Jobs · Education

Principal, Public Sector SecOps & GRC

Consensus Cloud Solutions · United States · 2 wk ago
RemoteRemoteEducation$160k–$170k/yrFull-time

About the role

The Principal, Public Sector SecOps & GRC serves as the central security and compliance leader for all public sector engagements, encompassing federal, state, and local mandates.

Responsibilities

  • Evolves from a purely compliance-focused mandate to bridge Security Operations (SecOps) and Governance, Risk, and Compliance (GRC).
  • Ensures comprehensive defense and continuous authorization across Consensus’ public sector SaaS platforms.
  • Ledesigns, implements, and oversees a unified security framework that aligns with NIST 800-53 Rev. 5 controls, FedRAMP High authorizations, GovRAMP, CMMC, and emerging SLED requirements (such as TexasRAMP and StateRAMP).
  • Compiles and submits Monthly Continuous Monitoring (ConMon) reports, including vulnerability scans, POA&M trackers, and asset inventories for all applicable public sector frameworks.
  • Oversees threat hunting and vulnerability remediation to ensure compliance with strict federal timelines, specifically: High (30 days), Moderate (90 days), and Low (180 days).
  • Escalates unremediated vulnerabilities and initiates Plan of Action and Milestones (POA&M) creation within 7 days of issue identification when remediation deadlines cannot be met.
  • Coordinates and leads Annual 3PAO Security Assessments, including penetration testing and red team exercises, across FedRAMP and other public sector programs.
  • Manages and maintains a compliant, hosted secure repository for storing, retrieving, and provisioning access to security packages and artifacts.
  • Manages and oversees third parties, including managed security service providers (MSSPs) performing public sector security functions, and directs project management support for these programs.
  • Serves as System Steward for the VA-F package in eMASS, managing Risk Management Framework (RMF) activities, ATO assessments, and workflows.
  • Submits and maintains accurate documentation for the initial and ongoing marketplace listings (e.g., FedRAMP, StateRAMP) of Consensus as a Cloud Service Provider (CSP).
  • Oversees actionable incident response testing every 6 months and administers incident response training to all assigned personnel within 10 days of role assignment and annually thereafter.
  • Oversees background checks and reinvestigations for all personnel requiring system access, consistent with high-impact public trust requirements, and enforces Rules of Behavior agreements.
  • Maintains current SaaS platform architecture diagrams and submits all Security Change Requests (SCRs) and Deviation Requests for approval.
  • Contributes to non-FedRAMP commercial compliance frameworks, such as ISO 27001, SOC 2, or HIPAA, ensuring unified control mappings across public and private sector services.
  • Provides security and compliance guidance to IT, engineering, and development teams to support the design of secure, compliant, and resilient cloud-based architectures.
  • Identifies, evaluates, and implements GRC and SecOps tools that support policy automation, identity management, and threat intelligence.
  • Assists with responses to customer security assessments and third-party due diligence requests from prospective SLED and federal agencies.
  • Mentors junior staff or cross-functional team members in information security, compliance best practices, and secure development lifecycles.
  • Supports business continuity planning, disaster recovery documentation, and live operational exercises.
  • Performs other duties and responsibilities as required, assigned, or requested.

Qualifications

  • Required Degree: Bachelor's degree in computer science, information technology, or cybersecurity.
  • Required Certifications: Active Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP) certification.
  • Required Background Checks: Undergo a Public Trust Background Investigation with a favorable suitability determination.
  • Experience: 8+ years of experience in information security governance, risk, and compliance, with at least 5 years specifically supporting FedRAMP High, FISMA, NIST SP 800-53 rev 5, or RMF; 5+ years in the ISSM or ISSO role managing the security package for federal government agencies high-impact systems; 5+ years of experience managing or supporting security assessments with Third Party Assessment Organizations (3PAOs); 3+ years of hands-on experience using GRC platforms (e.g., RSA Archer, ServiceNow GRC, OneTrust) and vulnerability management platforms (e.g., Tenable, Qualys, Rapid7); 2+ years direct experience mapping controls and leading assessments for GovRAMP, CMMC (Level 2+), and StateRAMP/SLED requirements; 2+ years of experience with identity and access management systems (e.g., Okta, Azure AD) for access control governance; Cloud Architecture Proficiency: Demonstrated experience working within cloud environments such as AWS GovCloud or Azure Government, including cloud-native security controls; Systems & Tooling Mastery: Proficiency with AWS CLI, Powershell and scripting automated compliance tasks in Windows and Linux systems tools, Nessus Pro, Burp Suite, Splunk, AWS IAM, Jira, FortiGate firewalls, eMASS, Box.com for Gov, and Okta for Gov Identity Provider; Analytical Critical Thinking: Demonstrates strong analytical skills to assess complex security risks, interpret compliance requirements, and evaluate technical vulnerabilities; Process Engineering: Builds and refines repeatable, auditable processes for security governance, risk management, and compliance activities; Cross-Functional Communication: Communicates clearly and effectively with technical and non-technical stakeholders, including auditors, developers, and executive leadership; Continuous Assessment: Ability to implement continuous monitoring and assessment programs to identify and address security threats in real-time, maintaining a proactive SecOps stance.

Skills

  • Security Operations (SecOps)
  • Governance, Risk, and Compliance (GRC)
  • Continuous Monitoring
  • Vulnerability Management
  • Threat Hunting
  • Plan of Action and Milestones (POA&M)
  • Audit Coordination
  • Third-Party Oversight
  • System Stewardship
  • Marketplace Maintenance
  • Incident Response Operations
  • Access & Trust Governance
  • Architecture & Change Control
  • Commercial Framework Integration
  • Customer Trust
  • Mentorship
  • Resilience Planning
  • Tooling & Automation

Benefits

Consensus Cloud Solutions is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive and equitable environment for all employees. We offer many remote and hybrid career opportunities.

Pay

The salary range for this role is $160,000 - $170,000 USD annually. The total compensation package for this position is negotiable and may also include annual performance bonus, ESPP, enhanced time off packages and benefits.

Schedule

This position is fully remote within the U.S. and allows up to 10% travel. Physical requirements include sitting for long periods and handling long periods of screen time.

Similar jobs