Compliance Specialist – FedRAMP, HITRUST

Job Description: • Support the implementation and maintenance of Jorie’s FedRAMP authorization program in alignment with agency and customer requirements. • Develop and maintain FedRAMP System Security Plans (SSP), POA&Ms, and supporting documentation. • Coordinate with internal IT and cloud engineering teams to ensure continuous compliance of systems within AWS, Azure, or other CSP environments. • Liaise with 3PAOs (Third-Party Assessment Organizations) and government stakeholders during audits and assessments. • Ensure consistent control alignment between FedRAMP Moderate/High baselines, HITRUST CSF, and NIST 800-53 frameworks. • Maintain evidence documentation, control mapping, and compliance matrices for overlapping regulatory programs (HITRUST, SOC 2, HIPAA, PCI). • Participate in ongoing HITRUST recertification processes, including control review, evidence validation, and policy updates. • Collaborate with internal and external auditors (e.g., ISP) to ensure accurate reporting and compliance posture visibility. • Assist in continuous monitoring of security controls and remediation of POA&M items. • Conduct risk assessments for cloud systems, vendors, and new integrations impacting the FedRAMP boundary. • Coordinate vulnerability scans, incident response activities, and configuration management documentation in alignment with FedRAMP and HITRUST requirements. • Develop, update, and enforce policies related to data security, cloud compliance, and regulatory reporting. • Provide compliance guidance and training to engineering, DevOps, and IT personnel involved in the FedRAMP environment. • Support internal readiness reviews, gap assessments, and compliance roadmap initiatives. Requirements: • 3–6 years of experience in compliance, information security, or risk management. • At least 2 years of direct experience supporting FedRAMP programs or equivalent government compliance frameworks. • Hands-on experience with HITRUST CSF certification processes, evidence collection, and auditor coordination. • Experience working in cloud-based environments (AWS, Azure, or GCP) and familiarity with continuous monitoring tools (Splunk, Qualys, Nessus, etc.). • Background in healthcare, AI, or SaaS industries strongly preferred. Benefits: Apply tot his job