Subject Matter Expert (SME) Cybersecurity Consultant – Control Testing

The SME Cybersecurity Consultant will play a critical role in conducting, guiding, and validating control testing efforts for federal and critical industry clients. This individual will leverage 10+ years of experience in cybersecurity, with a focus on compliance, control assessments, and risk management. The ideal candidate will be a recognized expert in NIST 800-53, NIST 800-37, and FISMA, with strong analytical and communication skills to support high-profile engagements.

• Lead and perform comprehensive cybersecurity control assessments in accordance with NIST 800-53 v5, NIST 800-37, and FISMA requirements.
• Serve as the subject matter expert (SME) for control testing methodologies, providing guidance and mentorship to assessment teams.
• Review and validate control implementation and effectiveness, ensuring compliance with federal regulations and organizational policies.
• Develop and deliver key artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plan of Action and Milestones (POA&Ms).
• Analyze security documentation, configurations, and evidence to assess compliance with security and privacy controls.
• Collaborate with cross-functional teams, including IT, security, and audit teams, to identify, document, and mitigate risks.
• Provide technical expertise in the implementation of the Risk Management Framework (RMF) process, supporting system authorization and accreditation.
• Assist in the preparation for audits, inspections, and other regulatory assessments, ensuring successful outcomes.
• Stay informed about evolving federal cybersecurity regulations, standards, and threats to provide proactive recommendations.
• Communicate assessment findings and recommendations effectively to both technical and non-technical stakeholders, including senior leadership and government clients.

Required Experience and Skills:

• MUST BE A U.S. CITIZEN
• 10+ years of experience in cybersecurity, with a strong focus on control testing and compliance in federal environments.
• In-depth knowledge of NIST 800-53 v5, NIST 800-37, and FISMA frameworks and requirements.
• Proven expertise in conducting control assessments, documenting findings, and developing remediation plans.
• Strong understanding of the Risk Management Framework (RMF) process and its application to federal systems.
• Experience in developing security artifacts, including SSPs, SARs, and POA&Ms.
• Exceptional analytical skills, with the ability to assess complex systems and identify compliance gaps.
• Excellent verbal and written communication skills, with experience briefing senior executives and federal clients.
• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.

Preferred Qualifications:

• Certifications such as CISSP, CAP, CISM, or CRISC.
• Experience in privacy control assessments and integrating privacy requirements into security programs.
• Familiarity with cybersecurity tools and technologies used for testing and validation.