Senior Cloud Security Engineer
Climb Channel Solutions NA
AWSAzureCloudCyber SecurityGoogle Cloud Platform
Director of Security & Compliance (FedRAMP/CMMC)
Procurement Sciences AI
full-time
Posted on:
Location: Utah • 🇺🇸 United States
Visit company websiteJob Level
Lead
Tech Stack
AWSAzureCloudSaltStackSDLC
About the role
- Lead the FedRAMP Moderate/High authorization and compliance program for our SaaS platform, from preparation through Authority to Operate (ATO) and continuous monitoring.
- Define and document the system security boundary, architecture, and control implementation strategy for FedRAMP and government cloud environments.
- Prepare, maintain, and update all security documentation including the System Security Plan (SSP), policies, procedures, Plan of Actions and Milestones (POA&M), and continuous monitoring evidence.
- Coordinate and manage all interactions with 3PAOs, government sponsors, and FedRAMP PMO.
- Ensure timely remediation of findings, execution of continuous monitoring activities, and reporting according to federal requirements.
- Build and maintain the company’s CMMC Level 2+ compliance program, ensuring company-wide adherence to NIST SP 800-171 controls and related frameworks.
- Develop and enforce security policies and best practices across information security, DevSecOps, vulnerability management, incident response, and access control.
- Partner with Product, Engineering, and Operations to embed security into SDLC and cloud deployment processes.
- Provide regular risk and compliance briefings to company leadership and external stakeholders.
- Lead security training, awareness, and role-based education initiatives for internal teams.
- Represent Procurement Sciences in customer security assessments, compliance reviews, and during agency or partner audits.
Requirements
- Direct, hands-on experience managing and launching a FedRAMP Moderate or High SaaS authorization, including documentation, 3PAO audits, and federal stakeholder communications.
- 7+ years of progressive information security/compliance leadership in SaaS, with substantial exposure to government or regulated environments.
- In-depth knowledge of FedRAMP, NIST SP 800-53, FIPS 140-2/3, and cloud security best practices.
- Demonstrated success designing and running CMMC/NIST SP 800-171 compliance programs, including policy development, audit readiness, remediation, and staff education.
- Solid understanding of modern public cloud environments (e.g., AWS GovCloud, Azure Government) and securing infrastructure, applications, and data in compliance with federal requirements.
- Proven leadership, project management, and team-building skills in a high-growth, cross-functional environment.
- Excellent documentation, presentation, and communication abilities, with a record of interfacing effectively with technical teams, executives, auditors, and government representatives.
