Rapid Strategy
Subject Matter Expert (SME) Cybersecurity Consultant - Control Testing
Rapid Strategy, Charlotte, North Carolina, United States, 28245
Position Summary
The
SME Cybersecurity Consultant
will play a critical role in conducting, guiding, and validating control testing efforts for federal and critical industry clients. This individual will leverage
10+ years of experience
in cybersecurity, with a focus on compliance, control assessments, and risk management. The ideal candidate will be a recognized expert in NIST 800-53, NIST 800-37, and FISMA, with strong analytical and communication skills to support high-profile engagements. Key Responsibilities
Lead and perform comprehensive cybersecurity control assessments in accordance with
NIST 800-53 v5 ,
NIST 800-37 , and
FISMA requirements . Serve as the subject matter expert (SME) for control testing methodologies, providing guidance and mentorship to assessment teams. Review and validate control implementation and effectiveness, ensuring compliance with federal regulations and organizational policies. Develop and deliver key artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms). Analyze security documentation, configurations, and evidence to assess compliance with security and privacy controls. Collaborate with cross-functional teams, including IT, security, and audit teams, to identify, document, and mitigate risks. Provide technical expertise in the implementation of the Risk Management Framework (RMF) process, supporting system authorization and accreditation. Assist in the preparation for audits, inspections, and other regulatory assessments, ensuring successful outcomes. Stay informed about evolving federal cybersecurity regulations, standards, and threats to provide proactive recommendations. Communicate assessment findings and recommendations effectively to both technical and non-technical stakeholders, including senior leadership and government clients. Qualifications Required Experience and Skills: MUST BE A U.S. CITIZEN 10+ years of experience
in cybersecurity, with a strong focus on control testing and compliance in federal environments. In-depth knowledge of
NIST 800-53 v5 ,
NIST 800-37 , and
FISMA
frameworks and requirements. Proven expertise in conducting control assessments, documenting findings, and developing remediation plans. Strong understanding of the
Risk Management Framework (RMF)
process and its application to federal systems. Experience in developing security artifacts, including SSPs, SARs, and POA&Ms. Exceptional analytical skills, with the ability to assess complex systems and identify compliance gaps. Excellent verbal and written communication skills, with experience briefing senior executives and federal clients. Bachelor's degree in Cybersecurity, Information Technology, or a related field. Preferred Qualifications:
Certifications such as
CISSP ,
CAP ,
CISM , or
CRISC . Experience in privacy control assessments and integrating privacy requirements into security programs. Familiarity with cybersecurity tools and technologies used for testing and validation.
SME Cybersecurity Consultant
will play a critical role in conducting, guiding, and validating control testing efforts for federal and critical industry clients. This individual will leverage
10+ years of experience
in cybersecurity, with a focus on compliance, control assessments, and risk management. The ideal candidate will be a recognized expert in NIST 800-53, NIST 800-37, and FISMA, with strong analytical and communication skills to support high-profile engagements. Key Responsibilities
Lead and perform comprehensive cybersecurity control assessments in accordance with
NIST 800-53 v5 ,
NIST 800-37 , and
FISMA requirements . Serve as the subject matter expert (SME) for control testing methodologies, providing guidance and mentorship to assessment teams. Review and validate control implementation and effectiveness, ensuring compliance with federal regulations and organizational policies. Develop and deliver key artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms). Analyze security documentation, configurations, and evidence to assess compliance with security and privacy controls. Collaborate with cross-functional teams, including IT, security, and audit teams, to identify, document, and mitigate risks. Provide technical expertise in the implementation of the Risk Management Framework (RMF) process, supporting system authorization and accreditation. Assist in the preparation for audits, inspections, and other regulatory assessments, ensuring successful outcomes. Stay informed about evolving federal cybersecurity regulations, standards, and threats to provide proactive recommendations. Communicate assessment findings and recommendations effectively to both technical and non-technical stakeholders, including senior leadership and government clients. Qualifications Required Experience and Skills: MUST BE A U.S. CITIZEN 10+ years of experience
in cybersecurity, with a strong focus on control testing and compliance in federal environments. In-depth knowledge of
NIST 800-53 v5 ,
NIST 800-37 , and
FISMA
frameworks and requirements. Proven expertise in conducting control assessments, documenting findings, and developing remediation plans. Strong understanding of the
Risk Management Framework (RMF)
process and its application to federal systems. Experience in developing security artifacts, including SSPs, SARs, and POA&Ms. Exceptional analytical skills, with the ability to assess complex systems and identify compliance gaps. Excellent verbal and written communication skills, with experience briefing senior executives and federal clients. Bachelor's degree in Cybersecurity, Information Technology, or a related field. Preferred Qualifications:
Certifications such as
CISSP ,
CAP ,
CISM , or
CRISC . Experience in privacy control assessments and integrating privacy requirements into security programs. Familiarity with cybersecurity tools and technologies used for testing and validation.