Create and maintain core FedRAMP security artifacts (SSP, POA&M, checklists/templates); develop Significant Change Request documentation and support related assessments
Apply FedRAMP, NIST SP 800 53, and NIST SP 800 37 RMF to cloud environments; support control implementation and evidence
Support monthly/annual FedRAMP continuous monitoring; assist with vulnerability identification/mitigation and POA&M tracking; monitor and maintain in scope asset inventory
Manage and support audit engagements (SOC 2, ISO 27001, C5, SOX, PCI DSS, HIPAA)
Assist with vendor risk management activities: intake, due diligence assessments, risk rating, contract/security terms review, remediation tracking, and periodic reviews
Drive GRC process automation to streamline evidence collection, control testing, workflows, and reporting using the GRC platform and integrations
Respond to customer security questionnaires, RFPs, and due diligence requests; Coordinate evidence and liaise with SMEs, assessors, and customers
Manage the control and process libraries; assist the business in implementing internal controls; document, assess, and remediate issues from audits and risk assessments
Contribute to meetings by preparing agendas, documenting minutes, and tracking follow up actions; assist with management of Sprinklr security standards/policies and maintain GRC repositories (Confluence, shared drives)

Requirements

3–4+ years in information security, risk, or compliance
Prior FedRAMP operational support experience
FedRAMP authorization and sustainment experience: develop/maintain SSP, POA&M, IR/Contingency/Configuration Management plans, and related artifacts
Strong understanding of FISMA; NIST RMF (SP 800 37) and NIST SP 800 53 Rev. 5; familiarity with the Cloud Computing SRG
FedRAMP Continuous Monitoring experience: vulnerability scanning/analysis, POA&M updates, and monthly/annual reporting
Cloud security across AWS, Google Cloud, and Azure with working knowledge of networking (IPsec, firewalls, routing, addressing); ability to apply FedRAMP control requirements to cloud services
Knowledge of security control frameworks and audits (NIST 800 53, ISO 27001/27002, SOC 2, SOX, PCI DSS, HIPAA); control design/testing and evidence management
Customer facing experience: responding to security questionnaires, RFPs, and customer audits/due diligence with clear written and verbal communication
Process automation: interest and experience automating GRC/compliance workflows, evidence collection, and reporting (e.g., within GRC platforms and via integrations/scripts)
Vendor risk management experience across the third party lifecycle (intake, due diligence, risk rating, contract/security terms review, remediation, and periodic reviews)

Benefits

Health insurance
401k plan with 100% vested company contributions
Flexible paid time off
Holidays
Generous caregiver and parental leaves
Life and disability insurance
Medical, dental, vision, and prescription drug coverage

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

FedRAMPNIST SP 800 53NIST SP 800 37vulnerability scanningcloud securityAWSGoogle CloudAzuresecurity control frameworksprocess automation

Soft Skills

customer facingclear written communicationclear verbal communicationdocumentationmeeting preparationtracking follow up actionsliaising with SMEsrisk assessmentaudit managementcollaboration