Cloud Security GRC Consultant

Dark Wolf Solutions•Herndon, VA

1d•$100,000 - $140,000•Hybrid

About The Position

Dark Wolf’s Google Cloud Security Governance, Risk, and Compliance (GRC) Consultants are the Subject Matter Experts (SMEs) responsible for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and related federal security frameworks, such as Federal Risk and Authorization Management Program (FedRAMP), to complex systems hosted on Google Cloud for our federal customers. This high-impact consulting role requires a deep understanding of Google Cloud services and the ability to balance technical security control analysis, strategic risk advising, and the development of comprehensive GRC documentation. The ideal candidate will leverage experience driving systems through the Assessment & Authorization (A&A) lifecycle to achieve an Authorization to Operate (ATO), acting as a crucial liaison between technical teams, security assessors, and Authorizing Officials (AO) to translate complex cloud architecture into verifiable compliance evidence and actionable risk intelligence.

Requirements

4+ years of relevant experience
Experience as an RMF Consultant, ISSM/ISSO, Security Controls Validator, and/or information assurance engineer
Hands-on with eGRC tools like: eMASS, XACTA, RSA Archer, etc.
Ability to clearly articulate ideas for executive level consumption
Demonstrate the ability to adopt expertise by incorporating new knowledge in real-time to solve client challenges
Strong understanding of Google Cloud services and technologies
Excellent communication and teamwork skills
B.A. or B.S. Information Security, Computer Science, or related discipline
US Citizenship and clearable up to a Secret Security Clearance

Nice To Haves

At least one Google Cloud Professional Certification
Experience working within Agile teams
Experience working with Google Cloud compliance products such as Security Command Center and Assured Workloads
Experience working with customers in the U.S. Public Sector
U.S. Federal Government security clearance
Experience with DoD/DISA cybersecurity policies

Responsibilities

Working collaboratively within a fast paced Agile team environment
Staying up-to-date on the latest Google Cloud services and technologies
Implementing security best practices for Google Cloud solutions
Serving as the SME for all federal compliance requirements, including FedRAMP, NIST SP 800-53, and agency-specific security overlays
Supporting development and implementation of innovative methods to achieve compliance with government and commercial cybersecurity frameworks
Conducting detailed technical security control assessments against system components and configurations within the GCP environment, identifying gaps, risks, and recommended mitigations
Managing the development, review, and finalization of all RMF artifacts, including but not limited to the System Security Plan (SSP), Security Controls Traceability Matrix (SCTM), and associated policies and procedures
Providing security and compliance guidance to cloud architecture and engineering teams to ensure security is built-in (DevSecOps principles) from system design through deployment
Utilizing Google Cloud native tools and features to aid in continuous monitoring (ConMon) activities, vulnerability management, and security posture management
Serving as the primary liaison with the Authorizing Official (AO), security assessors (e.g., 3PAOs), and federal agency security teams during control assessments and authorization reviews
Developing and presenting clear, compelling Plan of Action and Milestones (POA&M) entries, advising leadership on system risks, impact, and mitigation strategies
Providing strategic consulting and recommendations to senior management and clients on evolving federal cloud security policy and best practices
Training and mentoring junior team members or system owners on RMF processes, documentation standards, and cloud compliance methodology