Risk and Compliance Lead

RLDatix

$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in security compliance or GRC roles with CSPs, SaaS vendors, or consulting firms
  • Successful past delivery of at least one full GovRAMP, FedRAMP, or StateRAMP authorization
  • Expertise in mapping SOC 2, HIPAA, and ISO 27001 to NIST SP 800-53 Rev 5
  • Ability to work US business hours from a US location for real-time collaboration
  • Genuine interest in supporting US healthcare agencies
  • Collaborative skills in a remote-first cross-functional team environment
  • Professional certification such as CISSP, CISA, CRISC, CCSP, or CAP (CAP preferred)

Responsibilities

  • Author and maintain System Security Plans (SSPs) for GovRAMP using NIST SP 800-53 Rev 5
  • Map existing SOC 2 Type II and HIPAA evidence to identify gaps across various teams
  • Own and track the Plan of Action & Milestones (POA&M) from Phase 2
  • Produce monthly Continuous Monitoring (ConMon) deliverables to meet GovRAMP PMO requirements
  • Cross-train with the NAM Risk & Compliance Officer for team resilience

Benefits

  • Health, dental, and vision insurance
  • Life and disability insurance
  • 401K plan
  • Paid time off and paid holidays
  • Flexible work environment prioritizing employee wellness
Full Job Description
Job Description

We're searching for a US-based GovRAMP/TX-RAMP Risk & Compliance Officer to join our Information Security - Risk & Compliance team, so that we can unlock US state and local government healthcare market opportunities through GovRAMP and TX-RAMP authorization. The GovRAMP/TX-RAMP Risk & Compliance Officer will serve as the dedicated compliance delivery lead for our 18-month authorization program and its ongoing continuous monitoring lifecycle, acting as the primary compliance interface to the GovRAMP PMO, third-party assessors, and US state agency authorizing officials.

How You'll Spend Your Time
  • Author and maintain System Security Plans (SSPs) for GovRAMP Core (60 controls) and Moderate (394 controls) using NIST SP 800-53 Rev 5 baseline to achieve authorization milestones
  • Map existing SOC 2 Type II and HIPAA evidence to NIST control families in order to identify gaps and coordinate collection across Engineering, HR, Facilities, Legal, and SecOps
  • Own the Plan of Action & Milestones (POA&M) from Phase 2 to track 3PAO findings, coordinate remediation, and provide monthly updates to the CISO for sign-off
  • Produce monthly Continuous Monitoring (ConMon) deliverables including vulnerability scan reports, POA&M updates, and significant change notifications in order to meet GovRAMP PMO requirements
  • Cross-train with the NAM Risk & Compliance Officer on SOC 2 Type II and HIPAA delivery to provide mutual holiday/sickness cover and strengthen team resilience

What Kind of Things We're Most Interested in You Having
  • 5+ years' experience in security compliance or GRC roles within CSPs, SaaS vendors, or consulting firms supporting GovRAMP/FedRAMP/StateRAMP authorizations
  • Proven success delivering at least one full GovRAMP, FedRAMP, or StateRAMP authorization (SSP through ATO and ongoing ConMon)
  • In-depth knowledge on how to map SOC 2, HIPAA, and ISO 27001 to NIST SP 800-53 Rev 5 control families and author SSPs in OSCAL format or legacy template
  • Ability to work US business hours from a US location for real-time collaboration with the GovRAMP PMO, 3PAO, and state agency officials
  • Sincere interest in enabling US state and local healthcare agencies to adopt patient safety solutions
  • A knack for working collaboratively within a cross-functional, remote-first environment
  • One of the following professional certifications: CISSP, CISA, CRISC, CCSP, or CAP (CAP preferred)

By enabling flexibility in how we work and prioritizing employee wellness, we empower our team to do and be their best. Our benefits package includes health, dental, vision, life, disability insurance, 401K, paid time off, and paid holidays.
Salary offers are based on a wide range of factors including location, relevant skills, training, experience, education, and, where applicable, licensure or certifications obtained. Market and organizational factors are also taken into consideration.
Skills & Requirements Qualifications

Similar Jobs

More Jobs at RLDatix

More Information Technology Jobs

Find similar Risk and Compliance Lead jobs: