GPS - Continuous Monitoring Manager - Supervising Associate

About EY-Parthenon•Atlanta, GA

6d•Hybrid

About The Position

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. From strategy to execution, the Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal, State, Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse, high-performing teams, quality work at the highest professional standards, operational know-how from across our global organization, and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military, veterans and citizens; delivering essential public services; and helping those in need. EY is ready to help our government build a better working world. Our GPS Technology Organization is a structure within the US GPS practice that implements and maintains a new operate and technology model designed specifically to support U.S. defense and Government engagements. The Role As a FedRAMP Continuous Monitoring Supervising Associate, you will support the ongoing monitoring and compliance activities for FedRAMP‑authorized systems within the GPS Technology Organization. You will work closely with ISSOs, system owners, technical teams, and compliance leadership to ensure continuous adherence to FedRAMP, NIST, and internal security requirements.

Requirements

Strong understanding of cloud security and application security concepts.
Ability to interpret and apply NIST and FedRAMP control requirements.
Strong written and verbal communication skills, with the ability to document technical information clearly.
Ability to manage multiple tasks and priorities in a highly regulated environment.
Comfortable working independently while collaborating across technical and compliance teams.
Experience using vulnerability management and GRC tools.
Degree in Information Assurance, Computer Science, or a related field, or equivalent professional experience.
At least 5+ years of experience working with Continuous Monitoring & Compliance, Stakeholder Collaboration & Communication, POA&M & Risk Support and Documentation & Process Support
Experience working in Azure and cloud computing environments.
Security certification aligned to DoD 8570/8144 requirements (e.g., CISSP, CISM, CCISO, or equivalent).
Hands‑on experience supporting FedRAMP and NIST‑based continuous monitoring activities.
Experience participating in a vulnerability management program.

Nice To Haves

Familiarity with SIEM tools and security event monitoring processes.
Experience using automation or scripting to support security monitoring or reporting.
Experience drafting or maintaining SOPs or compliance documentation.
Experience working in highly audited or regulated environments.
Ability to obtain and maintain Top-Secret Security Clearance

Responsibilities

Perform continuous monitoring activities for FedRAMP‑authorized systems, including control validation and evidence review.
Analyze vulnerability scan results, audit events, and configuration deviations; work with technical teams to track remediation efforts.
Support monthly and periodic FedRAMP Continuous Monitoring (ConMon) activities, including artifact preparation, inventory updates, and change tracking.
Maintain familiarity with applicable NIST and FedRAMP requirements, including NIST SP 800‑37, NIST SP 800‑53, and NIST SP 800‑171.
Assist with preparation of FISMA and FedRAMP‑aligned security reports for internal and government stakeholders.
Work closely with Information System Security Officers (ISSOs) , system owners, and project teams to address findings and clarify control implementation.
Communicate security issues, remediation progress, and compliance status to internal stakeholders.
Participate in recurring security and compliance meetings to support risk posture reviews.
Provide mentorship and knowledge‑sharing support to junior security staff as needed.
Support the management of POA&M items, including documentation updates, evidence collection, and status tracking.
Assist in identifying risk mitigation strategies and documenting compensating controls.
Help ensure remediation activities are aligned with FedRAMP timelines and expectations.
Assist with maintaining and updating security documentation, SOPs, and procedural guidance.
Support continuous improvement efforts related to monitoring processes, tooling, and reporting.
Maintain awareness of evolving security threats and compliance requirements.