IT Security and Compliance Consultant

KyberStorm is a small women-owned cybersecurity firm. We take pride in providing exceptional services to our customers.  We are looking for a part-time IT Security and Compliance consultant to join our team. We operate in a fast-paced environment, sometimes supporting multiple customers throughout a week. We are looking for someone who can quickly become comfortable with managing multiple customers at the same time. This role will require collaboration with customers to address security and compliance challenges and to help design environments in-line with a desired regulatory framework.

Responsibilities:

  • Plan, implement, and enforce information security safeguards in line with industry best practices and in compliance with standards defined and mandated by federal regulations, FedRAMP, CMMC, NIST 800-171, etc. to protect the organization’s data and systems.
  • Author and advise development of Assessment and Authorization (A&A) artifacts and security documentation to include, but not limited to System Security Plans (SSP), Plan of Action and Milestone (POAM), Contingency Plan, Incident Response Plan, Configuration Management Plan.
  • Performing maturity gap assessments against client’s environment, including on-prem, cloud, hybrid, and container environments following industry standards (FedRAMP, CMMC, NIST 800-171, SOC 2, ISO 27001, etc.)
  • Provide support with investigation and mitigation in areas of risk or non-compliance.
  • Work with Development and engineering teams to provide guidance and technical recommendations to implement controls.

Education, Experience and/or Skills:

  • Bachelor’s degree in IT or business, or equivalent combination of education and work experience
  • Five (5) years of experience as a consultant within professional IT services
  • Deep experience with government compliance, including FISMA, FedRAMP, and CMMC
  • Strong knowledge of NIST Special Publications 800-30, 800-37, 800-53, 800-171
  • Experience with every step within the delivery of Assessment and Accreditation (A&A) phases and deliverables that have obtained and maintained full authorization to operate (ATO)
  • Security-focused industry certifications such as a CAP, Security +, CCSK, CISA, CISM, CISSP, CCSP, CRISC, or Amazon Web Services (AWS)/Google Cloud Platform (GCP)/Microsoft Azure specific certifications
  • A technical understanding of networking concepts, Active Directory, group policy objects, various operating systems, web applications, networking devices (routers, switches, firewalls, IDS and IPS), storage, databases, virtualization, and cloud technologies.
  • Ability to quickly take on new technology and concept
  • Ability to manage multiple priorities simultaneously
  • Comfortable supporting fast-paced team environments

Benefits:

  • Flexible schedule
  • Fully Remote
  • Part time position with opportunity to grow into full time

Work Location: Remote position

Job Type: Part – time