Manager, FedRAMP

Job description

Work with a nationally ranked CPA and advisory firm that is passionate for what’s next. Aprio has 30 U.S. office locations, one in the Philippines and more than 2,100 team members that speak 60+ languages across the globe. By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.

Join Aprio’s Risk Advisory & Assurance Services team and you will help clients maximize their opportunities.  Aprio is a progressive, fast-growing firm looking for a Manager, FedRAMP to join their dynamic team.

As a FedRAMP Manager at Aprio, you’ll be able to work with the latest cloud services and technology companies, all of which are looking to test their systems against the tried and true prescriptive controls provided by NIST 800-53.

Working with this team will lead to the natural honing of your technical skills in a variety of fields including cryptography, network structures, system security tools, and CI/CD. Yo will also improve your understanding of organizational controls such as security training programs, configuration management/ system development, and incident response processes. But more than that, a career at Aprio will also support outside opportunities for further education through additional training and the pursuit of industry-accepted certifications such as CISA, CISSP, and others.

Position Responsibilities:

• Review and validate System Security Plans (SSPs), POA&Ms (Plan of Actions and Milestones), and associated artifacts.
• Prepare and deliver detailed assessment reports for Authorization to Operate (ATO) decisions.
• Collaborate with CSP teams to identify gaps in their security posture and recommend remediation strategies.
• Perform in-depth security assessments of cloud service providers (CSPs) against FedRAMP Moderate and High baseline requirements.
• Evaluate technical controls across cloud environments, including access control, encryption, and system monitoring.
• Validate the effectiveness of incident response plans, vulnerability scans, Continuous monitoring, and remediation activities.
• Perform a variety of responsibilities from start to finish during a project, including:
•  Interviewing cloud service providers (CSP) Subject Matter Experts for different fields of the organization, such as Human Resources, SecDevOps, SOC/NOC, and Internal Compliance
• Performing walkthroughs of various cloud infrastructure-as-a-service architectures (e.g., AWS, Azure, or OCI)
• Reviewing system security configurations as they pertain to NIST 800-53 security control baselines
• Analyzing vulnerability reports, validating encryption configurations, and much more!

Qualifications:

• In-depth knowledge of FedRAMP & DoD DISA security control requirements and how they overlap with additional frameworks.
• Experience with the FedRAMP and RMF assessment and authorization processes, having completed at least 10 FedRAMP/DoD assessments.
• Experience understanding and applying relevant technical knowledge to FedRAMP & DoD DISA environments.
• A solid understanding of the FedRAMP Framework and DoD Impact levels IL4, IL5, and IL6.
• Previous work experience with a FedRAMP 3PAO.
• Working knowledge of cybersecurity consulting services, methodology, and relevant professional standards.
• Requisite knowledge of applicable technology and security domains.
• High level of attention to detail and quality of work product.
• Client service oriented.
• Excellent time management, organizational, and verbal and written communication skills.
• Ability to work on-site or remotely as a valuable contributor to a collaborative team.
• Capable of simultaneously managing assigned tasks for multiple projects.
• Proficient in using Microsoft Word, Excel, and PowerPoint, as well as Aprio’s service delivery applications.
• Education and Certifications:
• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field or equivalent professional experience in cybersecurity, cloud compliance, or a similar domain.
• Minimum 5+ years of relevant professional services experience in financial auditing, operational auditing, information systems auditing, internal auditing, information security management or consulting and/or risk consulting.

Preferrable Certifications

• Maintains one or more of the following FedRAMP-required R311 certifications
• Cisco Certified Network Associate Security (CCNA Security)
• Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
• Cybersecurity Analyst (CySA+)
• GIAC Certified Incident Handler (GCIH)
• GIAC Systems and Network Auditor (GSNA)
• GIAC Certified Intrusion Analyst (GCIA)
• Certified Information Systems Auditor (CISA)
• Certified Information System Security Professional or Associate (CISSP or Associate)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Information Systems Security Officer (CISSO)
• CyberSec First Responder (CFR)
• CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)
• CompTIA Cloud+ (Cloud+)
• Global Industrial Cyber Security Professional (GICSP)
• Securing Cisco® Networks with Threat Detection Analysis (SCYBER)

$120,000 - $170,000 a year

The salary range for this opportunity is stated above. As such, an actual salary may fall closer to one or the other end of the range, and in certain circumstances, may wind up being outside of the listed salary range.

Why work for Aprio:

Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.

Perks/Benefits we offer for full-time team members:

- Medical, Dental, and Vision Insurance on the first day of employment

- Flexible Spending Account and Dependent Care Account

- 401k with Profit Sharing

- 9+ holidays and discretionary time off structure

- Parental Leave – coverage for both primary and secondary caregivers

- Tuition Assistance Program and CPA support program with cash incentive upon completion

- Discretionary incentive compensation based on firm, group and individual performance

- Incentive compensation related to origination of new client sales

- Top rated wellness program

- Flexible working environment including remote and hybrid options

What’s in it for you:

- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.

- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience.  We call it the Aprio Way.  This shared mindset creates lasting relationships between team members and with clients.

- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.

- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.

- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.

- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.

EQUAL OPPORTUNITY EMPLOYER

Aprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.

Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.