Principal Cloud Security Compliance Specialist (Remote)

The Principal Cloud Security Compliance position conducts security control tests of design and operating effectiveness, identifies observations and manages remediation tasks through to closure, identifies opportunities for security compliance control automation, communicates with internal and external stakeholders on compliance issues educates control owners on compliance workflows/processes and performs audits/assessments of SaaS Systems to ensure compliance with applicable laws and government regulations.Excellent writing skills are required, as the majority of work includes documenting findings, observations and deliverables. The position requires the ability to write comprehensive reports and brief key staff members, groups, and leadership across Cloud Security, and gather and report on established metrics within the security compliance programs. Additionally, the position requires a high level of technical expertise and the ability to conduct open-source and internal research to identify current threat indicators, exploits, vulnerabilities, and impacts on the current control environment. The successful candidate must have strong communication skills including the ability to provide training and briefings to all levels of Deltek staff and industry partners, in addition to, excellent follow-up and problem-solving skills.Qualifications:Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or a related field is required.Technical experience and skills, coursework completed toward a degree, and industry IT certifications (i.e., CISSP, CISA) may be considered substitutes for education and experience.Information Assurance Certifications preferred (CISSP/CISA, CCSP, Security+, GSEC, CRISC, or equivalent)A minimum of 3 years prior experience in a highly regulated security environment is preferred.Advanced academic degrees and/or certifications in Information Assurance, Information Security, or IT certifications may be considered substitutes for regulated security experience.Experience in compliance auditing, security reviews, or vulnerability assessments.The candidate must possess an in-depth knowledge of information security principles and policies including the Risk Management framework (RMF) as presented by the National Institute of Standards and Technology (NIST)Technical experience and skill securing operating systems such as Linux, Windows Server/client OS, and virtualization technologies.Experience using vulnerability scanning tools, audit reduction tools, and endpoint security products.Experience assessing vulnerabilities.Working experience directly related to certification and authorization using any of the following:CMMC / NIST 800-171NIST 800-53 / Risk Management framework (RMF)AICPA SOC 1 and 2Knowledge of System Security Plans (SSPs) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Reports, and Continuous Monitoring StrategiesWilling to work US shift schedule (7PM-4AM)