Subject Matter Expert (SME) Cybersecurity Consultant - ...

Position Summary The SME Cybersecurity Consultant will play a critical role in conducting, guiding, and validating control testing efforts for federal and critical industry clients. This individual will leverage 10+ years of experience in cybersecurity, with a focus on compliance, control assessments, and risk management. The ideal candidate will be a recognized expert in NIST 800-53, NIST 800-37, and FISMA, with strong analytical and communication skills to support high-profile engagements. Key Responsibilities Lead and perform comprehensive cybersecurity control assessments in accordance with NIST 800-53 v5 , NIST 800-37 , and FISMA requirements . Serve as the subject matter expert (SME) for control testing methodologies, providing guidance and mentorship to assessment teams. Review and validate control implementation and effectiveness, ensuring compliance with federal regulations and organizational policies. Develop and deliver key artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms). Analyze security documentation, configurations, and evidence to assess compliance with security and privacy controls. Collaborate with cross-functional teams, including IT, security, and audit teams, to identify, document, and mitigate risks. Provide technical expertise in the implementation of the Risk Management Framework (RMF) process, supporting system authorization and accreditation. Assist in the preparation for audits, inspections, and other regulatory assessments, ensuring successful outcomes. Stay informed about evolving federal cybersecurity regulations, standards, and threats to provide proactive recommendations. Communicate assessment findings and recommendations effectively to both technical and non-technical stakeholders, including senior leadership and government clients. Qualifications Required Experience and Skills: MUST BE A U.S. CITIZEN 10+ years of experience in cybersecurity, with a strong focus on control testing and compliance in federal environments. In-depth knowledge of NIST 800-53 v5 , NIST 800-37 , and FISMA frameworks and requirements. Proven expertise in conducting control assessments, documenting findings, and developing remediation plans. Strong understanding of the Risk Management Framework (RMF) process and its application to federal systems. Experience in developing security artifacts, including SSPs, SARs, and POA&Ms. Exceptional analytical skills, with the ability to assess complex systems and identify compliance gaps. Excellent verbal and written communication skills, with experience briefing senior executives and federal clients. Bachelor's degree in Cybersecurity, Information Technology, or a related field. Preferred Qualifications: Certifications such as CISSP , CAP , CISM , or CRISC . Experience in privacy control assessments and integrating privacy requirements into security programs. Familiarity with cybersecurity tools and technologies used for testing and validation. #J-18808-Ljbffr

Created: 2025-02-01