Staff Governance, Risk & Compliance

About The Position

Requirements

• US Citizen
• Effective organization, follow-up, and time management skills
• 8+ years of demonstrated experience in governance, risk management, compliance, and internal audit within a technology-driven environment
• Strong documentation and communication skills
• A recent hands-on concentration of work with the FedRAMP Framework (audit and compliance experience)
• Strong background with NIST Risk Management Framework (SP 800-53) and a broad range of skills in the fields of NIST publications, FedRAMP requirements
• Experience with control assessments and coordination of audit activities
• Experience managing and achieving authorizations under FedRAMP program
• Ability to work both independently and within a global team environment
• Ability to develop and foster strong relationships with technology and business stakeholders
• Strong writing ability with a focus on communication of technical topics
• Fluency in written and spoken English

Nice To Haves

• Previous experience at a SaaS company in a similar role
• Previous experience gaining an ATO or P-ATO for a cloud implementation
• Exposure to ISO27001, PCI, SOC 2
• Industry standard certifications (CISSP, CISA, ISO 27001 Lead Implementer/Auditor)
• Understanding of software development lifecycle methodologies, cloud and server infrastructure, LAN/WAN networking, VPN, and wireless networking infrastructures
• Bachelor's Degree in Information Technology, Business, or related vocations

Responsibilities

• Ensuring policies, practices, and procedures are understood and followed by direct reports, customers, and stakeholders
• Responsible for State and Federal regulatory compliance (TX-, Gov-, FedRAMP, IL-4, CMMC) – Government Compliance – in consultation with the CISO, as well as Finance, Sales, and Legal teams
• Providing subject matter expertise for FedRAMP and NIST 800-53 compliance standards and regulations
• Owning management and execution of the external audit calendar in consultation with business processes and agency/state sponsors
• Leading the completion of corrective and preventive actions for findings of Compliance audits and oversight of the Plan of Action and Milestones (POA&M) reporting process
• Ensuring that systems vulnerability and penetration tests are executed per the State/Federal/Agency standards and results are clearly communicated to appropriate operational teams. Working with operational teams to re-assess remediated systems
• Ensuring that continuous monitoring reporting is conducted, and the results made available to the applicable audience (FedRAMP, GovRAMP, DISA)
• Ensuring annual reviews and updates of System Security Plans are conducted and enforcing the document control management process
• Assisting in the identification of business process improvements and partnering with technology and business stakeholders to identify pragmatic approaches to compliance readiness and testing
• Collaborating cross-functionally with technology and business stakeholders to drive, track, and resolve all aspects of Compliance readiness and audit execution
• Assisting with forecasting, planning, and risk assessment relevant to expanding Compliance program in alignment with the company’s technology and sales strategies
• Maintaining and applying current industry knowledge and best practices. Researching and recommending use of new technologies
• Project management including analysis of business requirements, creating, and updating project plans, and tracking projects to successful completion
• Mentoring and cross-training team members to achieve business objectives and foster a culture of accountability and ethical conduct
• Developing metrics and dashboards for reporting on Regulatory Compliance programs

Benefits

• company bonus
• benefits