IBM
Consulting Security Compliance SME Professional Washington, US
IBM, Washington, District of Columbia, us, 20022
Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.Your Role and Responsibilities
The Security Compliance SME will be responsible for Security Assessment and Authorization (SA&A)/ ATO and continuous monitoring of the client General Support System (GSS) and Applications during and after migration to the cloud (Azure Government). In addition, the security compliance SME will be responsible for reviewing and analyzing vulnerabilities for the GSS and applications within the client environment. Will support the overall program security compliance activities including compliance with government issued guidelines and mandates such as OMB 14028, Zero Trust, logging and monitoring, encryption, etc.Required Technical and Professional Expertise
10+ years experience leading FISMA/NIST RMF/NIST 800-53 implementation and management10+ years experience writing, reviewing, and maintaining ATO documentation including SSPs, POA&Ms, and security policies10 years of experience with CSP (Azure Government) FedRAMP inheritable controls and Customer Responsibility Matrix (CRM) and can clearly elaborate roles and responsibilities and controls to the client.10+ years of experience supporting/ responding to FISMA/ security audit data calls; provide relevant artifacts, and control implementation walk throughs.7+ years' experience applying hardening guidelines such as CIS benchmark and DISA STIGS and validating hardening implementation once completeCertified in industry recognized areas such as CISSP, CISA, or CISMPreferred Technical and Professional Expertise
Ability to collaborate and work well across teams (development, infrastructure, applications, etc.) and internal and external stakeholders7+ years experience securing, documenting, and authorizing enterprise cloud environments5+ years experience using Federal Governance, Risk, & Compliance (GRC) applications (CSAM, eMASS, Xacta, etc.)Experience supporting independent assessors during the ATO process and annual security assessments.Experience with Cybersecurity Supply Chain Risk AssessmentExcellent organization, collaboration, project management, and team leadership skillsStrong communication skills and experience creating and delivering compliance status and metrics briefings to senior leadership
#J-18808-Ljbffr
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.Your Role and Responsibilities
The Security Compliance SME will be responsible for Security Assessment and Authorization (SA&A)/ ATO and continuous monitoring of the client General Support System (GSS) and Applications during and after migration to the cloud (Azure Government). In addition, the security compliance SME will be responsible for reviewing and analyzing vulnerabilities for the GSS and applications within the client environment. Will support the overall program security compliance activities including compliance with government issued guidelines and mandates such as OMB 14028, Zero Trust, logging and monitoring, encryption, etc.Required Technical and Professional Expertise
10+ years experience leading FISMA/NIST RMF/NIST 800-53 implementation and management10+ years experience writing, reviewing, and maintaining ATO documentation including SSPs, POA&Ms, and security policies10 years of experience with CSP (Azure Government) FedRAMP inheritable controls and Customer Responsibility Matrix (CRM) and can clearly elaborate roles and responsibilities and controls to the client.10+ years of experience supporting/ responding to FISMA/ security audit data calls; provide relevant artifacts, and control implementation walk throughs.7+ years' experience applying hardening guidelines such as CIS benchmark and DISA STIGS and validating hardening implementation once completeCertified in industry recognized areas such as CISSP, CISA, or CISMPreferred Technical and Professional Expertise
Ability to collaborate and work well across teams (development, infrastructure, applications, etc.) and internal and external stakeholders7+ years experience securing, documenting, and authorizing enterprise cloud environments5+ years experience using Federal Governance, Risk, & Compliance (GRC) applications (CSAM, eMASS, Xacta, etc.)Experience supporting independent assessors during the ATO process and annual security assessments.Experience with Cybersecurity Supply Chain Risk AssessmentExcellent organization, collaboration, project management, and team leadership skillsStrong communication skills and experience creating and delivering compliance status and metrics briefings to senior leadership
#J-18808-Ljbffr