Job Seekers, Please send resumes to resumes@hireitpeople.comShort Description: This position functions as a team member, reviewing the FedRAMP requirements and determining the process for collecting and evaluating the current SOM policies, processes and procedures, enabling the creation of the required FedRAMP documentation.
Complete Description: This position will work on the CTO’s team to develop, enhance and maintain documentation required for the FedRAMP certification and continuous monitoring process. This individual will be working with Infrastructure and Operation’s (I & O) Audit and Compliance unit to review and interpret FedRAMP controls, enhance existing—and develop new—standards, policies, and procedures, that meet FedRAMP program requirements. This process includes the collection all information needed to achieve initial accreditation, as well as continuous maintenance of required documentation, ensuring the information remains current and is aligned with both the SOM cloud environment, and FedRAMP program. This will include but is not limited to researching and reviewing, establishing best practices, writing documentation and other manuals and materials, and outlining roles and responsibilities required for the broader FedRAMP readiness process.
This individual will be working with DTMB technical staff throughout I & O, Cyber Security, Enterprise Architecture and other technical teams, to transfer their systems drawings, runbooks and technical documents into FedRAMP appropriate formats. Overseeing the writing, editing, publishing and distribution of FedRAMP specific audit documents, documenting compliance processes, audit team roles and responsibilities, and audit policies needed to operationalize the FedRAMP continuous monitoring documenting compliance processes, audit team roles and responsibilities, and audit policies needed to operationalize the FedRAMP continuous monitoring. Ensuring timely completion and consistent formatting of these documents will be a primary function of the position. The resource will be required to participate in weekly technical workshops, project team meetings and 1x1 meetings with team members.
Resources are required to familiarize themselves with both the FedRAMP program, and the types of documentation required for FedRAMP readiness before starting the work at State office. This overview is critical to the candidate’s ability to establish realistic expectations of the scope and type of documentation and work which accompanies the FedRAMP accreditation process.
Skill | Required / Desired | Amount | of Experience |
Experience with performing IT security audits | Required | 15 | Years |
Experience in regulatory compliance audits | Required | 10 | Years |
Advanced knowledge of security standards and regulatory compliance auditing | Required | 10 | Years |
Experience in technical writing for IT Infrastructure projects and programs | Required | 8 | Years |
Advance knowledge and understanding of Cloud Infrastructure | Required | 8 | Years |
Advanced knowledge of NIST Special Publication 800-53 R4 and all NIST family replies, particularly those pertaining to continuous monitoring | Required | 8 | Years |
Capabilities in teaching new concepts to individuals that have limited familiarity with the subject matter | Required | 8 | Years |
Capabilities of reading and analyzing technical and architectural Visio drawings to produce written documentation in support of the SSP | Required | 2 | Years |
Familiarity with typical FISMA and FedRAMP appendices | Desired | 2 | Years |
Working knowledge of System Security Plans for FISMA or FedRAMP | Desired | 2 | Years |
