Senior Public Sector Compliance Manager

About The Position

Requirements

• U.S. Citizenship (required for working in GovCloud environments)
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• 2–3 years of experience in information security compliance or risk management, preferably in a FedRAMP or FISMA-regulated environment.
• Strong knowledge of NIST SP 800-53, FedRAMP Moderate/High baselines, and the FedRAMP authorization process.
• Experience with security documentation (SSP, POA&M, SAR, SAP, etc.) and governance tools.
• Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys) and interpreting security findings.
• Eligibility to obtain security clearance is required.

Nice To Haves

• Experience working with or in a 3PAO or federal agency.
• FedRAMP or NIST security control implementation experience in AWS, Azure, or Google Cloud environments.
• Security certifications such as:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Auditor (CISA)
• Certified Authorization Professional (CAP)
• CompTIA Security+ or equivalent

Responsibilities

• Develop and govern a comprehensive compliance roadmap to maintain CMMC certification, mitigating risks across all internal and external systems.
• Drive strategic initiatives for high-priority federal projects, ensuring all systems and processes meet the rigorous requirements for DoD Impact Level 6 (IL6) authorization
• Serve as the Subject Matter Expert (SME) for FedRAMP High standards.
• Act as a key liaison to the Federal Sales Team, serving as a subject matter expert (SME) to ensure all business development activities align with federal regulatory standards and security compliance frameworks.
• Support the FedRAMP Moderate authorization and reauthorization processes, including development, review, and maintenance of system security documentation (SSP, POA&M, SAP, SAR, etc.).
• Map and analyze security controls against FedRAMP Moderate/High baselines and NIST SP 800-53 controls.
• Assist in implementing and monitoring security controls for FedRAMP-authorized systems.
• Coordinate with internal teams (engineering, operations, DevSecOps) to ensure security requirements are integrated into system design and operation.
• Maintain continuous monitoring documentation and support periodic assessments (e.g., annual assessments, penetration tests, vulnerability scans).
• Interface with Third Party Assessment Organizations (3PAOs), government customers, and internal stakeholders to support audits and assessments.
• Track and manage Plan of Action and Milestones (POA&M) items to closure.
• Manage the Administration, Training and Development of the FedRAMP platform and all associated monthly, quarterly, annual requirements as per the FedRAMP authorization process.
• Provide compliance reporting, metrics, and risk analysis to management.
• Stay up to date with changes in FedRAMP requirements, NIST guidance, and related compliance frameworks (e.g., FISMA, CMMC).