IT Audit Senior managing client expectations and delivering detailed audit analyses and findings. Collaborating with management on IT audit engagements in a leading advisory firm.
About the role
- Cyber Security SME ensuring the security and compliance of enterprise cloud applications. Collaborating across teams to achieve and maintain security authorization requirements.
Responsibilities
- Lead and coordinate efforts to obtain and maintain ATO/ATC for production systems, ensuring compliance with applicable security frameworks.
- Partner with Development, Cloud, and DevSecOps teams to integrate security throughout the SDLC and CI/CD pipelines, ensuring secure-by-design implementations.
- Review and contribute to system architectures, data flows, and Concept of Operations (CONOPS) documents to ensure alignment with Zero Trust principles and organizational security policies.
- Support and track the remediation of vulnerabilities and deficiencies identified through scans, assessments, and audits; create and manage Plans of Action & Milestones (POA&Ms) as required.
- Develop and maintain enterprise cybersecurity standards, guidelines, and best practices to ensure consistent implementation of security controls across all program systems.
- Support ongoing assessment and authorization (A&A) activities, including risk assessments, configuration management, and continuous monitoring reporting.
- Guide teams in applying Zero Trust Architecture (ZTA) principles—identity-centric access control, micro-segmentation, least privilege, and continuous validation—to all system designs and processes.
Requirements
- 5+ years of progressive experience in cybersecurity, with at least 3 years supporting federal ATO/ATC processes.
- In-depth knowledge of NIST RMF, FedRAMP, and Zero Trust Architecture frameworks.
- Experience collaborating with ISSOs, ISSMs, SCAs, and engineering teams.
- Familiarity with AWS cloud environments and DevSecOps pipelines.
- Strong technical understanding of network security, IAM, encryption, and vulnerability management.
- Excellent communication and coordination skills.
- Preferred Qualifications: CISSP, CISM, CAP, or equivalent cybersecurity certification.
- Experience with containerized applications, infrastructure as code (IaC), and continuous compliance tools.
Benefits
- Ability to Obtain a Public Trust clearance
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Enterprise Security Architect specializing in Digital Workspace security at Novartis. Responsible for ensuring security standards and practices across IT functions and collaborating with various teams.
Cyber Security Engineer responsible for administering security tools and projects. Collaborating with stakeholders to ensure the overall Cyber Security of the firm.
Facility Security Officer responsible for developing and administering security programs for classified materials. Overseeing compliance with federal security regulations at the Rochester, NY site.
Security Support D managing security processes essential for classified operations. Focused on document control, compliance, and training within a regulated environment.
Intern supporting cybersecurity consulting with Guidehouse's federal clients. Engaging in hands - on projects and learning development opportunities within a structured internship program.
Security Engineering Manager leading network security engineering team at General Motors. Ensuring the reliability, performance, and security of global network infrastructure supporting automotive technologies.
VP, Information Security Officer managing cyber risk and advisory services at State Street. Collaborating with teams to protect digital assets and enhance security measures across the organization.
Senior Security Consultant enhancing AI security solutions at BAE Systems. Conducting security assessments and advising clients on AI risk management in national security projects.
IT Security Specialist focusing on cyber defense within a family - owned company. Responsibilities include managing firewalls, monitoring threats, and implementing security solutions.