Rapid Strategy
Subject Matter Expert (SME) Cybersecurity Consultant - Control Testing
Rapid Strategy, Charlotte, NC, United States
Position Summary
The SME Cybersecurity Consultant will play a critical role in conducting, guiding, and validating control testing efforts for federal and critical industry clients. This individual will leverage 10+ years of experience in cybersecurity, with a focus on compliance, control assessments, and risk management. The ideal candidate will be a recognized expert in NIST 800-53, NIST 800-37, and FISMA, with strong analytical and communication skills to support high-profile engagements.
Key Responsibilities
Required Experience and Skills:
The SME Cybersecurity Consultant will play a critical role in conducting, guiding, and validating control testing efforts for federal and critical industry clients. This individual will leverage 10+ years of experience in cybersecurity, with a focus on compliance, control assessments, and risk management. The ideal candidate will be a recognized expert in NIST 800-53, NIST 800-37, and FISMA, with strong analytical and communication skills to support high-profile engagements.
Key Responsibilities
- Lead and perform comprehensive cybersecurity control assessments in accordance with NIST 800-53 v5, NIST 800-37, and FISMA requirements.
- Serve as the subject matter expert (SME) for control testing methodologies, providing guidance and mentorship to assessment teams.
- Review and validate control implementation and effectiveness, ensuring compliance with federal regulations and organizational policies.
- Develop and deliver key artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms).
- Analyze security documentation, configurations, and evidence to assess compliance with security and privacy controls.
- Collaborate with cross-functional teams, including IT, security, and audit teams, to identify, document, and mitigate risks.
- Provide technical expertise in the implementation of the Risk Management Framework (RMF) process, supporting system authorization and accreditation.
- Assist in the preparation for audits, inspections, and other regulatory assessments, ensuring successful outcomes.
- Stay informed about evolving federal cybersecurity regulations, standards, and threats to provide proactive recommendations.
- Communicate assessment findings and recommendations effectively to both technical and non-technical stakeholders, including senior leadership and government clients.
Required Experience and Skills:
- MUST BE A U.S. CITIZEN
- 10+ years of experience in cybersecurity, with a strong focus on control testing and compliance in federal environments.
- In-depth knowledge of NIST 800-53 v5, NIST 800-37, and FISMA frameworks and requirements.
- Proven expertise in conducting control assessments, documenting findings, and developing remediation plans.
- Strong understanding of the Risk Management Framework (RMF) process and its application to federal systems.
- Experience in developing security artifacts, including SSPs, SARs, and POA&Ms.
- Exceptional analytical skills, with the ability to assess complex systems and identify compliance gaps.
- Excellent verbal and written communication skills, with experience briefing senior executives and federal clients.
- Bachelor's degree in Cybersecurity, Information Technology, or a related field.
- Certifications such as CISSP, CAP, CISM, or CRISC.
- Experience in privacy control assessments and integrating privacy requirements into security programs.
- Familiarity with cybersecurity tools and technologies used for testing and validation.