FedRAMP Advisory & Compliance Specialist/Lead (1099) (RegScale-Enabled)

About The Position

Requirements

• FedRAMP Authorization Framework
• NIST Risk Management Framework (RMF)
• NIST SP 800-53 Security Controls
• Continuous Authorization & Continuous Monitoring
• Federal cloud security compliance
• System Security Plans (SSP)
• Security Assessment Plans (SAP)
• Security Assessment Reports (SAR)
• Plan of Action & Milestones (POA&M)
• Customer Responsibility Matrix (CRM)
• Control Implementation Statements
• RegScale (Compliance Automation Platform)
• OSCAL-based machine-readable compliance artifacts
• Vulnerability scanning integrations (e.g., Tenable, Qualys)
• Compliance evidence management systems
• Security control validation and testing
• Vulnerability management
• Security architecture review
• Configuration management
• Encryption and FIPS compliance
• Automated compliance monitoring
• Security telemetry integration
• Real-time compliance dashboards
• Audit readiness reporting

Responsibilities

• Support cloud service providers in achieving FedRAMP authorization through advisory services aligned with federal regulatory frameworks.
• Develop and maintain authorization artifacts including: System Security Plans (SSP) Security Assessment Plans (SAP) Security Assessment Reports (SAR) Plans of Action and Milestones (POA&M
• Assist in implementing automation-first compliance models aligned with FedRAMP modernization initiatives.
• Ensure security controls align with NIST 800-53 and FedRAMP security requirements.
• Develop comprehensive system documentation including system descriptions, authorization boundaries, and network/data flow diagrams.
• Identify and catalog supporting evidence for security control validation.
• Map controls and responsibilities using Customer Responsibility Matrices (CRM) and Control Implementation Summaries (CIS).
• Maintain traceability between policies, controls, and evidence repositories.
• Conduct FedRAMP readiness assessments and documentation reviews.
• Perform gap analyses against FedRAMP control requirements and compliance templates.
• Evaluate system architecture, vulnerability management processes, and encryption mechanisms.
• Develop remediation roadmaps to address compliance gaps.
• Perform internal control assessments to evaluate security control implementation.
• Validate compliance evidence against FedRAMP requirements.
• Document control deficiencies and track remediation activities.
• Support pre-audit preparation and third-party assessment organization (3PAO) engagement readiness.
• Establish automated continuous monitoring (ConMon) processes to maintain authorization status.
• Monitor security posture through integration with vulnerability scanning tools and security platforms.
• Track configuration drift, vulnerabilities, and security control degradation.
• Generate and maintain continuous monitoring reports for agency review.
• Implement and manage compliance activities using GRC automation platforms such as RegScale.
• Configure automated control baselines and compliance workflows.
• Maintain centralized evidence libraries and artifact repositories.
• Generate machine-readable compliance artifacts using OSCAL standards.
• Develop and maintain POA&M remediation plans.
• Track remediation progress and report compliance posture to stakeholders.
• Support risk assessments and issue tracking through automated compliance dashboards.