Compliance Lead - FedRAMP
- Provide expertise for the development, enforcement, and maintenance of compliance initiatives for FedRAMP program, including policy development, control design, change management, compliance monitoring and audit management.
- Facilitate the development and documentation for our initial FedRAMP System Security Plan and Program with our 3PAO.
- Assist in decision making and project status reporting (along with PM).
- Work with the functional teams (e.g. engineering, IT, cloud services, support staff, etc.) and the 3PAO to provide clarity and proscribe solutions that are known to work in FedRAMP environment.
- Collaborate with your compliance team members and our functional teams in developing FedRAMP compliant policy, procedure, control and change management documentation.
- Design and conduct FedRAMP related internal control testing and compliance assessment activities to support moving through the FedRAMP “gates”.
- Participate in the update of our GRC system to include the facilitation and automation of future FedRAMP risk assessment, testing, change management and ongoing reporting requirements.
- Facilitate the design of FedRAMP compliance sustainment activities, roles and responsibilities.
- The Relativity Compliance team is maturing across multiple market credentials. Once our program is FedRAMP authorized, opportunities will exist for diversifying your portfolio of credentials, maturing our capabilities, and leading new compliance efforts.
- One or more relevant certifications (i.e. CISA, CISSP, CISM, CCSP, Sec+) or the ability to achieve within 12 months of hire
- Project or program management experience is a “plus”.
- Knowledge of secure software development lifecycle (SSDLC) methodology, ideally with cloud applications
- Experience with secure supplier categorization, vendor performance rating and vendor testing, ideally within FedRAMP / NIST standards.
- Experience using Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.)
- Ability guide collaborative, cross functional root cause analysis activities needed to remediate our compliance and risk posture.
- Two or more years of experience specific to Federal projects and information security auditing of FISMA/FedRAMP and the NIST 800-53 / SP 800-37 security controls and risk management framework
- At least five years of experience conducting audits for compliance monitoring, internal audit or external audit purposes, covering SOX 404 ITG controls and/or SOC 2 SSAE 16 controls
- Bachelor’s degree
- Experience planning and managing third-party audits (e.g., 3PAO, agency, auditor, etc.)
- Working knowledge of security concepts and NIST 800-53 framework and control principles
- Motivated self-starter who thrives in a changing, growing environment
- Able to work independently while collaborating effectively with other team members
- Articulate speaker; comfortable communicating complex security and compliance related topics