FedRAMP Compliance Coordinator

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• 3+ years of experience in federal compliance (FedRAMP, FISMA, or RMF).
• Deep understanding of NIST 800-53 Rev. 5 control families.
• Hands-on experience with OSCAL or structured data formats (JSON, XML, YAML).
• Familiarity with cloud-native security tools (e.g., AWS GuardDuty, Azure Security Center, or automated GRC platforms).
• At least one of the following is required: CISSP, CISA, CISM, or FedRAMP Specialized Training credentials.
• This position requires a Public Trust background investigation.

Nice To Haves

• Ability to interpret machine-readable security data rather than just reviewing static documents.
• Experience working in an environment transitioning to FedRAMP 20x and "Continuous Authorization" models.
• Exceptional ability to translate complex technical risks into business-level "risk acceptance" decisions for federal Authorizing Officials (AOs).
• Critical for managing the "PAIN" matrix and strict incident reporting timelines.

Responsibilities

• OSCAL Integration: Lead the conversion of traditional System Security Plans (SSPs) into machine-readable formats (JSON/XML) to meet the September 2026 mandate for all new and renewing authorizations.
• Gap Analysis: Conduct regular assessments against NIST SP 800-53 Rev. 5 and FedRAMP-specific baselines (Low, Moderate, or High).
• Automation Strategy: Identify opportunities to automate the validation of technical controls, shifting away from long-form narratives to data-driven evidence.
• Automated Validation: Manage the "FedRAMP Security Inbox" and ensure that automated vulnerability scan results and configuration deviations are addressed within established SLAs.
• Incident Management: Execute the updated RFC-0031 Incident Communications Procedures. This includes calculating the PAIN (Potential Adverse Impact Number) for security events and meeting reporting deadlines as tight as 15–30 minutes for high-impact incidents.
• POA&M Management: Maintain and update the Plan of Action and Milestones (POA&M) via automated GRC tools, ensuring all vulnerabilities are tracked, remediated, or risk-accepted.
• 3PAO Coordination: Serve as the primary point of contact for Third-Party Assessment Organizations (3PAOs) during annual assessments and "Significant Change" requests.
• Agency Collaboration: Support federal agency customers by providing "customer-focused" security documentation and responding to data-sharing requests through the FedRAMP Open Beta portals.
• Internal Advocacy: Work closely with Engineering and DevOps teams to ensure "Secure-by-Design" principles are integrated into the CI/CD pipeline.

Benefits

• Paid time off based on employee grade (A-F), defined by policy: Vacation: 12-25 days, depending on grade, Company paid holidays, Personal Days, Sick Leave
• Medical, dental, and vision coverage (or provincial healthcare coordination in Canada)
• Retirement savings plans (e.g., 401(k) in the U.S., RRSP in Canada)
• Life and disability insurance
• Employee assistance programs
• Other benefits as provided by local policy and eligibility