Description & Requirements

The Sensitive Data Compliance Lead Consultant role at Forvis Mazars working with the Sensitive Data Cyber Compliance leadership to define, refine and expand the firm's practice areas and services offerings. This role will be primarily focused on supporting PCI DSS and CMMC projects with clients of all size, complexity, and industry, including international and Fortune 1000 companies, and U.S. Department of Defense contractors.

The right individual will help lead PCI DSS and CMMS projects as an experienced subject matter resource with previous experience with various US federal compliance frameworks, including PCI DSS, CMMC / NIST 800-171, ISO 27001, FISMA, FedRAMP, and NIST CSF.

What You Will Do:

• Lead and execute PCI compliance related assessments and sensitive data compliance assessments for enterprise clients by identifying key risks and gaps and documenting clear reporting with proof-of-concept and recommendations.
• Help execute information security risk and compliance assessments against federal and other government required cyber frameworks, including the Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, NIST 800-53, ISO 27001, FedRAMP, and the NIST Cybersecurity Framework, among others.
• Assesses IT environments and identifies gaps and vulnerabilities that impair compliance with required standards and assists with the documenting of clear reporting with proof-of-concept and recommendations.
• Help the IT Risk & Compliance team maintain industry leading solutions for PCI and other evolving cybersecurity compliance frameworks but pursuing continuing education.
• Lead and conduct assessments based upon NIST 800-171, designed to comply with CMMC Level 2 certification assessments.
• Participate on consulting teams with large enterprise clients in multiple industries to:
• Assist organizations with defining boundaries of in-scope systems.
• Assisting clients with documentation development, including system security plans (SSP), policies/procedures, strategy development, and plans of action and milestones (POAMs).
• Define and integrate solutions, including tools, processes, and data flows to maintain required compliance obligations and reduce cyber risk.
• Effectively manage multiple projects concurrently, helping define and drive project management to keep projects on schedule and within budget.

Minimum Qualifications:

• Bachelor's Degree in Cybersecurity, MIS, Computer Science, or a similar discipline • Payment Card Industry Qualified Security Assessor (PCI QSA) credential.
• Cybersecurity and/or privacy-related certifications (e.g. CISSP, CISA, CISM, preferred).
• Experience providing consulting, assessment, or implementation services associated with federal cyber compliance frameworks, including NIST 800-171, FISMA, or FedRAMP.
• Working knowledge of cyber risk management frameworks (CMMC / NIST 800-171, FISMA, FedRAMP, NIST Cybersecurity Framework, NIST SP 800-53)
• At least 5 years of experience in cybersecurity, IT audit, or governance, risk, and compliance required, including 1 - 2 of the following frameworks:
• Payment Card Industry Data Security Standard (PCI DSS)
• NIST Cybersecurity Framework (CSF)
• Cybersecurity Maturity Model Certification (CMMC) and/or NIST SP 800-171
• ISO 27001 / 27002
• FedRAMP / StateRAMP
• FISMA and NIST SP 800-53
• CIS Critical Security Controls

#LI-ATL, #LI-SGF, #LI-CLTSP, #LI-DFW

#LI-GM1

About Forvis Mazars, LLP

Forvis Mazars, LLP is an independent member of Forvis Mazars Global, a leading global professional services network. Ranked among the largest public accounting firms in the United States, the firm's 7,000 dedicated team members provide an Unmatched Client Experience® through the delivery of assurance, tax, and consulting services for clients in all 50 states and internationally through the global network. Visit forvismazars.us to learn more.

Forvis Mazars, LLP is an equal opportunity/affirmative action employer. Employment selection and related decisions are made without regard to age, race, color, sex, sexual orientation, national origin, religion, genetic information, disability, protected veteran status, gender identity, or other protected classifications. It is Forvis Mazars, LLP standard policy not to accept unsolicited referrals or resumes from any source other than directly from candidates.

Forvis Mazars, LLP expressly reserves the right not to consider unsolicited referrals and/or resumes from vendors including and without limitation, search firms, staffing agencies, fee-based referral services, and recruiting agencies. Forvis Mazars, LLP further reserves the right not to pay a fee to a recruiter or agency unless such recruiter or agency has a signed vendor agreement with Forvis Mazars, LLP. Any resume or CV submitted to any employee of Forvis Mazars, LLP without having a Forvis Mazars, LLP vendor agreement in place will be considered the property of Forvis Mazars, LLP.