What are the responsibilities and job description for the Senior IT Auditor- FedRAMP position at Schellman Compliance, LLC?
Schellman is a leading provider of attestation and compliance services. Our professional services focus on security and privacy audits, assessments, and certifications. Schellman has become one of the largest cybersecurity assessment firms in the United States without providing any traditional accounting services, such as financial statement audits or tax preparation services, as other CPA firms. We are an accredited multi-framework ISO Certification Body for security, privacy, business continuity, and quality; a globally licensed PCI Qualified Security Assessor and a top provider to clients serving the federal DoD space as a leading FedRAMP 3PAO and the first assessment firm authorized as a CMMC C3PAO. Have experience performing NIST compliance in the federal space, but want to work with technologies of this century? Look no further than a career as a FedRAMP 3PAO assessor. As a FedRAMP Senior Associate at Schellman, you'll be able to work with the latest cloud services and technology companies, all of which are looking to test their systems against the tried and true prescriptive controls provided by NIST 800-53. FedRAMP Senior Associates perform a variety of responsibilities from start to finish during a project, including: Interviewing clouds service providers (CSP) Subject Matter Experts for different fields of the organization such as Human Resources, SecDevOps, SOC/NOC, and Internal Compliance; Performing walkthroughs of various cloud infrastructure-as-a-service architectures (e.g., AWS, Azure, or OCI); Reviewing system security configurations as they pertain to NIST 800-53 security control baselines; and Analyzing vulnerability reports, validating encryption configurations, and much more! Working in Schellman’s Federal Practice will lead to the natural honing of your technical skills in a variety of fields including cryptography, network structures, system security tools, and CI/CD. You’ll also improve your understanding of organizational controls such as security training programs, configuration management/ system development, and incident response processes. But more than that, a career at Schellman will also support outside opportunities for further education through additional training and the pursuit of industry-accepted certifications such as CISA, CISSP, and others. Come join us for the opportunity to take your career to the next level! Essential Functions Complying with Schellman’s code of ethics and professional conduct, methodologies, policies, and procedures Adhering to the professional and regulatory standards relevant to assigned service line specialization(s) Promoting Schellman’s company culture and exemplifying Schellman's values Establishing high quality relationships and rapport with client personnel Managing client expectations to ensure expectations are exceeded Completing assigned duties in a timely manner and with a high attention to detail Collaborating with fellow project team members in a productive and timely manner throughout the life cycle of each project Adhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasks Escalating issues internally in a proper and timely manner Using discretion and decorum in the timing, form, and content of all client communications Booking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and procedures Performing the essential functions of other service delivery positions when qualified and called upon to do so Attending project kick-off and closing meetings Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicable Drafting project deliverables Serving as a contact for clients' basic questions regarding an engagement Participating in recruiting and candidate interview activities Training project team members Acclimating newer team members to Schellman Contributing to Schellman's practice development efforts Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s) Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.) Knowledge, Skills and Abilities Working knowledge of Schellman’s services, methodology, and relevant professional standards Requisite knowledge of applicable technology and security domains High level of attention to detail and quality of work product Client service oriented Excellent time management, organizational, and verbal and written communication skills Ability to work on-site or remotely as a valuable contributor to a collaborative team Capable of simultaneously managing assigned tasks for multiple projects Proficient using Microsoft Word, Excel, and PowerPoint Full understanding and application of ethics, independence and Schellman’s values Education, Work Experience and Certifications Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified 2 years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on Federal projects 1 years of experience in performing FedRAMP assessments and familiarity with the NIST risk management framework and cloud computing technologies Preferred: 1 years of experience within a 3PAO, national consulting firm, accounting firm or large corporation that assists in FedRAMP assessments Maintains (preferred) or working towards obtaining least one certification relevant to Schellman's services (i.e. CISSP, AWS or CISA) Ability to work well independently, within a team and with clients as well as travel ~15-25% (M-Th) Schellman is an equal opportunity employer (EOE) and strongly supports diversity in the workplace; therefore, providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. Schellman uses E-Verify in our hiring process. At Schellman, we strive to provide a flexible and balanced environment and therefore offer the opportunity to work remotely, unless otherwise stated in the job requirements. Connecting, collaborating and continuous education are also highly valued and therefore we require approximately 20% travel annually for our Operations roles, which can include in-person training, team meet-ups, and strategy meetings. Service Delivery team members will also be required to travel based on business and client needs. Schellman is the only Top 100 CPA firm to specialize in IT Audit and Cybersecurity. Not all CPA firms are created equally, and we pride ourselves on our differences, including promotions only from within, the ability to contribute and be heard, and most importantly, great work-life balance. The biggest difference? We don’t perform any remediation or consulting. Our pace is fast and therefore, we are not the best fit for everyone. As we continue to be named one of the fastest-growing CPA firms, we are adding to our teams and currently conducting interviews. If you’ve always thought of yourself as someone who sets themselves apart from the crowd, as someone who likes to be visible, have their contributions noted, moves quickly and likes the feeling of completion, you’re the exact type of candidate we’re searching for.