Cyber Risk & Compliance Specialist

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead and facilitate ATO readiness initiatives across NIST 800-53, CMMC, and SOC 2 frameworks, with a strong emphasis on practical control implementation and evidence collection.

• Prepare, organize, and sustain ATO package documentation (SSPs, POA&Ms, and supporting materials), ensuring ongoing accuracy, completeness, and readiness for audits.

• Collaborate effectively with external consultants and assessors, incorporating their insights into remediation plans and documentation revisions.

• Actively monitor remediation progress and control deficiencies, escalating any blockers and risks as necessary.

• Draft, enhance, and operationalize detailed security policies, procedures, and standards that align with relevant regulatory frameworks.

• Ensure that controls are thoroughly documented with clear responsibilities, concrete evidence of implementation, and regular review cycles.

• Work in partnership with Technology, Product, and Operations teams to seamlessly integrate compliance requirements into existing processes and tools.

• Oversee and maintain the POA&M, ensuring the timely resolution of identified gaps in close collaboration with system and control owners.

• Support Continuous Monitoring (ConMon) activities, including meticulous log analysis, control validation, and ongoing evidence collection.

• Assist with risk evaluations, vendor security assessments, and tracking of corrective actions.

• Maintain a constant state of audit readiness through disciplined recordkeeping and strict adherence to processes.

• Act as an approachable and knowledgeable compliance advocate for Engineering, Infrastructure, and Operations teams.

• Translate stringent control requirements and framework language into clear, actionable guidance for business owners.

• Facilitate collaborative sessions with system owners to gather evidence, clarify control expectations, and address complex implementation issues.

• Communicate consistently and clearly regarding status updates, timelines, and outstanding items to keep stakeholders aligned.

⛳️ Requirements

• 3–6 years of proven experience in Governance, Risk, and Compliance (GRC), federal security compliance, or a closely related technical position.

• In-depth, hands-on expertise with NIST 800-53 is essential.

• Demonstrated success in preparing ATO packages, SSPs, and POA&Ms.

• Strong working knowledge of CMMC, SOC 2, or NIST 800-171 environments.

• Proven ability to implement and evidence controls, beyond mere documentation.

• Excellent organizational and project management abilities, capable of managing multiple complex workstreams with minimal supervision.

• Clear and highly effective written and verbal communication skills.

• U.S. citizenship is mandatory; must be able to meet stringent federal compliance requirements.

🏝️ Benefits

• Equal employment opportunities (EEO) to all employees and applicants