SP 800-53r5, FedRamp

• Experience and knowledge of performing risk and vulnerability assessments for the purpose of change management (SIA).

• POAM management, tracking and reporting.

• Experience with RMF and Cloud authorization processes and procedures.

• Experience with categorization of Federal government systems.

• Experience in policy implementation with a Federal government client.

• Technical writing skills to include SOPs and Control Implementation.