FedRAMP Program Manager

Job Title: FedRAMP Program Manager Location: 100% Remote Job type and Duration: Contract FedRAMP Program Manager Contractor role The person will lead the FedRAMP efforts for the Client including collaboration with internal stakeholders, Outside Counsel, AO (authorizing agencies) & 3PAO, and will report into the GRC team.

• Lead and manage Client's Fedramp program, including making updates to Client's FedRAMP System Security Plan (SSP), and managing the ConMon initiative.
• Be a FedRAMP subject matter expert (SME) and provide input to Engineering, IT and various business teams with regard to how FedRAMP compliance may impact product updates, SSP updates or the underlying relevant processes.
• Leverage technical and program management skills to plan, track, collaborate and report on FedRAMP program deliverables, including scheduling and leading meetings, assigning and tracking action items, and developing status reports.
• Provide support to the compliance audit and assessment efforts to include external third-party auditors with evidence collection and upload, auditor interview support, and auditor walk-throughs of policies, procedures, and related compliance and security documentation.
• Assist with performing and managing security impact analyses (SIAs), reviewing access management controls, relevant training deployment to applicable users, and where required mapping technical implementation of changes to impacted NIST security controls.
• Work with the Engineering team to execute on continuous monitoring, including tracking and updating the Client's Plan of Action and Milestones and ensuring timely reporting to our Agency partners.
• Collaborate with the Federal Operations team and Outside Counsel to perform timely and efficient communication with our agencies and the PMO. Facilitate and verify FedRAMP evidence and artifacts are created and uploaded according to FedRAMP continuous monitoring (ConMon) requirements.
• Assess the impact of new features and architectural changes to the Fedramp boundary and SSP. Guide technical teams on relevant NIST requirements and documentation update tasks.
• Educate and train internal process and control owners or implementers so they better understand the security controls framework and their responsibilities.
• Review and approve Fedramp VPC access requests. Design the necessary training material to educate users on data protection measures.
• Assist GRC team on other ad hoc, important tasks, when required.

• You have over 8 years of information technology and/or information security experience
• You have over 5 years of project or program management experience, playing a critical role in the execution, planning, tracking, delivery or audit of a FedRAMP program (Fedramp-moderate or Fedramp-high).
• You have domain expertise in FedRAMP (Federal Risk Authorization Management Program), NIST SP 800-53 Rev 4, NIST SP 800-37, FISMA (Federal Information Systems Management Act), NIST RMF (Risk Management Framework),
• You have a track record of successfully collaborating with technical and business teams to achieve deadline-driven milestones while demonstrating the ability to think critically and creatively, with analytical and problem solving skills.
• You are able to independently operate and take a proactive approach to your projects.