Compliance Officer, FedRAMP (Remote- US Based)

About The Position

Requirements

• 5–8 years in cybersecurity compliance, GRC, or information security.
• Direct experience with the FedRAMP authorization process (Moderate or High).
• Strong working knowledge of NIST 800-53 Rev 5 and FedRAMP requirements.
• Hands-on experience with SSP development, POA&M management, and 3PAO coordination.
• Familiarity with compliance platforms (Drata, Vanta, Archer, or similar).
• Cloud security compliance experience (AWS required).
• Excellent technical writing, project management, and stakeholder communication skills.
• Ability to translate technical controls into business-understandable terms.
• Must be a U.S. citizen.
• Ability to obtain and maintain a security clearance preferred.

Nice To Haves

• FedRAMP authorization experience specifically.
• Background with federal civilian agencies (Department of State, DHS, etc).
• Knowledge of IEC 62443 and OT/ICS security standards.
• CMMC and DoD compliance experience.
• Hands-on OSCAL experience (catalogs, profiles, component definitions, SSP models).
• AWS GovCloud compliance experience.
• Working knowledge of SOC 2, ISO 27001, and ISO 9001 frameworks.
• Prior startup or high-growth company experience.
• CISA, CISM, or CISSP certifications.
• FedRAMP 3PAO experience.
• ISO 27001 Lead Auditor or Lead Implementer certifications.
• AWS Certified Security – Specialty certification.
• CompTIA Security+ or equivalent certification.
• Public Trust or higher clearance is a plus for agency interactions.

Responsibilities

• Own the FedRAMP authorization lifecycle, including SSP development and continuous monitoring.
• Serve as the primary liaison with the agency sponsor and their FedRAMP AODR.
• Coordinate with the 3PAO for assessment readiness, evidence collection, and remediation tracking.
• Manage FedRAMP deliverables such as SSP, SAR, POA&M, and OSCAL formats.
• Track control implementation and maintain the Control Responsibility Matrix (CRM).
• Prepare for annual assessments and significant change requests, adapting documentation to PMO guidance and Rev 5 requirements.
• Manage POA&M items from initiation to remediation.
• Coordinate monthly Continuous Monitoring deliverables and vulnerability scanning.
• Track deviation requests and risk acceptances with agency authorizing officials.
• Ensure timely submission of significant change requests and security impact analyses.
• Coordinate SOC 2 Type II audits and evidence collection using Drata.
• Support ISO 27001, ISO 9001, and IEC 62443 certification efforts.
• Manage CMMC Level 2 compliance for DoD contract support.
• Map controls across frameworks to minimize duplication and streamline evidence collection.
• Maintain the compliance calendar and ensure continuous audit readiness.
• Lead the adoption of OSCAL for machine-readable compliance.
• Implement component-based documentation for reusable control narratives.
• Partner with engineering on internal OSCAL tooling and evidence-collection workflows.
• Define requirements for continuous-compliance automation.
• Maintain security policies aligned with NIST 800-53 Rev 5 and ensure consistency in corporate and FedRAMP boundary documentation.
• Develop and exercise Contingency Plan (ISCP), DRP, and BCP with annual testing.
• Prepare compliance briefings for leadership and the board, and interface with federal agency stakeholders.
• Support customer security questionnaires and due diligence requests.
• Partner with the SOC team on audit-log retention, incident response documentation, and playbook alignment.

Benefits

• 122-151K base salary
• Equity and performance bonus eligible
• Full medical, vision, and dental insurance
• Generous PTO
• Remote-first culture with flexible hours
• Opportunity to protect critical infrastructure at scale
• Work with patented, cutting-edge security technology
• Direct ownership of SOC maturation
• Collaborative team with military, federal, and private sector expertise