Manage the Information Assurance Control Calendar by completing assigned compliance activities (e.g., access reviews) and coordinating with stakeholders to ensure periodic tasks (e.g., contingency and incident response plan testing) are completed on schedule.
Ensure company policies, plans, procedures, and standards are reviewed and updated regularly for accuracy and compliance.
Maintain and manage the Plan of Action & Milestones (POA&M) for FedRAMP, CMMC, and internal findings to ensure timely resolution of security gaps.
Lead and facilitate monthly FedRAMP meetings, providing authorizing officials with briefings on all deliverables and program status.
Lead and oversee the company’s supply chain risk management program, conducting risk assessments for all new and existing vendors, suppliers, and services.
Lead the CVE (Common Vulnerabilities and Exposures) meeting, providing detailed explanations of vulnerabilities, their impact, and recommended remediation steps to relevant stakeholders.
Assist the Governance Risk & Compliance Manager in preparing for external assessments (e.g., FedRAMP audits, SOC 2 attestations) by maintaining audit-ready documentation, collecting evidence, and coordinating with stakeholders during the process.
Ensure all personnel complete mandatory training during onboarding and on a periodic basis as required, and collaborate with relevant teams to develop and update training materials yearly based on evolving security protocols and company requirements.
Support current and potential customers by providing detailed and timely responses to Requests for Information (RFI).
Ensure continuous adherence to established regulatory frameworks, including FedRAMP, ISO 27001, CMMC, SOC 2, HIPAA, GDPR, and PCI DSS.

Requirements

Four or more years of professional experience in Information Technology, with at least two years in Information Assurance, Information Security, or Risk Management.
Bachelor's degree in a related field (e.g., computer science, information systems, cybersecurity) or a commensurate number of years of professional experience.
Proven success in leading complex projects and activities among a multidisciplinary team.
Demonstrated familiarity with NIST 800-53 and FedRAMP frameworks.

Benefits

medical
dental
vision
flexible PTO
a 401k program
stock options

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Information AssuranceInformation SecurityRisk ManagementCompliance ActivitiesRisk AssessmentsAudit DocumentationVulnerability ManagementFedRAMPCMMCNIST 800-53

Soft Skills

LeadershipCollaborationCommunicationProject ManagementStakeholder EngagementTraining DevelopmentProblem SolvingOrganizational SkillsAttention to DetailFacilitation

Certifications

CISSPCISMCRISCISO 27001 CertificationFedRAMP CertificationSOC 2 CertificationCMMC CertificationCompTIA Security+Certified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)