Information Security Consultant (FedRAMP Assessments)

Work location: Fully remote (U.S. based)Citizenship: Must be a U.S. citizenPay: $110,000 - $140,000/yearPosition OverviewFITS is seeking an Information Security (Cybersecurity) Consultant to support and lead cloud security compliance assessments, with a focus on FedRAMP and other frameworks based on NIST SP 800-53. The ideal candidate will take ownership of assessment workstreams, progress quickly into leading full assessments, and consistently deliver high quality, client ready results in a fast-paced consulting environment.Key ResponsibilitiesExecute and help lead NIST SP 800-53-based security assessments, with a primary focus on FedRAMP and/or DISA Impact Level IL4, IL5, and IL6 engagements.Lead and carry out assessment activities by defining scope, managing schedules, coordinating evidence requests, conducting interviews, and establishing testing approaches while ensuring timely progress to completion.Assess control implementation and effectiveness, identify gaps and risks, and define required remediation actions.Produce clear, accurate, and client ready deliverables including assessment workpapers, control evaluation narratives, findings, and POA&M inputs with strong attention to detail and audit rigor. Partner with client stakeholders (security, engineering, governance, and leadership) to gather evidence and explain assessment expectations and results.Perform quality assurance reviews of assessment artifacts developed by team members and provide mentorship to junior staff as needed.Contribute to the ongoing enhancement of FITS assessment processes, templates, and internal knowledge resources supporting federal cloud compliance.Required QualificationsDemonstrated ability to own and deliver complex security compliance assessment work with limited oversight.Minimum of 2 years of experience conducting security assessments within FedRAMP, DISA IL4/IL5/IL6 environments, or other frameworks based on NIST SP 800-53.Demonstrated experience interpreting security requirements, collecting and validating evidence, conducting stakeholder interviews, and documenting control assessments with audit-ready rigor.Strong written and verbal communication skills, including the ability to translate security/compliance requirements for technical and non-technical audiences.Certification requirement: Must hold at least one of the certifications listed in the “Required Certifications (one or more)” section below.Preferred QualificationsHands-on experience developing or assessing FedRAMP authorization packages and artifacts (e.g., SSP, SAP/SAR, RAR, POA&M), with a strong understanding of FedRAMP guidance and baseline requirements.Experience assessing cloud environments such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, along with common cloud service models (IaaS, PaaS, SaaS) and architectures.Experience utilizing governance, risk, and compliance (GRC) tools and managing evidence workflows throughout the assessment lifecycleExperience with industry security frameworks (e.g., ISO/IEC 27001, SOC 2, PCI DSS) and the ability to map and align controls across multiple frameworks.Required Certifications (must have 1 or more of the following)Cisco Certified Network Associate Security (CCNA Security)Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)Cybersecurity Analyst (CySA+)GIAC Certified Incident Handler (GCIH)GIAC Systems and Network Auditor (GSNA)GIAC Certified Intrusion Analyst (GCIA)Certified Information Systems Auditor (CISA) Certified Information System Security Professional or Associate (CISSP or Associate)Certified Secure Software Lifecycle Professional (CSSLP)Certified Information Systems Security Oficer (CISSO)CyberSec First Responder (CFR)CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CASP+ CE)CompTIA Cloud+ (Cloud+)Global Industrial Cyber Security Professional (GICSP)Securing Cisco Networks with Threat Detection Analysis (SCYBER)BCR Cyber Technical Proficiency Testing ActivityAdditional NotesThis is a fully remote position.Some engagements may require the ability to pass a background check and/or meet customer access requirements.Limited travel may be required based on client needs.Equal Opportunity: FITS is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.