Security Compliance SME

Introduction
A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.
You’ll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.
Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role you’ll be encouraged to challenge the norm investigate ideas outside of your role and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role and Responsibilities
The Security Compliance SME will be responsible for compliance related activities related to the SOC. This includes but not limited to providing input to the GSS SSP and ATO documentation; supporting governance and compliance activities of the SOC; policy and process development SOC capability and ZTA assessment and audit support. In addition the security compliance SME will be responsible for reviewing and analyzing vulnerabilities within client environment. Will support the overall program security compliance activities including compliance with government issued guidelines and mandates and SOC improvement activities.

Required Technical and Professional Expertise
10+ years experience leading FISMA/NIST RMF/NIST 800-53 implementation and management
10+ years experience writing reviewing and maintaining ATO documentation including SSPs POA&Ms and security policies
Familiarity with SOC Operations and required processes
10 years of experience with FedRAMP inheritable controls and Customer Responsibility Matrix (CRM) and can clearly elaborate roles and responsibilities and controls to the client.
10+ years of experience supporting/ responding to FISMA/ securiy audit data calls; provide relevant artifacts and control implementation walk throughs.
7+ years’ experience applying hardening guidelines such as CIS benchmark and DISA STIGS and validating hardening implementation once complete.
Ability to collaborate and work well across teams (developemnt infrastucture applications networking etc) and internal and external stakeholders
5+ years experience using Federal Governance Risk & Compliance (GRC) applications (CSAM eMASS Xacta etc.)
Expeience supporting independent assessors during the ATO process and annual security assessments.
Experiene developing polocies and processes
Certified in industry recognized areas such as CISSP CISA or CISM
Excellent organization collaboration project management and team leadership skills
Strong communication skills and experience creating and delivering compliance status and metrics

Preferred Technical and Professional Expertise
2+ years’ experience coordinating across security IT operations audit and development groups to achieve security outcomes