FedRAMP/GovRAMP Compliance Program Lead
InterSystems · Boston, MA · 2 wk ago
Finance$201k–$251k/yrFull-time
About the role
The FedRAMP / GovRAMP Compliance Program Lead will build and lead InterSystems' authorization readiness program to support government cloud offerings and customers with rigorous public-sector requirements.
Responsibilities
- Lead the FedRAMP/GovRAMP readiness program, including roadmap development, milestone tracking, risk management, and executive reporting.
- Define and maintain the authorization boundary with Product, Engineering, Cloud Services, Security, and other stakeholders.
- Cook up readiness assessments, gap analyses, remediation planning, and formal assessments with external advisors and 3PAOs.
- Develop and maintain key authorization artifacts, including the System Security Plan (SSP), policies, procedures, control narratives, evidence repositories, POA&Ms, and continuous monitoring documentation.
- Translate FedRAMP, GovRAMP, and NIST 800-53 requirements into actionable control ownership and operational processes.
- Establish repeatable evidence collection, control validation, and audit readiness practices across technical and business teams.
- Track remediation activities, findings, risks, and POA&M items through completion.
- Partner with technical teams to align cloud architecture, change management, incident response, vulnerability management, access control, logging, and monitoring with compliance requirements.
- Facilitate governance meetings, monitor program progress, and communicate readiness, risks, and recommendations to executive leadership.
- Help establish the long-term operating model for maintaining an authorized government cloud environment.
Requirements
- 12+ years of experience leading or supporting FedRAMP, GovRAMP, StateRAMP, or comparable cloud compliance programs.
- Strong knowledge of NIST 800-53 and cloud security frameworks.
- Experience supporting authorization activities, audits, continuous monitoring, or security assessments.
- Familiarity with FedRAMP documentation, including SSPs, SAPs, SARs, POA&Ms, policies, procedures, and evidence packages.
- Strong understanding of SaaS and cloud environments, preferably AWS, AWS GovCloud, Azure Government, or similar regulated platforms.
- Excellent program management skills with experience driving cross-functional initiatives, managing risks, and delivering executive reporting.
- Ability to translate complex compliance requirements into clear operational guidance for technical and non-technical stakeholders.
- Strong written communication and documentation skills.
Qualifications
- Required Qualifications: 12+ years of experience leading or supporting FedRAMP, GovRAMP, StateRAMP, or comparable cloud compliance programs; strong knowledge of NIST 800-53 and cloud security frameworks; experience supporting authorization activities, audits, continuous monitoring, or security assessments; familiarity with FedRAMP documentation, including SSPs, SAPs, SARs, POA&Ms, policies, procedures, and evidence packages; strong understanding of SaaS and cloud environments, preferably AWS, AWS GovCloud, Azure Government, or similar regulated platforms; excellent program management skills with experience driving cross-functional initiatives, managing risks, and delivering executive reporting; ability to translate complex compliance requirements into clear operational guidance for technical and non-technical stakeholders; strong written communication and documentation skills.
- Preferred Qualifications: Experience achieving or maintaining FedRAMP Moderate/High, GovRAMP, or StateRAMP authorizations; experience working with 3PAOs, advisory firms, or government sponsors; background in healthcare, life sciences, public sector, or other regulated industries; familiarity with AWS GovCloud, Kubernetes, infrastructure as code, vulnerability management, identity and access management, or security monitoring; experience with GRC platforms, compliance automation, or continuous monitoring tools; relevant certifications such as CISSP, CISM, CISA, CRISC, CCSP, CCSK, PMP, or Security+.