Note: The job is a remote job and is open to candidates in USA. Schellman is a Top 50 CPA firm and a leading provider of attestation and compliance services. As a FedRAMP Senior Associate, you will be responsible for executing projects related to security and privacy audits, working closely with cloud service providers and ensuring compliance with NIST 800-53 controls.
Responsibilities
• Interviewing clouds service providers (CSP) Subject Matter Experts for different fields of the organization such as Human Resources, SecDevOps, SOC/NOC, and Internal Compliance
• Performing walkthroughs of various cloud infrastructure-as-a-service architectures (e.g., AWS, Azure, or OCI)
• Reviewing system security configurations as they pertain to NIST 800-53 security control baselines; and
• Analyzing vulnerability reports, validating encryption configurations, and much more!
• Complying with Schellman’s code of ethics and professional conduct, methodologies, policies, and procedures
• Adhering to the professional and regulatory standards relevant to assigned service line specialization(s)
• Promoting Schellman’s company culture and exemplifying Schellman's values
• Establishing high quality relationships and rapport with client personnel
• Managing client expectations to ensure expectations are exceeded
• Completing assigned duties in a timely manner and with a high attention to detail
• Collaborating with fellow project team members in a productive and timely manner throughout the life cycle of each project
• Adhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasks
• Escalating issues internally in a proper and timely manner
• Using discretion and decorum in the timing, form, and content of all client communications
• Booking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and procedures
• Performing the essential functions of other service delivery positions when qualified and called upon to do so
• Attending project kick-off and closing meetings
• Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicable
• Drafting project deliverables
• Serving as a contact for clients' basic questions regarding an engagement
• Participating in recruiting and candidate interview activities
• Training project team members
• Acclimating newer team members to Schellman
• Contributing to Schellman's practice development efforts
• Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)
• Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)
Skills
• Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified
• Has completed at least one year of service at Schellman or relevant professional services experience in financial auditing, operational auditing, information systems auditing, internal auditing, information security management or consulting and/or risk consulting
• Maintains one or more of the following FedRAMP required R311 certifications: Cisco Certified Network Associate Security (CCNA Security), Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops), Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), GIAC Systems and Network Auditor (GSNA), GIAC Certified Intrusion Analyst (GCIA), Certified Information Systems Auditor (CISA), Certified Information System Security Professional or Associate (CISSP or Associate), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Officer (CISSO), CyberSec First Responder (CFR), CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE), CompTIA Cloud+ (Cloud+), Global Industrial Cyber Security Professional (GICSP), Securing Cisco® Networks with Threat Detection Analysis (SCYBER)
• Working knowledge of Schellman's services, methodology, and relevant professional standards
• Requisite knowledge of applicable technology and security domains
• High level of attention to detail and quality of work product
• Client service oriented
• Excellent time management, organizational, and verbal and written communication skills
• Ability to work on-site or remotely as a valuable contributor to a collaborative team
• Capable of simultaneously managing assigned tasks for multiple projects
• Proficient using Microsoft Word, Excel, and PowerPoint, as well as Schellman's service delivery applications
• Full understanding and application of ethics, independence and Schellman's values
Benefits
• Flexible and balanced environment
• Opportunity to work remotely
• Some travel annually for our Internal Service Delivery roles
• In-person training
• Team meet-ups
• Strategy meetings
Company Overview
• Schellman is a leading provider of attestation and compliance services. It was founded in 2002, and is headquartered in Tampa, Florida, USA, with a workforce of 201-500 employees. Its website is http://schellman.com.