Security GRC Lead (Public Sector)

TL;DR

Security GRC Lead (Public Sector): Managing and maintaining public sector security compliance frameworks for cloud services with an accent on FedRAMP, NIST 800-53, and CMMC. Focus on maintaining authorizations, coordinating with third-party auditors (3PAO), and guiding the migration of cloud products into government-authorized environments.

Location: San Francisco, California

Company

hirify.global is a global leader in cloud-based software and CRM solutions.

What you will do

• Manage relationships with external auditors (3PAO), sponsoring agencies, and the FedRAMP PMO.
• Maintain the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and the overall authorization package.
• Drive continuous monitoring efforts and conduct internal assessments to prepare partners for external audits.
• Collaborate with Engineering and Product teams to safely onboard new cloud products into the security boundary.
• Represent the company as the Information System Security Officer (ISSO) and coordinate with System Owners.
• Provide subject-matter expertise on public sector requirements to R&D, Sales, and Marketing teams.

Requirements

• 3-5+ years of experience specifically within the FedRAMP industry.
• 3+ years of project or program management experience at a software company.
• Experience working with Government Cloud environments such as AWS, Azure, or GCP (SaaS, IaaS, PaaS).
• Broad knowledge of SOX, SOC2, ISO 27001, PCI DSS, HIPAA, and public sector certifications.
• Experience creating status and metrics reports to guide informed management decisions.
• Must be based in San Francisco, California.

Nice to have

• Relevant professional certifications: CISSP, CRISC, CISA, CISM, or GIAC.