United States onlyAbout Dispel
Dispel is the fastest-growing cybersecurity company recognized in the 2025 Cybersecurity Excellence Awards. We deliver zero-trust secure remote access and real-time data streaming for operational technology (OT) and industrial control systems (ICS). Our patented Moving Target Defense technology—referenced in NIST 800-172—protects critical infrastructure for utilities serving 54 million+ people, manufacturers producing over 50% of U.S. baby formula, and major defense programs including a $950M IDIQ with the U.S. Air Force
The Role
We’re looking for a Compliance Officer to own Dispel’s FedRAMP authorization and steward our broader portfolio of compliance certifications. You’ll be the primary interface with our agency sponsor, and internal engineering teams—translating complex federal requirements into actionable work while maintaining rigorous evidence collection and documentation practices.
This role is critical to unlocking the federal market and sustaining customer trust across regulated industries. You’ll have the opportunity to shape the program from the ground up at a pivotal moment of growth.
Requirements
FedRAMP Authorization (Primary Focus)
• Own the FedRAMP authorization lifecycle from SSP development through continuous monitoring.
• Serve as primary liaison with our agency sponsor and their FedRAMP AODR.
• Coordinate with our 3PAO on assessment readiness, evidence collection, and remediation tracking.
• Manage SSP, SAR, POA&M, and all FedRAMP deliverables in OSCAL formats.
• Track control implementation across all FedRAMP controls and maintain the Control Responsibility Matrix (CRM).
• Prepare for annual assessments and significant change requests; monitor PMO guidance and Rev 5 requirements, adapting documentation accordingly.
Continuous Monitoring & POA&M (FedRAMP)
• Manage POA&M items end-to-end through remediation.
• Coordinate monthly ConMon deliverables and vulnerability scanning cadence.
• Track deviation requests and risk acceptances with agency authorizing officials.
• Ensure timely submission of significant change requests and security impact analyses.
Multi-Framework Compliance
• Coordinate SOC 2 Type II audits and evidence collection via Drata.
• Support ISO 27001, ISO 9001, and IEC 62443 certification efforts.
• Manage CMMC Level 2 compliance for DoD contract support.
• Map controls across frameworks to reduce duplication and streamline evidence collection.
• Maintain the compliance calendar and a continuous audit-ready posture.
OSCAL & Compliance Automation
• Lead adoption of OSCAL (Open Security Controls Assessment Language) for machine-readable compliance.
• Implement component-based documentation for reusable control narratives.
• Partner with engineering on internal OSCAL tooling and evidence-collection workflows.
• Define requirements for continuous-compliance automation.
Policy, Stakeholders & Security Program
• Maintain security policies aligned with NIST 800-53 Rev 5; keep corporate and FedRAMP boundary documentation consistent.
• Develop and exercise Contingency Plan (ISCP), DRP, and BCP with annual testing.
• Prepare compliance briefings for leadership and the board; interface with federal agency stakeholders.
• Support customer security questionnaires and due diligence requests.
• Partner with the SOC team on audit-log retention, incident response documentation, and playbook alignment.
What You Bring
Required:
• 5–8 years in cybersecurity compliance, GRC, or information security.
• Direct experience with the FedRAMP authorization process (Moderate or High).
• Strong working knowledge of NIST 800-53 Rev 5 and FedRAMP requirements.
• Hands-on experience with SSP development, POA&M management, and 3PAO coordination.
• Familiarity with compliance platforms (Drata, Vanta, Archer, or similar).
• Cloud security compliance experience (AWS required).
• Excellent technical writing, project management, and stakeholder communication skills.
• Ability to translate technical controls into business-understandable terms.
Nice to Have:
• FedRAMP authorization experience specifically.
• Background with federal civilian agencies (Department of State, DHS, etc).
• Knowledge of IEC 62443 and OT/ICS security standards.
• CMMC and DoD compliance experience.
• Hands-on OSCAL experience (catalogs, profiles, component definitions, SSP models).
• AWS GovCloud compliance experience.
• Working knowledge of SOC 2, ISO 27001, and ISO 9001 frameworks.
• Prior startup or high-growth company experience.
Certifications (Preferred, Not Required)
• CISA, CISM, or CISSP.
• FedRAMP 3PAO experience.
• ISO 27001 Lead Auditor or Lead Implementer.
• AWS Certified Security – Specialty.
• CompTIA Security+ or equivalent.
Eligibility:
• Must be a U.S. citizen.
• Ability to obtain and maintain a security clearance preferred.
• Public Trust or higher clearance is a plus for agency interactions.
Benefits
What We Offer:
- 122-151K base + equity and performance bonus eligible
- Full medical, vision, and dental insurance
- Generous PTO
- Remote-first culture with flexible hours
- Opportunity to protect critical infrastructure at scale
- Work with patented, cutting-edge security technology
- Direct ownership of SOC maturation
- Collaborative team with military, federal, and private sector expertise
Security Clearance
- Due to federal customer and FedRAMP requirements, this role requires US Person status (citizen or permanent resident) under ITAR/EAR regulations.
- Ability to obtain and maintain a security clearance preferred
Dispel is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other protected characteristic. We are committed to building a diverse team and encourage applicants from all backgrounds to apply.
CA, MX + 1 more