Senior It Fisma Assessor/Auditor

Job Title: Senior IT FISMA Assessor/Auditor

Department: Advisory

Pay Type: SALARIED EXEMPT

Report To: Director, Security & Compliance Advisory

Location: Remote (Must Work East Coast Hours, United States)

Summary of Position Role/Responsibilities

Quzara is at the forefront of cybersecurity, specializing in compliance advisory, cloud security, and managed security operations. We pride ourselves on innovation and dedication, supporting our US Government client's critical missions. We are seeking a seasoned Senior IT FISMA Assessor with a proven background in FISMA compliance, IT-GRC tools, particularly ServiceNow, and extensive experience with NIST SP 800-53. This role is pivotal in leading our assessments, audits, and compliance efforts, ensuring our US Government client meets stringent federal cybersecurity standards.

Essential Functions of the Job

• Conduct and lead FISMA compliance assessments and audits, focusing on NIST SP 800-53 controls within federal environments.
• Utilize IT-GRC tools, emphasizing ServiceNow GRC, for security management, documentation, and risk assessments.
• Provide expert compliance advice, risk mitigation strategies, and strategic security planning to our US Government client.
• Mentor team members on FISMA compliance processes and best practices, fostering a culture of continuous improvement and knowledge sharing.
• Leverage prior attestation experience for preparing and reviewing compliance reports and documentation, ensuring accuracy and completeness.

Marginal Functions of the Job

• Other duties as assigned.

Normal Work Schedule

This is a full-timeposition. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job.

Education, Training, and Experience

• Demonstrated experience as a FISMA Assessor, with a strong foundation in federal IT audits and compliance activities.
• In-depth knowledge of IT-GRC tools and ServiceNow GRC.
• Familiarity with cloud environments and comprehensive understanding of NIST 800-53 controls.
• Advanced cybersecurity certifications (e.g., GCIH, CISA, CISSP) are highly desirable.
• Exceptional communication skills with the ability to effectively engage with stakeholders and lead teams.
• U.S. citizenship is required.

EEO Statement

The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.