Procurement Sciences AI

Director of Security & Compliance (FedRAMP/CMMC)

Procurement Sciences AI

full-time

Posted on:

Origin:  • 🇺🇸 United States • Utah

Visit company website
AI Apply
Manual Apply

Job Level

Lead

Tech Stack

AWSAzureCloudSaltStackSDLC

About the role

  • Lead the FedRAMP Moderate/High authorization and compliance program for our SaaS platform, from preparation through Authority to Operate (ATO) and continuous monitoring.
  • Define and document the system security boundary, architecture, and control implementation strategy for FedRAMP and government cloud environments.
  • Prepare, maintain, and update all security documentation including the System Security Plan (SSP), policies, procedures, Plan of Actions and Milestones (POA&M), and continuous monitoring evidence.
  • Coordinate and manage all interactions with 3PAOs, government sponsors, and FedRAMP PMO.
  • Ensure timely remediation of findings, execution of continuous monitoring activities, and reporting according to federal requirements.
  • Build and maintain the company’s CMMC Level 2+ compliance program, ensuring company-wide adherence to NIST SP 800-171 controls and related frameworks.
  • Develop and enforce security policies and best practices across information security, DevSecOps, vulnerability management, incident response, and access control.
  • Partner with Product, Engineering, and Operations to embed security into SDLC and cloud deployment processes.
  • Provide regular risk and compliance briefings to company leadership and external stakeholders.
  • Lead security training, awareness, and role-based education initiatives for internal teams.
  • Represent Procurement Sciences in customer security assessments, compliance reviews, and during agency or partner audits.

Requirements

  • Direct, hands-on experience managing and launching a FedRAMP Moderate or High SaaS authorization, including documentation, 3PAO audits, and federal stakeholder communications.
  • 7+ years of progressive information security/compliance leadership in SaaS, with substantial exposure to government or regulated environments.
  • In-depth knowledge of FedRAMP, NIST SP 800-53, FIPS 140-2/3, and cloud security best practices.
  • Demonstrated success designing and running CMMC/NIST SP 800-171 compliance programs, including policy development, audit readiness, remediation, and staff education.
  • Solid understanding of modern public cloud environments (e.g., AWS GovCloud, Azure Government) and securing infrastructure, applications, and data in compliance with federal requirements.
  • Proven leadership, project management, and team-building skills in a high-growth, cross-functional environment.
  • Excellent documentation, presentation, and communication abilities, with a record of interfacing effectively with technical teams, executives, auditors, and government representatives.