Sr. IT Compliance Specialist

Sr. IT Compliance Specialist

We are seeking a Senior Information Compliance Specialist to support our Information Security Division. This role is responsible for driving federal compliance initiatives, supporting ATO processes, and ensuring adherence to key regulatory frameworks including NIST, FISMA, and FedRAMP. The ideal candidate brings a strong mix of technical security knowledge, compliance expertise, and the ability to collaborate across teams to maintain a robust control environment.

Key Responsibilities Support the Program Manager in FedRAMP compliance, documentation, and continuous monitoring activities Develop, maintain, and review security documentation required under FISMA for accuracy and completeness Coordinate and support control implementation across FedRAMP High control families Conduct gap analyses against NIST SP 800-53 controls and drive remediation efforts, ensuring traceability to evidence Lead and support Authority to Operate (ATO) processes, including preparation, submission, and ongoing maintenance Manage security documentation and audit evidence collection; respond to audit requests and findings Track vulnerabilities, control gaps, and POA&Ms, ensuring timely remediation and reporting Perform security control assessments and establish metrics to measure control effectiveness Execute continuous monitoring activities post-ATO to maintain compliance Serve as a primary point of contact for audits, compliance inquiries, and documentation reviews Collaborate with technical and non-technical stakeholders to identify risks and collect relevant information Provide regular briefings on ATO status, audit findings, remediation progress, and control gaps Identify and assess potential threats and vulnerabilities to the organization's information systems Contribute to reducing regulatory and reputational risk by ensuring adherence to internal policies and standards Required Qualifications Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience) 7-8+ years of experience in information security, risk, or compliance Hands-on experience with FedRAMP (approximately 3+ years preferred) Strong knowledge of NIST frameworks, including SP 800-53 and Risk Management Framework (RMF) Experience supporting or executing ATO processes Understanding of FISMA requirements and federal compliance standards Ability to interpret and analyze security documentation, not just compile it Experience tracking vulnerabilities, POA&Ms, and compliance gaps Familiarity with cloud security tools (Azure preferred; AWS acceptable) Proficiency with Microsoft 365 applications Strong organizational, analytical, and process management skills Excellent communication and collaboration abilities across technical and business teams Preferred Qualifications Experience within financial services or a regulated industry Familiarity with IRS 1075 compliance requirements Experience with Azure security tools (Defender for Cloud, Sentinel, Azure Policy/Blueprints, Key Vault, Private Link, Purview) Professional certifications such as CISM, CISSP, or CISA Advanced degree in a related field #LI-RG1