Senior GRC Engineer – NIST 800-53/FedRAMP

🔥 11 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Workstreet

WebsiteLinkedInAll Job Openings

11 - 50 employees

Founded 2023

🔒 Cybersecurity

📋 Compliance

🤝 B2B

Cybersecurity • Compliance • B2B

Workstreet is a managed security and compliance services provider that helps businesses automate and modernize their security programs. With expertise in compliance frameworks including SOC 2, ISO 27001, HIPAA, and GDPR, Workstreet supports companies in achieving their security and compliance outcomes efficiently. Their services include acting as a virtual Chief Information Security Officer (vCISO), full-scale penetration testing, and vendor risk management, aiming to streamline security processes while allowing businesses to focus on growth.

📋 Description

• Guide Clients Through Federal Authorization Processes: Lead clients through NIST SP 800-53 and FedRAMP compliance initiatives, providing proactive communication, clear milestone guidance, and hands-on support throughout the Assessment and Authorization (A&A) lifecycle • Collaborate Closely with Clients: Partner directly with organizations pursuing federal authorizations to understand their environment, identify security gaps, and drive progress toward achieving and maintaining compliance • Be a Trusted Compliance Advisor: Deliver expert guidance on NIST SP 800-53, FedRAMP requirements, and federal cybersecurity standards in a way that is accessible, actionable, and aligned with each client's unique operational environment • Lead and Mentor a Compliance Team: Provide direction, feedback, and professional development support to a small team of compliance professionals, maintaining quality standards and accountability across client engagements • Drive Consistent Delivery: Manage and coordinate multiple NIST SP 800-53 and FedRAMP compliance projects across various clients, ensuring milestones and deliverables are met ahead of authorization deadlines • Interpret and Apply Security Controls: Analyze and interpret NIST SP 800-53 security and privacy controls and control baselines to ensure client compliance with federal cybersecurity standards • Develop and Maintain Authorization Documentation: Create, implement, and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other authorization documentation required for NIST SP 800-53 and FedRAMP • Conduct Gap Assessments: Perform readiness reviews to identify and address control deficiencies for organizations pursuing an Authorization to Operate (ATO) or FedRAMP authorization • Support Assessment Activities: Guide clients through the Assessment and Authorization (A&A) process and coordinate with Third-Party Assessment Organizations (3PAOs) and independent assessors • Collaborate on Remediation Efforts: Work closely with clients to identify and remediate gaps in their security programs to meet NIST SP 800-53 Low, Moderate, and High control baselines • Monitor Regulatory Updates: Stay current on evolving NIST SP 800-53 revisions, FedRAMP requirements, and federal cybersecurity policies and guidance to ensure client programs remain compliant and ahead of changing requirements

🎯 Requirements

• Strong organizational skills with the ability to manage multiple NIST SP 800-53 compliance projects concurrently • 5+ years of experience in federal compliance, NIST SP 800-53, FedRAMP, or RMF implementation • 3+ years of leadership experience managing or guiding a small team • Deep understanding of the NIST Risk Management Framework (RMF) and the security and privacy control families within NIST SP 800-53 • Experience with NIST SP 800-53 control implementation and assessment • Familiarity with FedRAMP authorization paths and federal agency workflows • Experience working with cloud service providers (CSPs) or organizations pursuing federal authorizations • Knowledge of common FedRAMP-authorized cloud environments such as AWS GovCloud, Azure Government, or GCC High • Thrives in a fast-paced startup environment

🏖️ Benefits

• Career Development: Clear growth path with mentorship and training opportunities • Technical Training: Comprehensive onboarding on security and compliance frameworks • Competitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunities • Growth Opportunity: Early-stage company with significant room for career advancement • Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team