What will you do?
Governance and Policy Development
· Develop, implement, and maintain governance policies, SOPs, and related documentation.
· Ensure all policies align with industry standards (e.g., FedRAMP, NIST SP 800-53, ISO 27001 family, and HIPAA).
· Monitor policy effectiveness and recommend updates based on organizational changes or regulatory updates.
Risk Management
· Conduct risk assessments to identify vulnerabilities, threats, and compliance gaps.
· Collaborate with cross-functional teams to design and implement remediation strategies.
· Maintain risk registers and monitor mitigation efforts.
Compliance Oversight
· Support the organization in achieving and maintaining FedRAMP certification.
· Manage periodic audits, security assessments, and readiness activities for compliance frameworks.
· Track and report on compliance metrics, audit findings, and resolution status.
Training and Awareness
· Develop and deliver training programs to enhance employee understanding of compliance policies and procedures.
· Act as a point of contact for compliance-related queries within the organization.
Incident Response and Reporting
· Support incident response processes to ensure effective investigation and reporting of compliance-related incidents.
· Collaborate with stakeholders to implement corrective actions and prevent recurrence.
Vendor and Third-Party Risk Management
· Assess third-party vendors for compliance with organizational policies and standards.
· Ensure contracts include appropriate compliance requirements.
What do you bring to the table?
Education & Experience
· Overall 12- 15 years of relevant experience
· Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or related field (Master’s preferred).
· 3+ years of experience in governance, risk, and compliance roles, with specific experience in FedRAMP compliance.
Knowledge & Skills
· Strong understanding of FedRAMP, NIST SP 800-53, ISO 27001, and other relevant frameworks.
· Experience in drafting policies, procedures, and SOPs.
· Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC).
· Excellent communication and documentation skills.
· Analytical mindset with attention to detail.
Certifications (Preferred)
· Certified Information Systems Security Professional (CISSP)
· Certified Information Systems Auditor (CISA)
· Certified Information Security Manager (CISM)
· ISO 27001 Lead or Internal auditor