GPS Continuous Monitoring Manager Supervising Associate

From strategy to execution the Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal State Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse high-performing teams quality work at the highest professional standards operational know-how from across our global organization and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military veterans and citizens; delivering essential public services; and helping those in need. EY is ready to help our government build a better working world.

Our GPS Technology Organization is a structure within the US GPS practice that implements and maintains a new operate and technology model designed specifically to support U.S. defense and Government engagements.

The Role

As aFedRAMP Continuous Monitoring Supervising Associate you will support the ongoing monitoring and compliance activities for FedRAMPauthorized systems within the GPS Technology Organization. You will work closely with ISSOs system owners technical teams and compliance leadership to ensure continuous adherence to FedRAMP NIST and internal security requirements.

Key Responsibilities

Continuous Monitoring & Compliance

• Perform continuous monitoring activities for FedRAMPauthorized systems including control validation and evidence review.
• Analyze vulnerability scan results audit events and configuration deviations; work with technical teams to track remediation efforts.
• Support monthly and periodic FedRAMP Continuous Monitoring (ConMon) activities including artifact preparation inventory updates and change tracking.
• Maintain familiarity with applicable NIST and FedRAMP requirements including NIST SP 80037 NIST SP 80053 and NIST SP 800171.
• Assist with preparation of FISMA and FedRAMPaligned security reports for internal and government stakeholders.

Stakeholder Collaboration & Communication

• Work closely with Information System Security Officers (ISSOs) system owners and project teams to address findings and clarify control implementation.
• Communicate security issues remediation progress and compliance status to internal stakeholders.
• Participate in recurring security and compliance meetings to support risk posture reviews.
• Provide mentorship and knowledgesharing support to junior security staff as needed.

POA&M & Risk Support

• Support the management of POA&M items including documentation updates evidence collection and status tracking.
• Assist in identifying risk mitigation strategies and documenting compensating controls.
• Help ensure remediation activities are aligned with FedRAMP timelines and expectations.

Documentation & Process Support

• Assist with maintaining and updating security documentation SOPs and procedural guidance.
• Support continuous improvement efforts related to monitoring processes tooling and reporting.
• Maintain awareness of evolving security threats and compliance requirements.

Skills & Attributes for Success

• Strong understanding of cloud security and application security concepts.
• Ability to interpret and apply NIST and FedRAMP control requirements.
• Strong written and verbal communication skills with the ability to document technical information clearly.
• Ability to manage multiple tasks and priorities in a highly regulated environment.
• Comfortable working independently while collaborating across technical and compliance teams.
• Experience using vulnerability management and GRC tools.

To qualify for the role you must have

• Degree in Information Assurance Computer Science or a related field or equivalent professional experience.
• At least 5 years of experience working with Continuous Monitoring & Compliance Stakeholder Collaboration & Communication POA&M & Risk Support and Documentation & Process Support
• Experience working in Azure and cloud computing environments.
• Security certification aligned to DoD 8570/8144 requirements (e.g. CISSP CISM CCISO or equivalent).
• Handson experience supporting FedRAMP and NISTbased continuous monitoring activities.
• Experience participating in a vulnerability management program.

Ideally youll also have

• Familiarity with SIEM tools and security event monitoring processes.
• Experience using automation or scripting to support security monitoring or reporting.
• Experience drafting or maintaining SOPs or compliance documentation.
• Experience working in highly audited or regulated environments.
• Ability to obtain and maintain Top-Secret Security Clearance