Cloud Security GRC Consultant

Dark Wolf’s Google Cloud Security Governance, Risk, and Compliance (GRC) Consultants are the Subject Matter Experts (SMEs) responsible for applying the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and related federal security frameworks, such as Federal Risk and Authorization Management Program (FedRAMP), to complex systems hosted on Google Cloud for our federal customers. This high-impact consulting role requires a deep understanding of Google Cloud services and the ability to balance technical security control analysis, strategic risk advising, and the development of comprehensive GRC documentation. The ideal candidate will leverage experience driving systems through the Assessment & Authorization (A&A) lifecycle to achieve an Authorization to Operate (ATO), acting as a crucial liaison between technical teams, security assessors, and Authorizing Officials (AO) to translate complex cloud architecture into verifiable compliance evidence and actionable risk intelligence.

Responsibilities:

• Working collaboratively within a fast paced Agile team environment


• Staying up-to-date on the latest Google Cloud services and technologies


• Implementing security best practices for Google Cloud solutions


• Serving as the SME for all federal compliance requirements, including FedRAMP, NIST SP 800-53, and agency-specific security overlays


• Supporting development and implementation of innovative methods to achieve compliance with government and commercial cybersecurity frameworks


• Conducting detailed technical security control assessments against system components and configurations within the GCP environment, identifying gaps, risks, and recommended mitigations


• Managing the development, review, and finalization of all RMF artifacts, including but not limited to the System Security Plan (SSP), Security Controls Traceability Matrix (SCTM), and associated policies and procedures


• Providing security and compliance guidance to cloud architecture and engineering teams to ensure security is built-in (DevSecOps principles) from system design through deployment


• Utilizing Google Cloud native tools and features to aid in continuous monitoring (ConMon) activities, vulnerability management, and security posture management


• Serving as the primary liaison with the Authorizing Official (AO), security assessors (e.g., 3PAOs), and federal agency security teams during control assessments and authorization reviews


• Developing and presenting clear, compelling Plan of Action and Milestones (POA&M) entries, advising leadership on system risks, impact, and mitigation strategies


• Providing strategic consulting and recommendations to senior management and clients on evolving federal cloud security policy and best practices


• Training and mentoring junior team members or system owners on RMF processes, documentation standards, and cloud compliance methodology
  
  

Required Qualifications:

• 4+ years of relevant experience


• Experience as an RMF Consultant, ISSM/ISSO, Security Controls Validator, and/or information assurance engineer


• Hands-on with eGRC tools like: eMASS, XACTA, RSA Archer, etc.


• Ability to clearly articulate ideas for executive level consumption


• Demonstrate the ability to adopt expertise by incorporating new knowledge in real-time to solve client challenges


• Strong understanding of Google Cloud services and technologies


• Excellent communication and teamwork skills


• B.A. or B.S. Information Security, Computer Science, or related discipline


• US Citizenship and clearable up to a Secret Security Clearance

Preferred Qualifications:

• At least one Google Cloud Professional Certification


• Experience working within Agile teams


• Experience working with Google Cloud compliance products such as Security Command Center and Assured Workloads


• Experience working with customers in the U.S. Public Sector


• U.S. Federal Government security clearance


• Experience with DoD/DISA cybersecurity policies

This position will be a hybrid role based out of multiple hubs including: Herndon, VA, Tampa, FL, Huntsville, AL, Colorado Springs, CO, Ogden, UT, and Omaha, NE.

The salary range for this position is estimated to be between $100,000.00 - $140,000.00, commensurate on experience and technical skillset.

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.

We are strictly looking for direct, full-time W2 employees. We do not engage with third-party staffing agencies, C2C, or 1099 independent contractors for this role.