FedRAMP ISSO

View full description

Requirements:

• 5+ years of experience in information security, compliance, or related roles, with at least 3 years of experience supporting FedRAMP compliance efforts.
• Strong understanding of FedRAMP requirements, NIST 800-53 controls, and security assessment processes.
• Demonstrated ability to collaborate with cross-functional teams to support security initiatives.
• Has been a major contributor to a FedRAMP audit, from SAP planning to authorization.
• Experience with tools and processes for vulnerability management, system audits, and risk assessments.
• Detail-oriented with strong organizational skills and the ability to manage multiple priorities.
• Experience drafting and managing POA&Ms, incident reports, and continuous monitoring deliverables.
• Exceptional written and verbal communication skills for creating and managing FedRAMP documentation.

Responsibilities:

• Apply knowledge of the NIST 800-53 control framework to implement FedRAMP requirements and ensure compliance with security initiatives.
• Translate FedRAMP requirements into actionable items to support solution design, process implementation, and policy enforcement.
• Develop, maintain, and update FedRAMP documentation, including the System Security Plan (SSP), policies, procedures, and contingency plans (e.g., ISCP).
• Partner with 3PAOs to support assessments, drive audit readiness, and coordinate timely evidence collection.
• Collaborate with customers to facilitate external audits and ensure successful attainment and maintenance of Authority to Operate (ATO).
• Provide internal guidance to integrate FedRAMP controls (e.g., encryption, access controls, logging) into product design, development, and operational processes.
• Provide guidance and support for adjacent compliance frameworks (e.g., DoD IL, CMMC, SOC 2, or ISO 27001) to align with FedRAMP requirements.