Risk and Compliance Lead
RLDatix · Chicago, IL · 2 wk ago
HybridFinanceFull-time
About the role
The US-based GovRAMP/TX-RAMP Risk & Compliance Officer will serve as the dedicated compliance delivery lead for RLDatix's 18-month authorization program and its ongoing continuous monitoring lifecycle. This position will work closely with the GovRAMP PMO, third-party assessors, and US state agency authorizing officials.
Responsibilities
- Author and maintain System Security Plans (SSPs) for GovRAMP Core (60 controls) and Moderate (394 controls) using NIST SP 800-53 Rev 5 baseline to achieve authorization milestones
- Map existing SOC 2 Type II and HIPAA evidence to NIST control families in order to identify gaps and coordinate collection across Engineering, HR, Facilities, Legal, and SecOps
- Own the Plan of Action & Milestones (POA&M) from Phase 2 to track 3PAO findings, coordinate remediation, and provide monthly updates to the CISO for sign-off
- Produce monthly Continuous Monitoring (ConMon) deliverables including vulnerability scan reports, POA&M updates, and significant change notifications in order to meet GovRAMP PMO requirements
- Cross-train with the NAM Risk & Compliance Officer on SOC 2 Type II and HIPAA delivery to provide mutual holiday/sickness cover and strengthen team resilience
Requirements
- 5+ years' experience in security compliance or GRC roles within CSPs, SaaS vendors, or consulting firms supporting GovRAMP/FedRAMP/StateRAMP authorizations
- Proven success delivering at least one full GovRAMP, FedRAMP, or StateRAMP authorization (SSP through ATO and ongoing ConMon)
- In-depth knowledge on how to map SOC 2, HIPAA, and ISO 27001 to NIST SP 800-53 Rev 5 control families and author SSPs in OSCAL format or legacy template
- Ability to work US business hours from a US location for real-time collaboration with the GovRAMP PMO, 3PAO, and state agency officials
- Sincere interest in enabling US state and local healthcare agencies to adopt patient safety solutions
- A knack for working collaboratively within a cross-functional, remote-first environment
- One of the following professional certifications: CISSP, CISA, CRISC, CCSP, or CAP (CAP preferred)
Qualifications
- One of the following professional certifications: CISSP, CISA, CRISC, CCSP, or CAP (CAP preferred)
Skills
- Experience with NIST SP 800-53 Rev 5 baseline
- Knowledge of SOC 2 Type II and HIPAA frameworks
- Ability to work with third-party assessors and state agency officials
- Collaborative and cross-functional experience
Benefits
- Health, dental, vision, life, disability insurance
- 401K
- Paid time off
- Paid holidays
Pay
Salary offers are based on a wide range of factors including location, relevant skills, training, experience, education, and, where applicable, licensure or certifications obtained. Market and organizational factors are also taken into consideration.
Schedule
US business hours from a US location for real-time collaboration with the GovRAMP PMO, 3PAO, and state agency officials.