Senior Manager, FedRAMP Assessment | Remote US

Coalfire Systems

A variety of soft skills and experience may be required for the following role Please ensure you check the overview below carefully.

Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees.

About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients' hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape.

We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.

But that's not who we are - that's just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

Position Summary

The Senior Manager manages a team of consultants, manages client escalations, and leads engagements. This role will have a detailed understanding of framework requirements, perform audit / assessments, and develop reports for clients.

They will also provide quality control and peer review to other members of the delivery staff. They will work closely with Project Managers, Directors, Senior Directors, Managing Principals, Vice President and other Delivery team members to effectively manage project timelines and deliverables.

As a Coalfire Senior Manager, you'll be responsible for directly managing and mentoring 1-4 team members and lead various projects for clients.

For each engagement, you'll focus on the success of the project and achieving overall client satisfaction. You'll work directly with the Director or Senior Director to implement strategic plans to grow the service line and enhance the overall team's capabilities and skillsets.

What You'll Do

• Manage priorities, tasks and hours on projects in conjunction with the project manager and management to achieve delivery utilization targets
• Escalate client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue
• Interface with clients through entire engagement, interacting with all levels of client organizations
• Establish and maintain positive, collaborative relationships with clients and stakeholders
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables
• Manage team, responsible for talent decisions in regard to performance management, compensation and hiring. Provide mentorship and coaching to team members in areas of audit, assessment, technical review and writing
• Continuous professional development in maintaining industry specific certifications. Maintain strong depth of knowledge in the practice area
• Establish account relationships and identify upsell and cross-sell opportunities and escalate to sales
• Ensure team members are achieving project margins and utilization targets
• Lead various assessments from start to finish
• Execute examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4 and 5 requirements.
• Ensure cybersecurity policies are adhered to and that required controls are implemented
• Validate respective information system security plans to ensure NIST control requirements are met
• Finalize assessment results, including SAPs, SRTMs, SARs, RARs and FedRAMP tailored packages
• Author recommendations associated with findings on how to improve the customer's security posture in accordance with NIST controls
• Discover and execute on opportunities to leverage FedRAMP assessment artifacts to create a more streamlined experience for the customer and the customer potential CAP program
• Act as the escalation point and mentor for all staff within your team and project team
• Work with HR and other leaders to create programs to enhance employee satisfaction and increase retention
• Closely follow industry development and trends to develop and maintain industry-specific policies, procedures, and training
• Execute, examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4 and 5
• Ensure cybersecurity policies are adhered to and that required controls are implemented. If the required controls are not implemented provide recommendations to the client to improve their security posture
• Validate respective information system security plans to ensure NIST control requirements are met
• Develop resultant SCA documentation, including but not limited to the required Cloud Security Provider documentation, Cloud Security Provider System Security Plan, Security Assessment Plan, Security Requirements Traceability Matrix and the Security Assessment Report
• Author recommendations associated with findings on how to improve the customer's security posture in accordance with NIST controls
• Lead complex system assessments guiding the customer and all resources successfully through the assessment lifecycle.
• Mentor all project team members on appropriate testing methodologies
• Perform interviews of potential new hires for an intern, associate, consultant, senior consultant and senior manager roles

What You'll Bring

• Minimum of 7 years of working experience in information technology, information security, technical assessment, or audits
• Substantial knowledge of FISMA / FedRAMP security control requirements and how they overlap with additional frameworks
• Significant experience in understanding and applying relevant technical knowledge in FISMA / FedRAMP and assessments within moderate and large hyper-scale CSP environments
• Hold at least two of the following Advanced certifications or equivalent in cybersecurity or cloud : CISSP, CISA, CISM, CRISC, and / or AWS Associate or specialty cert in security
• Knowledge in conducting multi-framework consolidated compliance assessment activities
• Detailed understanding of IT security technologies including network and application security, firewalls, access management, and data protection
• Experience with virtualization and cloud technologies
• Experience with client-server and traditional on-premises architecture
• Familiarity with statutes and regulations across multiple industries relevant to IT
• Ability to lead large complex system assessments independently
• Ability to assist team members with proper artifact collection and detail to clients' examples of artifacts that will satisfy assessment requirements
• Read and interpret all control families
• Read and interpret firewall rulesets and network / boundary / data flow diagram
• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
• Strong Consulting skills; ability to advise and challenge the status quo while building strong relationships
• Ability to build high-trust relationship and credibility quickly
• Ability to lead projects successfully and delegate up and across
• Strong attention to detail
• Strong problem solving, decision making, organizational and analytical skills
• Ability to prioritize and manage multiple initiatives / projects
• Ability to be self-driven and have strong independent initiative
• Strong excel skills with ability to develop worksheets with complex formulas
• Ability to facilitate meetings to small or large groups
• Diplomatic and broad-minded
• Ability to lead teams small to large teams in the assessment and internal environments
• Ability to speak to Cloud Service Providers to resolve issues and come to a conclusion of the assessment
• Bachelors degree in related field (CIS, MIS, IT, or related field)
• Detailed understanding of the FedRAMP Process

Bonus Points

• Knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft
• Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA / HITECH, etc.) and regulatory requirements

The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages.

The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors.

You may also be eligible to participate in annual incentive, commission, and / or recognition programs.

Why You'll Want to Join Us

At Coalfire, you'll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you'll work most effectively - whether you're at home or an office.

Regardless of location, you'll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities.

You'll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you'll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities.

To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team.

J-18808-Ljbffr

Remote working / work at home options are available for this role.