Back to Jobs

Information Security Risk & Compliance Consultant

Not Disclosed

Job Description & Details

The role is a senior‑level, remote contract gig focused on government‑grade security frameworks. You’ll be the go‑to person for mapping risk, proving compliance, and passing audits for federal, state, or local clients—basically the bridge between tech controls and regulatory bodies.

What You'll Actually Be Doing

You’ll spend most of your day dissecting NIST 800‑53 and CSF controls, building risk assessments (800‑30) and system authorization packages (800‑37). Expect to draft and review System Security Plans, conduct gap analyses, and lead auditors through evidence collection. The job isn’t about writing code; it’s about translating dense compliance language into actionable remediation tickets and convincing stakeholders that the controls actually work.

The Core Tech Stack

The stack is all about standards, not languages. You must be fluent in NIST 800‑53, NIST CSF, FIPS 199/200, and the SAM/SIMM audit packages. Certifications aren’t optional fluff—they prove you can navigate the CISSP domains, CRISC risk‑management lifecycle, and the CISA/CDPSE/GSNA audit mind‑set. The company needs you to own the end‑to‑end compliance lifecycle, from risk identification to continuous monitoring.

Interview Expectations

  1. “Walk me through how you’d conduct a NIST 800‑30 risk assessment for a new cloud service.” They’re looking for a step‑by‑step methodology, evidence‑collection tactics, and how you tie findings back to 800‑53 controls.
  2. “A federal auditor is demanding evidence you’ve implemented FIPS 199 classification. How do you prove it?” Expect you to discuss documentation artifacts, system security plans, and the audit trail you’d provide.

Application Advice

Tailor your résumé to mirror the exact language in the posting: drop “CISSP (5+ years)”, “CRISC (5+ years)”, “NIST 800‑53/CSF”, “FIPS 199/200”, “risk management using NIST 800‑30 & 800‑37”, and “government security audit”. Highlight any past FedRAMP, DoD, or state‑level audit work, and make sure the certifications appear in the top‑right of your resume so the ATS flags them immediately.