FISMA / FEDRAMP Compliance Analyst, GRC
ITEAM is a fast-growing Women Owned Small business that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks. We provide tools to ease these decisions by presenting solutions that span the gaps. Our tools manage both physical machines and virtual machines.
We are looking for a Compliance specialist to help execute and manage a federal compliance portfolio of activities. The role is a member of the GRC team; the primary function of this role is to manage FISMA and FedRAMP related workstreams. The role will be heavily focused on evaluating, designing, and implementing controls, supporting audits, and acting as a compliance subject matter expert to the business. Specifically, you will help conduct risk assessments, manage, and resolve audit issues, support core documentation and compliance efforts, and help review, enhance, and manage the day-to-day operation of ITEAM's FISMA compliance programs. We are looking for a self-motivated individual fascinated by complex projects, who thrives in fast-paced environments and can seamlessly drive processes with multiple stakeholders to accomplish bold things.
Security at ITEAM is a remote team. While prior experience working remotely is not required, we are looking for team members who can perform well given a high level of independence and autonomy.
In this role, your responsibilities will include:
Manage ITEAM's FISMA/FedRAMP audits, prepare for the audits and educate stakeholders
Coordinate all audit activities to ensure prompt and accurate communication and submission of evidence
Maintain accurate records on the status of all audit reports, recommendations, and remediation
Provide analysis of audit recommendations, resolution, and corrective action
Provide audit trends and recommend solutions
Develop justifications for audit finding responses
Coordinate resolution and corrective action
Attend all audit meetings and facilitate audit walkthroughs
Review all audit Maturity Models
Review and draft responses to the Objective Attributes Recap Sheet (OARS) and Clearance Document requests
Analyze FISMA audit findings using our partnered OPENFISMA+ automation tool.
Monitor and track audit remediation
Direct, hands-on experience going through an external audit of federal standards in the private sector (e.g., FISMA), gaining FedRAMP ATO/P-ATO, overseeing compliance within a government role, or public sector consulting at a 3PAO.
Deep understanding of FISMA, NIST SP 800-53, NIST SP 800-171, NIST Risk Management Framework (RMF), and NIST Cybersecurity Framework (CSF), and other public sector frameworks and standards
Experience performing cybersecurity compliance assessments or audits
Ability to explain cybersecurity concepts and techniques to both technical and non-technical personnel
Excellent written and oral presentation skills
Expert level bachelor's degree and 5 years of related technical experience
Self-starter, able to work with minimal supervision
Demonstrates a willingness to learn quickly and takes the initiative on assigned tasks
5+ years of experience in a relevant GRC focus area
General knowledge across all of GRC, with focused expertise on FISMA/FedRAMP
Ability to prioritize and track multiple projects in parallel
Highly responsive and have a customer first mindset
Flexibility in daily hours (i.e., willingness to work longer hours during end of quarter, peak periods, and audits)
Ability to obtain a security clearance, if required
Previous experience at a SaaS company in a similar role
Previous experience as an ISSE, ISSM, or ISSO
Previous experience gaining an ATO or P-ATO
Automation and GRC tech implementation experience
Knowledge of, or experience working with, Cloud technologies/environments is a plus
Prior experience as a Big4 auditor preferred
Paid time off