You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Shared by 
17 days ago
Requirements and responsibilities
What will you do?Leadership & Program ManagementBring ‘Security by design’ principles to product development activitiesManaging the GRC program, defining the roadmap for maturity across governance, risk management, and compliance initiatives.Lead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification auditsServe as the SME for high-stakes compliance frameworks, specifically FedRAMP, and maintaining advanced leadership over HIPAA and the ISO 27001 family (including 27017/27018 for cloud security).Lead the development and revision of enterprise-level security policies, standards, and control frameworks to align with regulatory requirements and business objectives.Manage GRC with focus on lean, efficient implementation by leveraging automation of activitiesFedRAMP & Cloud SecurityLead FedRAMP authorization (e.g., Readiness, Assessment, and Continuous Monitoring), including coordinating with the 3PAO (Third-Party Assessment Organization) and government agencies.Provide solution oriented technical guidance to Cloud Engineering, Security Operations, DevOps, and Product teams on architecting, implementing, and documenting controls required for FedRAMP, HIPAA, and ISO 27001 within cloud environments (AWS, Azure, or GCP).Oversee and conduct complex, high-impact risk assessments (e.g., BIA, PIA, Data Flow Mapping) and residual risk management across the enterprise, escalating critical risks to senior leadership.Manage and respond to high-level customer and partner due diligence requests and contract reviews related to security and compliance.Collaboration & Stakeholder ManagementAct as the primary InfoSec GRC liaison and subject matter expert, effectively collaborating with internal stakeholders including Legal, Internal Audit, Product Management, and Tech Leadership.Translate highly technical security and compliance requirements providing clear, actionable, risk-informed recommendations.Lead cross-functional remediation efforts, bringing a solution mindset to help technical teams design practical and compliant control implementations instead of simply identifying gaps.Mentor and provide guidance to junior GRC team members, helping to build internal capabilities.What do you bring to the table?Minimum of 12+ years of extensive experience in Cloud Security and GRCDemonstrated capability in achieving & maintaining FedRAMP (moderate or high) compliance, including deep familiarity with NIST SP 800-53 controls.Expert-level hands on knowledge of HIPAA, SOC and FedRAMP controlsDeep technical understanding of Cloud Service Provider (CSP) security models and compliance controls within complex cloud architectures.Education: Bachelor's or Master's degree in Information Security, IT, Computer Science, or related technical field.Certifications (Must have 1 or more of the following):CISSP (Certified Information Systems Security Professional)FedRAMP specific certifications (e.g., C3PAO Assessor training or significant practical experience).Cloud Security certification such as CCSP (Certified Cloud Security Professional) or CCSK.BenefitsFlexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work-life balance.Health & Well-being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness support.Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and grow.Recognition & Rewards - Get recognized for your contributions through structured reward programs and campaigns.Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoyable.& Many More...
Optionally, you can add more information later (benefits, pre-screening questions, etc.)