Apply on Employer Site

FEI Systems · 1 day ago

Governance, Risk and Compliance Manager (Hybrid)

Columbia, MD 21044, USA

Full-time

Hybrid

Mid, Senior Level

$110K/yr - $150K/yr

5+ years exp

FEI Systems is dedicated to creating innovative technology solutions to enhance health and human services delivery. They are seeking a Governance, Risk and Compliance Manager to oversee the implementation and monitoring of security controls in accordance with the NIST Risk Management Framework, while also managing the Internal Audit program.

Information ServicesInformation Technology

No H1B

U.S. Citizen Only

Responsibilities

Design and maintain a comprehensive Governance, Risk and Compliance program that addresses relevant regulatory requirements and industry best practices

Develop and update policies, procedures, and controls to reflect current regulations and organizational needs

Create and maintain a compliance risk assessment framework to identify, evaluate, and prioritize compliance risks

Plan and manage compliance-related assignments for one or more programs/customers

Serve as the primary point of contact for the customer relative to matters of information security

Develop, review, and maintain RMF documentation, including SSPs, POA&Ms, Risk Assessments, Contingency Plans, and Continuous Monitoring Plans

Collaborate with internal control owners to ensure technical security controls are correctly configured and operational

Map implemented security and privacy controls to industry frameworks (e.g., NIST SP 800-53 Rev. 5, SAE 18, ISO 27000)

Manage completion of Security Control Assessments (SCA) to include: evidence validation and remediation tracking

Manage external security audits, responding to findings and implementing improvements

Work with assessors to resolve findings and close gaps in compliance

Update POA&Ms with mitigation plans, timelines, and status updates

Monitor security controls and maintain ongoing situational awareness of compliance posture

Lead the preparation of compliance reports and security metrics for leadership and stakeholders

Maintain knowledge of evolving NIST standards, federal security requirements, and related frameworks (e.g., FedRAMP, FISMA)

Manage the coordination and maintenance of the SOC 2 audit project plan, timelines, and deliverables

Partner with process owners to gather, review, and organize audit evidence for all five Trust Services Criteria

Collaborate with engineering, IT, HR, legal, and operations teams to obtain control evidence (e.g., policies, procedures, system logs, training records)

Ensure evidence meets auditor requirements in both content and format

Maintain a centralized repository for SOC 2 documentation, ensuring security and confidentiality

Assist in monitoring and maintaining SOC 2 controls across all trust service categories

Track and follow up on remediation actions for identified gaps or deficiencies

Support control owners in understanding control requirements and implementation best practices

Serve as primary point of contact for auditor questions during the engagement

Coordinate audit interviews and walkthroughs with relevant stakeholders

Monitor and respond to auditor requests in a timely manner

Support the review of the auditor’s draft report for accuracy and completeness

Document lessons learned and update procedures to improve future readiness

Manage ongoing compliance monitoring to maintain SOC 2 readiness year-round

Qualification

NIST RMFSOC 2 requirementsAICPA Trust Services CriteriaSecurity certificationsCompliance frameworksCloud security best practicesManagement skillsCommunicationOrganizational skills