Compliance Manager – Government

📋 Description

• Direct and oversee the implementation of NIST SP 800-53 controls: Take ownership of the interpretation, mapping, and execution of NIST SP 800-53 Rev 5 controls across Moderate and High baseline engagements, ensuring that the control narratives are precise, defensible, and in line with agency expectations.

• Manage and Review FedRAMP/GovRAMP Authorization Documentation: Lead the creation, quality assessment, and upkeep of System Security Plans (SSPs), control implementation narratives, POA&Ms, SAPs, SARs, CISOs, and continuous monitoring artifacts for FedRAMP and GovRAMP initiatives.

• Conduct FedRAMP and GovRAMP Readiness Assessments: Perform gap analyses and readiness evaluations to prepare clients for Agency ATO pathways, GovRAMP authorization, and the FedRAMP 20x continuous authorization model. Convert findings into actionable remediation plans aligned with authorization milestones.

• Coordinate Authorization and Assessment: Act as the primary engagement lead, collaborating with Third-Party Assessment Organizations (3PAOs), Authorizing Officials (AOs), cloud service providers, and state agency stakeholders throughout the FedRAMP and GovRAMP authorization process.

• Define Boundaries & Scope Systems: Lead the definition of FedRAMP and GovRAMP authorization boundaries and system scoping activities, including identifying in-scope components, interconnections, data flows, and shared responsibility models, ensuring compliance with FedRAMP PMO guidance and agency-specific requirements.

• Oversee Continuous Monitoring Programs: Direct and ensure the quality of monthly, quarterly, and annual continuous monitoring obligations for FedRAMP and GovRAMP, including vulnerability management, incident response reporting, significant change requests, and annual assessment planning. Advise clients on automation tools and OSCAL adoption aligned with FedRAMP 20x goals.

• Champion FedRAMP 20x Readiness and Positioning: Act as Workstreet’s internal expert on FedRAMP 20x, including machine-readable authorization packages (OSCAL), continuous authorization models, and emerging PMO pilot guidance. Educate both clients and internal teams on implications and readiness strategies.

• Manage Client Relationships and Engagement Delivery: Handle client-facing communications, track milestones, and manage escalations across multiple simultaneous FedRAMP, GovRAMP, and NIST 800-53 projects. Ensure consistent delivery quality across the portfolio and act as the primary escalation point for client concerns.

• Assist in Business Development and Solutioning: Engage in proposals, scoping discussions, and sales dialogues for FedRAMP, GovRAMP, and NIST 800-53 opportunities. Help shape Workstreet’s market positioning for compliance services within state and federal governments.

• Lead, Coach, and Develop GRC Engineers: Directly supervise and mentor a team of Senior and Junior GRC Engineers involved in federal compliance engagements. Provide hands-on technical coaching regarding NIST SP 800-53 control implementation, FedRAMP documentation standards, and 3PAO coordination.

⛳️ Requirements

• Exceptional organizational and project management skills, capable of overseeing multiple engagements simultaneously.

• A minimum of 2 years of experience directly managing or mentoring GRC engineers or compliance consultants, with a proven history of enhancing team performance through coaching, feedback, and structured development.

• At least 5 years of experience in GRC consulting or federal compliance, with substantial hands-on expertise in FedRAMP, NIST SP 800-53, and/or GovRAMP programs.

• Demonstrated capability to independently manage intricate federal compliance engagements, including taking client-facing ownership of milestones, deliverables, and issue escalations.

• Proven track record of leading and reviewing SSPs, POA&Ms, CISOs, SARs, and other FedRAMP/GovRAMP authorization artifacts for quality assurance.

• Strong understanding of federal cloud environments and shared responsibility models (AWS GovCloud, Azure Government, GCC High, Oracle GovCloud).

• Experience engaging with SaaS providers, cloud service providers, or technology organizations seeking federal or state government authorization.

• Ability to excel in a fast-paced consulting or startup environment.

🏝️ Benefits

• Career Development: Clear pathway with mentorship and training opportunities.

• Competitive Compensation: A competitive base salary with regular performance evaluations tied to merit-based appraisals and bonus opportunities.

• Growth Opportunity: Early-stage company with ample room for career advancement.

• Remote-First Culture: Flexibility to work from any location while collaborating with a global team.