Security Controls Assessor (FedRAMP)

Zachary Piper Solutions is seeking a Security Controls Assessor (FedRAMP) for a hybrid job opportunity supporting a government contracting company located in Washington, DC. The Security Controls Assessor (FedRAMP) will assist the client as they migrate systems from on-prem to the cloud. This position is currently remote but will eventually be on-site 1-2 days/week. Responsibilities for the Security Controls Assessor include:• Review relevant policies, schedule activities, and provide recommendations for courses of action• Analyze, document, assess, and manage security and mission requirements • Develop, improve on, and review ATO documents • Assist with process of application in a variety of cloud computing environments Required Qualifications for the Security Controls Assessor include:• 2-5+ years of experience with assessments focused around controls and risk management frameworks• Hands-on experience with FedRAMP and reviewing/executing Security Policy Documentation• Experience with POA&Ms, SSP's, SOP's, Contingency Plans, Incident Response Plans, etc. • Preferred Certifications: CISSP Keywords: RMF, NIST, FedRAMP, DISA Cloud Computing Security Requirements Guide, DISA CC SRG, FISMA, ISO, HIPAA, COBIT, HITECH, CISM, CISSP, NIST,800-53 rev. 3, 800-53 rev. 4, 800-37, Security+, CAP, CISA, contingency plans, security assessment plans, SCA, security control assessment, system security plan, SSP, incident response plan, vulnerabilities, vulnerability management, POA&M, plan of action and milestones, artifact, nessus, retina, ACAS, PKI, continuous monitoring, consulting, SA&A, A&A, C&A, certification, accreditation, information assurance, information security, Virginia, Washington DC, DC, D.C., district of columbia, remote, Maryland, level I, level 1, level ii, level 2, security+, comptia, sec+, security plus, security +, sec +, security+ce, cissp, casp+, casp +, cysa, cysa+, ccna, ccnp, ccna security, ccnasecurity, gicsp, gsec, cnd, sscp, ccnpsecurity, ccnp security, casp+ce, cisa, gced, gcih, ccsp, iat, iat II, iat 2, iat two, iat level 2, iat level two, iat level ii, cloud based, cloud-based, RMF lifecycle, RMFlifecycle, National institute for science and technology, NIST 800, red-ramp, Nist 800-53 Rev.5, risk management framework, AWS, Azure, ISO 27000, ISSO, ISSM, ISSE, information system security officer, information systems security officer, cyber security, cyber security specialist, izo, ize, izm, systems, on-prem, rev 4, rev 5, rev4, rev5, policy security, policy cyber security, security frameworks, enterprise system, enterprise systems, amazon web services, AODR, hybrid, Secret, secret clearance, TS, top secret, clearance, cloud one, cloud 1, ATO package, portfolio management, cloud system, cloud systems, cloud-system, cloud-systems, cyber team, security assessor, risk assessor, controls assessor, risk management assessor, risk framework assessor, assessment, assessments, security assessments