Category: Audit & Advisory  

Schedule (FT/PT): Full Time  

Travel Required: No   

Shift: Day  

Potential for Telework: Yes, 100%, Local Applicants Preferred  

Clearance: None Required  

FITS is seeking a PrincipalInformation Security Consultant to support cloud cybersecurity compliance consulting and auditing. Our Principal Information Security Consultants lead engagements where we provide subject matter expertise on contracts supporting cloud service providers large and small who are seeking to achieve or maintain cybersecurity certifications for their cloud service offerings. Team members work diligently and collaboratively to identify risks associated with security gaps in our clients' cloud services and provide recommendations on how those gaps may be addressed. FITS PrincipalInformation Security Consultants provide guidance to clients regarding security requirements for a variety of compliance frameworks and their technical and operational implementations.  

This is a full-time salaried position with compensation based on experience and overall strength of the candidate. The ideal candidate will have meticulous attention to detail, strong communication skills, a broad understanding of IT and cybersecurity topics, and prior experience with security controls.  

What you'll do:  

1. Lead teams through IT system security consultation within cloud-based environments in accordance with NIST 800-53, FedRAMP, CNSSI 1253, and other cybersecurity frameworks 
2. Lead client interviews and assessments of client cloud IT architecture for compliance with security requirements, utilizing strong project management and customer service skills
3. Function as a subject matter expert of IT security concepts, including vulnerability management, risk assessment, incident response, cloud security, and threat detection
4. Support multiple projects simultaneously, assisting others in client engagements and junior team member development 
5. Evaluate risks associated with systems or planned changes and recommend mitigation strategies 
6. Develop IT security deliverables, including security policies, standards, plans, and architectural guidance for client systems 
7. Educate clients on the ins and outs of architecting and maintaining a compliant system efficiently  

Required Qualifications:  

• Clearance: None  
• Citizenship: No requirements  
• Education: Bachelor's Degree from an accredited academic institution in a relevant field (e.g. cybersecurity, IT, computer science) or equivalent experience  
• Experience: 10+ years' experience in cybersecurity, IT audit, or IT/cloud operations  
• Expert knowledge of at least one cybersecurity control framework such as FISMA, FedRAMP, NIST 800-53, SOC2, ISO 27001, PCI DSS, HITRUST CSF  
• Experience with or knowledge of major IaaS/PaaS cloud services: AWS, GCP, Azure 
• Experience with Security Operations 
• Experience implementing information security principles and risk assessment techniques  
• Strong project management skills, including experience managing small teams and completing projects and deliverables with minimal supervisory oversight.   
• Experience managing client relationships   
• Excellent customer service and communication skills, including verbal, written and interpersonal  
• Ability to communicate effectively with technical as well as executive audiences  
• Strong attention to detail, organization, resourcefulness, and critical thinking  

Preferred Qualifications:  

• An advanced degree from an accredited academic institution in a relevant field 
• Demonstrated ability to share knowledge and develop junior team members 
• Certified Information System Security Professional (CISSP)  
• Project Management Institute Project Management Professional (PMP)
• Subject matter expert in FISMA, FedRAMP, and/or NIST 800-53 compliance frameworks 
• Subject matter expert in other cybersecurity frameworks such as SOC2, ISO 27001, PCI DSS, HITRUST CSF 
• Proficiency in one or more of the following areas: virtualization, data visualization and analysis, automation, systems engineering, and/or cloud administration
• Proficiency in one or more of the following areas: system administration, cloud administration, systems engineering, security operations, automation, cybersecurity audit, NOC/SOC analyst 
• Any of the following certifications or similar: 
  • ISACA Certified Information Systems Auditor (CISA) 
  • CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE) 
  • CompTIA Cloud+ (Cloud+) 
  • AWS/Azure/GCP specific certifications  

The successful candidate for this position will be subject to a pre-employment background check.  

Pay Range: $160,000-$180,000 

The FITS pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, or other law.