IS FedRAMP Advisor

Company Federal Reserve Bank of Richmond

• Act as a technical Subject Matter Expert (SME) on FedRAMP authorization and assurance activities to develop and implement an effective FedRAMP program that leverages National Institute of Standards and Technology (NIST), Federal Risk and Authorization Management Program (FedRAMP), and other applicable standards, policies, and regulations
• W ork collaboratively across teams for compliance and assessment efforts with external third-parties, business partners, vendors, and auditors
• Provide input to business teams with regard to how FedRAMP compliance may impact product updates, SSP updates or the underlying relevant IS processes.
• Conduct and/or participate in information system authorization activities for existing and new technology components based on established technology standards
• Review and perform risk analysis of operational issues using established methodologies and tools within risk and compliance
• Work with Strategic Partners, Product Managers, Product Owners, and product stakeholders to assess current information security capabilities, identify customer needs, and recommend controls improvements within risk and compliance areas
• Analyzes and validates the FedRAMP information collection and reporting process and provides recommendations based upon FedRAMP defined and industry best practices to improve processes and support efforts to integrate Technology outputs to automate Con-Mon and Annual Authorization reports
• Collaborate with partnering functions to complete risk analyses in connection with implementing the security standards
• Routinely present risks, issues, and outcomes, and support reporting processes to provide consultation to clients, colleagues, and management
• Collaborate with other risk/compliance resources to address process improvements, IT/IS policy and standards interpretation, and compliance issues as well as provide input on process improvements and risk monitoring capabilities
• Provides support with creating, updating, and maintaining documentation and evidence / artifacts and support internal efforts to create streamlined document repositories to allow ease of use and long-term maintenance

• Willingness to "roll up one's sleeves," to work and study outside one's comfort zone and motivate the group toward such behavior
• Critical thinking, ability to find new solutions outside traditional frameworks, and recommend changes allowing for alignment with policy and standards
• Strong analytical ability, attention to detail, and focus on data integrity and accuracy.
• Belief in a non-hierarchical culture of interaction, transparency, and trust
• Possess the ability to and affinity for innovating in a collaborative environment
• Strong communication skills with the ability to align the organization on complex technical and security risk decisions.
• Demonstrated ability to develop creative solutions through effective communication, collaboration, and negotiation.
• Proven ability to establish and nurture relationships at all levels of the organization, regularly inviting feedback and input.

• Bachelor's Degree or equivalent experience with 3+ years of relevant work experience.
• Certification in one or more IS industry recognized certifications (such as CISSP, CISA/CISM, GIAC, CRISC, or CCSP etc.) is preferred.
• Strong understanding of common compliance and governance framework security controls and how security controls are implemented
• Demonstrable experience in supporting previous FedRAMP, NIST, FISMA or other similar governance and compliance frameworks
• Knowledge and experience with Cloud IT/IS policy, NIST frameworks, FedRAMP, and FISMA
• Comprehensive risk and controls application to support IT/IS policy and standards
• Experience with understanding, assessing, and applying IT risk management disciplines in support of business lines and overall function
• Ability to develop and present recommendations and solutions to effectively manage risk and compliance with IT standards while participating in operating model that practices Agile and Scrum.
• Experience supporting project and program management that span multiple organizations and business units
• Knowledge of and ability to participate on an agile team
• Experience managing risk assessment, identification, and remediation activities to effectively prioritize risk management within the backlog
• Understands relationship between Product Owner, Scrum Master, and rest of the team, with a strong sense of design alignment to policy and standards (NIST)
• Proven ability to identify and support continuous improvements

• Great medical benefits
• Pension and 401(k) with employer match
• Paid time off
• Tuition reimbursement
• Employee resource networks
• Paid volunteer leave
• Flexible work options
• Onsite amenities that make working here fun

• Candidates should review the Bank's Employee Code of Conduct to ensure compliance with conflict of interest rules and personal investment restrictions.
• If you need assistance or an accommodation due to a disability, please notify rich.recruitment@rich.frb.org.
• Sponsorship is not available for this role. The selected candidate will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Eligibility for this specific position requires U.S. Citizenship.
• The hiring range of the position is $107,000 - $133,800 annually for the Experienced level and $123,200 - $154,000 for the Senior Level
• For candidates outside Richmond, VA, listed hiring and salary ranges may be adjusted based on your geographic location.
• Salary offered will be based on the job responsibilities and the individual's knowledge, skills, and experience as defined in the job qualifications.