Senior Information Security Internal Auditor

What you'll do:

• Develop and manage the internal audit program as part of the Compliance portfolio based on FedRAMP Moderate requirements, and other applicable standards.
• Diligently maintain the company’s Information Security and Privacy Framework and underlying policies, procedures, standards and guidelines.
• Conduct NIST 800-53 compliance audits and assessments and provide recommendations based upon FedRAMP defined controls and industry best practices
• Be fully responsible for Monthly FedRAMP ConMon assessments and submissions
• Will work closely with engineering and operation teams to ensure timely delivery of FedRAMP documents and meeting project milestones and objectives
• Liaise with auditors, articulate control implementation and impact, and describe considerations for applying security and compliance concepts to a technical cloud environment.
• Represent Compliance on FedRAMP, and other certification project and strategies
• Provide the necessary support with maintaining documentation/evidence/artifacts
• Manage and organize the audits and documents using a GRC System
• Create audit plans and audit reports
• Keep documentation organized and document processes and guidelines
• Develop approach for continuous monitoring efforts and recertifications
• Assist with other audit activities as needed
• Facilitate external audits

Want more jobs like this?

Get jobs in Gunnison, CO delivered to your inbox every week.

Get Jobs

Send me The Muse newsletters for the best in career advice and job search tips.

By signing up, you agree to our Terms of Service & Privacy Policy.

What you'll bring:

• Experience working with FedRAMP, NIST 800-53, FISMA, and/or similar governance and compliance framework
• Strong understanding of FedRAMP information collection and reporting process
• Experience in reports development (status, metrics, and measures)
• Minimum 3 years of experience in security, assessments or compliance consulting or advisory work in in support of a highly technical environment.
• Minimum 3 years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. FedRAMP, SOC 2, Bsi C5, or ISO 27001).
• Knowledge of Information Management policies, requirements, and best practices
• Ability to communicate in a clear and well-organized fashion and to influence decision-makers, both verbally and in writing
• Ability to lead with initiative and persuasiveness
• Excellent interpersonal and organizational skills
• CIA, CISA, CCSP, ISO 27001 Auditor Certification are a plus