United States onlyOur client is an innovative technology partner to government and emergency response organizations, delivering mission-critical, cloud-based solutions that demand the highest levels of security and regulatory compliance. As they rapidly expand their partnerships with federal and state agencies, they are investing heavily in the infrastructure needed to achieve and sustain FedRAMP authorization and broader regulatory compliance across their platform. This is a full time and fully remote position.
Key Responsibilities:TO Readiness & Control Implementation
Drive and support ATO readiness efforts across NIST 800-53, CMMC, and SOC 2 frameworks, focusing heavily on hands-on control implementation and evidence generation.
Prepare, manage, and maintain ATO package documentation (SSPs, POA&Ms, and supporting artifacts), ensuring continuous accuracy, completeness, and audit-readiness.
Coordinate seamlessly with external consultants and assessors, integrating their feedback into remediation strategies and documentation updates.
Proactively track remediation progress and control gaps, escalating blockers and risks as needed.
Governance, Policy, & Controls
Draft, refine, and operationalize robust security policies, procedures, and standards aligned with applicable regulatory frameworks.
Ensure controls are comprehensively documented with clear ownership, concrete implementation evidence, and recurring review cycles.
Partner with Technology, Product, and Operations teams to seamlessly embed compliance requirements into existing workflows and toolsets.
Risk Management & Continuous Monitoring (ConMon)
Manage and maintain the POA&M, driving the timely closure of identified gaps in tight coordination with system and control owners.
Support ConMon activities, including meticulous log reviews, control validation, and recurring evidence collection.
Assist with risk assessments, vendor security reviews, and the tracking of corrective actions.
Maintain a state of ongoing audit preparedness through disciplined recordkeeping and strict process adherence.
Cross-Functional Collaboration
Serve as an approachable, knowledgeable compliance champion for Engineering, Infrastructure, and Operations teams.
Translate rigid control requirements and framework language into clear, practical guidance that business owners can easily act on.
Facilitate collaborative working sessions with system owners to gather evidence, clarify control expectations, and resolve complex implementation questions.
Communicate clearly and frequently on status, timelines, and open items to ensure stakeholders remain aligned.
3–6 years of demonstrated experience in GRC, federal security compliance, or a closely related technical role.
Deep, hands-on familiarity with NIST 800-53 is required.
Proven track record of preparing ATO packages, SSPs, and POA&Ms.
Solid working knowledge of CMMC, SOC 2, or NIST 800-171 environments.
Demonstrated ability to implement and evidence controls, not just document them.
Strong organizational and project management skills, with the ability to manage multiple complex workstreams with minimal oversight.
Clear, highly effective written and verbal communication skills.
U.S. citizenship is required; ability to support stringent federal compliance requirements.
