Position Responsibilities:
- Designing, implementing, and continuously improving the County’s cloud information security/privacy compliance program based on applicable policies, local/state/federal laws/regulations and adopted risk management frameworks.
- Designing, implementing, leading cloud-based risk assessments and control gap analysis procedures, activities, documents, and communication plans
- Leveraging NIST 800-53/FedRAMP assessment experience, technical, and program management skills to lead, plan, track, collaborate and report on the cloud governance, risk compliance program deliverables, including scheduling/leading meetings, assigning/tracking action items, and developing status reports.
- Performing cross functional interviews with business, technical and information security partners to determine if information security/privacy controls are implemented correctly, operating as intended, and producing the desired results.
- Communicating program controls, measurements, metrics, and assessment results confidentially, professionally, and effectively, in both written and verbal formats, with business, technical, and third-party stakeholders.
- experience applying governance, risk, compliance principles to public cloud ecosystems such as AWS (Amazon), Azure (Microsoft) and/or (GRC) Google
- experience designing/implementing cloud-based information security/privacy polices mapped to industry standards and regulatory frameworks (e.g., NIST 800-53, FedRAMP, PCI, HIPAA etc.)
- Designing, implementing, and performing cloud-based risk assessments and control gap analysis; identifying, analyzing, and evaluating cloud security/privacy risks through analysis of vendor provided SOC2 and other cloud security control documentation.
- Proven ability to communicate confidentially, professionally, and effectively, in both written and verbal formats, with business, technical, and third-party stakeholders.
- Developing monitoring, gathering, and analyzing information security and compliance metrics for management for the cloud environment
Job Type: Full-time
Salary: $103,279.37 - $150,000.00 per year
Schedule:
- Monday to Friday
Application Question(s):
- Are you a permanent US Citizen?
- Are you willing to come onsite to Rockville, MD
Experience:
- AWS (Amazon), Azure (Microsoft) and/or (GRC) Google: 4 years (Required)
- NIST 800-53/FedRAMP: 4 years (Required)
- cloud-based risk assessments: 4 years (Required)
Ability to Relocate:
- Rockville, MD: Relocate before starting work (Required)
Work Location: In person