Compliance Officer, FedRAMP

Dispel

. Own the FedRAMP authorization lifecycle from SSP development through continuous monitoring.

Posted 4/27/2026full-timeRemote • 🇺🇸 United StatesMid-LevelSenior💰 $122,000 - $151,000 per yearWebsite

Tech Stack

Tools & technologies

AWSCloudCyber Security

About the role

Key responsibilities & impact

Own the FedRAMP authorization lifecycle from SSP development through continuous monitoring.
Serve as primary liaison with our agency sponsor and their FedRAMP AODR.
Coordinate with our 3PAO on assessment readiness, evidence collection, and remediation tracking.
Manage SSP, SAR, POA&M, and all FedRAMP deliverables in OSCAL formats.
Track control implementation across all FedRAMP controls and maintain the Control Responsibility Matrix (CRM).
Prepare for annual assessments and significant change requests; monitor PMO guidance and Rev 5 requirements, adapting documentation accordingly.
Manage POA&M items end-to-end through remediation.
Coordinate monthly ConMon deliverables and vulnerability scanning cadence.
Track deviation requests and risk acceptances with agency authorizing officials.
Ensure timely submission of significant change requests and security impact analyses.
Coordinate SOC 2 Type II audits and evidence collection via Drata.
Support ISO 27001, ISO 9001, and IEC 62443 certification efforts.
Manage CMMC Level 2 compliance for DoD contract support.
Map controls across frameworks to reduce duplication and streamline evidence collection.
Maintain the compliance calendar and a continuous audit-ready posture.
Lead adoption of OSCAL (Open Security Controls Assessment Language) for machine-readable compliance.
Implement component-based documentation for reusable control narratives.
Partner with engineering on internal OSCAL tooling and evidence-collection workflows.
Define requirements for continuous-compliance automation.
Maintain security policies aligned with NIST 800-53 Rev 5; keep corporate and FedRAMP boundary documentation consistent.
Develop and exercise Contingency Plan (ISCP), DRP, and BCP with annual testing.
Prepare compliance briefings for leadership and the board; interface with federal agency stakeholders.
Support customer security questionnaires and due diligence requests.
Partner with the SOC team on audit-log retention, incident response documentation, and playbook alignment.

Requirements

What you’ll need

5–8 years in cybersecurity compliance, GRC, or information security.
Direct experience with the FedRAMP authorization process (Moderate or High).
Strong working knowledge of NIST 800-53 Rev 5 and FedRAMP requirements.
Hands-on experience with SSP development, POA&M management, and 3PAO coordination.
Familiarity with compliance platforms (Drata, Vanta, Archer, or similar).
Cloud security compliance experience (AWS required).
Excellent technical writing, project management, and stakeholder communication skills.
Ability to translate technical controls into business-understandable terms.

Benefits

Comp & perks

122-151K base + equity and performance bonus eligible
Full medical, vision, and dental insurance
Generous PTO
Remote-first culture with flexible hours
Opportunity to protect critical infrastructure at scale
Work with patented, cutting-edge security technology
Direct ownership of SOC maturation
Collaborative team with military, federal, and private sector expertise

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

FedRAMP authorizationSSP developmentPOA&M managementNIST 800-53 Rev 5continuous compliance automationvulnerability scanningincident response documentationcontrol implementationrisk acceptancecompliance briefings

Soft Skills

technical writingproject managementstakeholder communicationleadershipadaptabilitycollaborationorganizational skillsproblem-solvingattention to detailinterpersonal skills

Certifications

CMMC Level 2FedRAMP certificationISO 27001 certificationISO 9001 certification