Consultant Federal Services CCA (CMMC, FedRAMP, NIST)

Consultant – Federal Services CCA (CMMC, FedRAMP, NIST)

at Tevora

Fairfax, VA or Irvine, CA

If you haven’t heard of Tevora, it’s because we’ve done our job!

Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.

About The Role

Tevora is looking for a passionate Information Security Consultant to join the Federal practice who has a solid balance between business acumen and technical expertise. Comfortable across all disciplines of information security, this consultant will be responsible for assessing compliance and risk on a wide variety of client projects for some of the world's largest organizations.

A day in the life could include:

• Lead information security risk and compliance assessments, audits, gap analyses, and remediation planning.
• Actively contributing to projects with a primary focus on CMMC, FedRAMP, StateRAMP, NIST 800-53, FISMA, and NIST 800-171.
• Communicating with and present to project stakeholders to effectively convey requirements of technical and process improvements.
• Assisting in the development of customized policies, procedures, controls, disaster recovery plans and technical documentation for applications, systems, and infrastructure.
• Develop internal processes to support the overall maturity of the Federal practice.
• Possess a working knowledge of IT security and various frameworks (i.e. CMMC, FedRAMP, NIST 800-30, 800-53, 800-60, 800-171, PCI DSS, NYS DFS 500).

Necessary skills and qualifications:

• 5 years of Cybersecurity experience
• 5 years of management experience
• 3 years of assessment or audit experience
• Knowledge of and hands-on experience with CMMC, FedRAMP, and NIST 800-53/NIST 800-171 audits and attestations.
• Deep familiarity with, or experience as a 3PAO to obtain FedRAMP Ready or FedRAMP Authorized status for platforms, systems, and applications.
• Deep familiarity with, or experience as a 3PAO to obtain FedRAMP Ready or FedRAMP Authorized status for platforms, systems, and applications.
• Deep familiarity with, or experience as a C3PAO to obtain CMMC Certification status.
• Knowledge of security architecture, infrastructure, network and systems design.
• Practical and working knowledge of common IT and security concepts including firewall management, server management, SIEM, IDS/IPS, web proxies, access control and authentication, with advanced knowledge in at least one of these areas.
• Experience in securing operating systems.
• Security policy frameworks and control design.
• Experience in managing policy exceptions, including working directly with the teams to document exceptions, identifying compensating controls and remediation action plans.
• Required: CCA
• At least one advanced cybersecurity certification such as: CISSP (preferred), CCA, CCP, PCI QSA, CISA, CISM, ISO 27001, CRISC).
• BCR completion
• Bachelor's Degree from an accredited 4-year university
• Minimum 4 years of experience in information security, information technology, enterprise risk or compliance field.
• US Citizen with Passport
• Valid driver's license
• No criminal record and no bankruptcies or other negative reports on credit reports.

We’ve got you covered!

• Comprehensive benefits offering
• Paid time off and holidays
• 401k with Company match
• Vibrant work culture

Additional requirements:

• A valid driver’s license is required.
• Eligibility to work in the United States.

$115,500 - $141,750 a year

DOE

Bonus Eligible

EEOC Statement

Tevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.