Senior Associate, Compliance & Advisory
Full-time
United States – Must Work East Coast Hours
Up to 10% Travel
Primary Purpose and Goal of Role
The Senior Associate, Compliance & Advisory at Quzara plays a pivotal role in enhancing the company's compliance frameworks and cybersecurity posture. This role involves leading comprehensive assessments and audits to ensure adherence to FedRAMP High and other relevant cybersecurity standards, developing strategic compliance processes, and managing high-stakes projects. The goal is to maintain and elevate Quzara’s status as a compliant, secure, and trusted cybersecurity leader.
Responsibilities
- Lead and refine the process of rapid assessments to proactively identify, evaluate, and address risks, gaps, and remediation strategies within information systems.
- Expertly identify and manage FedRAMP Boundary components across multiple customer deployments, ensuring strict adherence to federal compliance requirements.
- Direct and enhance coordination with engineering and other internal teams to demonstrate robust implementation of security compliance controls across technical, management, and operational spectrums.
- Perform detailed audits of security controls to verify and ensure continuous compliance with cloud requirements and governance models.
- Lead the development and continuous improvement of technical materials, operational processes, security policies, and other core documents, ensuring they align with current security standards and practices.
- Manage and analyze compliance metrics to report on performance and recommend enhancements.
- Author comprehensive proposals and manage high-level contract language, demonstrating a deep understanding of compliance and regulatory requirements.
- Direct the development, execution, and follow-up of Plans of Action and Milestones (POA&Ms) to address and mitigate risks effectively.
- Coordinate and lead onsite assessments with external stakeholders, presenting findings and recommendations to both clients and internal executives.
- Conduct interviews with subject matter experts to leverage their knowledge in the development, editing, and revision of critical documentation, including standard operating procedures, system security plans, and policies.
- Utilize advanced technical drawing tools like MS Visio to produce and refine system and security diagrams.
- Document and deliver detailed client reports that outline comprehensive frameworks of policies and procedures, encompassing all legal, physical, and technical controls involved in the organization’s comprehensive risk management strategies.
Requirements
- Master’s degree in Information Technology, Cybersecurity, Law, Business Administration, or a related field.
- Minimum of 7 years of experience in compliance, risk management, or a cybersecurity advisory role, with a significant focus on FedRAMP and other federal compliance frameworks.
- Proven expertise in FedRAMP High, DoD IL4/5, ISO 27001, and related security and compliance standards.
- Demonstrated experience in leading complex projects and teams within high-stakes environments.
- Advanced knowledge and proficiency with tools such as MS Visio for producing technical compliance and architectural diagrams.
- Certified in relevant industry standards and frameworks, such as CISSP, CISM, or similar.
- Exceptional analytical, organizational, and communication skills, capable of effectively articulating complex information to diverse audiences.
- Authorized to work in the U.S. without sponsorship and able to obtain necessary security clearances.
Quzara LLC is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring based on sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.