Governance Compliance Specialist
Job Description:
• Manage the Information Assurance Control Calendar by completing assigned compliance activities (e.g., access reviews) and coordinating with stakeholders to ensure periodic tasks (e.g., contingency and incident response plan testing) are completed on schedule.
• Ensure company policies, plans, procedures, and standards are reviewed and updated regularly for accuracy and compliance.
• Maintain and manage the Plan of Action & Milestones (POA&M) for FedRAMP, CMMC, and internal findings to ensure timely resolution of security gaps.
• Lead and facilitate monthly FedRAMP meetings, providing authorizing officials with briefings on all deliverables and program status.
• Lead and oversee the company’s supply chain risk management program, conducting risk assessments for all new and existing vendors, suppliers, and services.
• Lead the CVE (Common Vulnerabilities and Exposures) meeting, providing detailed explanations of vulnerabilities, their impact, and recommended remediation steps to relevant stakeholders.
• Assist the Governance Risk & Compliance Manager in preparing for external assessments (e.g., FedRAMP audits, SOC 2 attestations) by maintaining audit-ready documentation, collecting evidence, and coordinating with stakeholders during the process.
• Ensure all personnel complete mandatory training during onboarding and on a periodic basis as required, and collaborate with relevant teams to develop and update training materials yearly based on evolving security protocols and company requirements.
• Support current and potential customers by providing detailed and timely responses to Requests for Information (RFI).
• Ensure continuous adherence to established regulatory frameworks, including FedRAMP, ISO 27001, CMMC, SOC 2, HIPAA, GDPR, and PCI DSS.
Requirements:
• Four or more years of professional experience in Information Technology, with at least two years in Information Assurance, Information Security, or Risk Management.
• Bachelor's degree in a related field (e.g., computer science, information systems, cybersecurity) or a commensurate number of years of professional experience.
• Proven success in leading complex projects and activities among a multidisciplinary team.
• Demonstrated familiarity with NIST 800-53 and FedRAMP frameworks.
Benefits:
• medical
• dental
• vision
• flexible PTO
• a 401k program
• stock options
Apply tot his job
Apply To this Job
• Manage the Information Assurance Control Calendar by completing assigned compliance activities (e.g., access reviews) and coordinating with stakeholders to ensure periodic tasks (e.g., contingency and incident response plan testing) are completed on schedule.
• Ensure company policies, plans, procedures, and standards are reviewed and updated regularly for accuracy and compliance.
• Maintain and manage the Plan of Action & Milestones (POA&M) for FedRAMP, CMMC, and internal findings to ensure timely resolution of security gaps.
• Lead and facilitate monthly FedRAMP meetings, providing authorizing officials with briefings on all deliverables and program status.
• Lead and oversee the company’s supply chain risk management program, conducting risk assessments for all new and existing vendors, suppliers, and services.
• Lead the CVE (Common Vulnerabilities and Exposures) meeting, providing detailed explanations of vulnerabilities, their impact, and recommended remediation steps to relevant stakeholders.
• Assist the Governance Risk & Compliance Manager in preparing for external assessments (e.g., FedRAMP audits, SOC 2 attestations) by maintaining audit-ready documentation, collecting evidence, and coordinating with stakeholders during the process.
• Ensure all personnel complete mandatory training during onboarding and on a periodic basis as required, and collaborate with relevant teams to develop and update training materials yearly based on evolving security protocols and company requirements.
• Support current and potential customers by providing detailed and timely responses to Requests for Information (RFI).
• Ensure continuous adherence to established regulatory frameworks, including FedRAMP, ISO 27001, CMMC, SOC 2, HIPAA, GDPR, and PCI DSS.
Requirements:
• Four or more years of professional experience in Information Technology, with at least two years in Information Assurance, Information Security, or Risk Management.
• Bachelor's degree in a related field (e.g., computer science, information systems, cybersecurity) or a commensurate number of years of professional experience.
• Proven success in leading complex projects and activities among a multidisciplinary team.
• Demonstrated familiarity with NIST 800-53 and FedRAMP frameworks.
Benefits:
• medical
• dental
• vision
• flexible PTO
• a 401k program
• stock options
Apply tot his job
Apply To this Job