Public Sector Audit and Compliance Specialist
Location Santa Clara, CA Onsite Day1
Duties:
Audit Preparation and Compliance Support
Utilize established playbooks to conduct audit preparation activities for certification-related audits (e.g., FedRAMP, CMMC, ISMAP, IRAP).
Track compliance efforts across multiple frameworks, ensuring alignment with public sector certification requirements.
Manage the collection, documentation, and organization of audit evidence, providing weekly updates to management on the status of InfoSec evidence.
Collaborate with the ACE Team to track and provide updates on evidence automation projects, ensuring controls are efficiently automated.
Continuous Remediation
Identify and address gaps in continuous monitoring (ConMon) controls, regularly reporting on progress through the RADAR platform.
Maintain a detailed remediation log for issues identified during audits, follow up with responsible InfoSec teams, and escalate unresolved issues.
Cross-Team Coordination and Reporting
Act as the operational liaison between the Public Sector GovSec team and cross-functional groups such as InfoSec, GCAT, Product, and Engineering, ensuring clear communication of audit and certification priorities.
Provide weekly progress reports to leadership on audit, certification, and remediation efforts, highlighting risks, gaps, and deadlines.
Manage public sector certification timelines to ensure timely submission of required documentation, evidence, and corrective actions.
Policy and Documentation Support
Assist in reviewing and updating policy, procedure, and control documentation to reflect the latest certification standards and regulatory requirements.
Conduct internal audits to verify adherence to compliance policies and certification frameworks.
Assist in control mapping across various certification frameworks to identify overlaps and gaps for efficient audit preparation.
Risk Management and Mitigation
Collaborate with InfoSec teams to identify control gaps and develop risk mitigation strategies in advance of audits.
Monitor and escalate critical vulnerabilities to key stakeholders, ensuring public sector security compliance.
Continuous Improvement Initiatives
Propose process optimizations to enhance audit and certification workflows, focusing on efficiency, automation, and documentation quality.
Support the integration of GRC (Governance, Risk, and Compliance) tools like RADAR into daily operations for tracking compliance metrics and evidence collection.
Skills:
Technical Audit Knowledge: Experience with audit processes, evidence gathering, and control mapping for frameworks like FedRAMP, CMMC, ISMAP, and IRAP.
Compliance Expertise: Strong understanding of public sector certification requirements and security frameworks (e.g., NIST 800-53, ISO 27001).
Cross-Functional Collaboration: Ability to coordinate and communicate effectively with diverse teams, including InfoSec, legal, engineering, and GRC.
Remediation Management: Proven experience in tracking remediation actions, ensuring continuous monitoring of controls, and addressing gaps promptly.
Risk Management: Skill in identifying, documenting, and mitigating risks related to security and compliance, with a focus on audit readiness.
Reporting & Communication: Strong written and verbal communication skills to deliver clear status updates, reports, and risk assessments to leadership.
Process Optimization: Ability to identify inefficiencies in audit processes and propose solutions to improve workflows, documentation, and automation.
Tool Integration: Familiarity with GRC tools (e.g., RADAR, Archer) for compliance tracking, evidence management, and reporting automation.
Education:
Bachelor’s Degree: Preferred in a relevant field such as Information Security, Cybersecurity, IT, Business Administration, or related disciplines.
Required Certifications:
Certified Information Systems Auditor (CISA) – highly beneficial for audit and compliance roles.
Certified Information Systems Security Professional (CISSP) – beneficial for a broader understanding of security frameworks and practices.
Certified in Risk and Information Systems Control (CRISC) – useful for risk identification and mitigation.
Certified Information Security Manager (CISM) – for managing and overseeing an organization’s information security program.
FedRAMP-specific training or certification (if available).
Required Skills:
AUDIT,DOCUMENTATION,NIST,GOVERNANCE, RISK AND COMPLIANCE
REMEDIATION
Additional Skills:
EXCELLENT WRITTEN AND VERBAL COMMUNICATION SKILLS RISK ASSESSMENTS TECHNICAL AUDIT COMPLIANCE SPECIALIST COLLECTION INFOSEC LIAISON INFORMATION SECURITY CISSP CISA GOVERNANCE OPTIMIZATION MITIGATION METRICS TRADING DOCUMENTING SENSORS CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL TOPO OPERATIONS CISM
Minimum Degree Required: Bachelor’s Degree Certifications & Licenses:
CISA
CISM
CISSP
Certified Information Security Manager
Certified Information Systems Auditor
Certified Information Systems Security Professional Certified in Risk and Information Systems Control (CRISC)
Public Sector Audit and Compliance Specialist
Duties:
Audit Preparation and Compliance Support
Utilize established playbooks to conduct audit preparation activities for certification-related audits (e.g., FedRAMP, CMMC, ISMAP, IRAP).
Track compliance efforts across multiple frameworks, ensuring alignment with public sector certification requirements.
Manage the collection, documentation, and organization of audit evidence, providing weekly updates to management on the status of InfoSec evidence.
Collaborate with the ACE Team to track and provide updates on evidence automation projects, ensuring controls are efficiently automated.
Continuous Remediation
Identify and address gaps in continuous monitoring (ConMon) controls, regularly reporting on progress through the RADAR platform.
Maintain a detailed remediation log for issues identified during audits, follow up with responsible InfoSec teams, and escalate unresolved issues.
Cross-Team Coordination and Reporting
Act as the operational liaison between the Public Sector GovSec team and cross-functional groups such as InfoSec, GCAT, Product, and Engineering, ensuring clear communication of audit and certification priorities.
Provide weekly progress reports to leadership on audit, certification, and remediation efforts, highlighting risks, gaps, and deadlines.
Manage public sector certification timelines to ensure timely submission of required documentation, evidence, and corrective actions.
Policy and Documentation Support
Assist in reviewing and updating policy, procedure, and control documentation to reflect the latest certification standards and regulatory requirements.
Conduct internal audits to verify adherence to compliance policies and certification frameworks.
Assist in control mapping across various certification frameworks to identify overlaps and gaps for efficient audit preparation.
Risk Management and Mitigation
Collaborate with InfoSec teams to identify control gaps and develop risk mitigation strategies in advance of audits.
Monitor and escalate critical vulnerabilities to key stakeholders, ensuring public sector security compliance.
Continuous Improvement Initiatives
Propose process optimizations to enhance audit and certification workflows, focusing on efficiency, automation, and documentation quality.
Support the integration of GRC (Governance, Risk, and Compliance) tools like RADAR into daily operations for tracking compliance metrics and evidence collection.
Skills:
Technical Audit Knowledge: Experience with audit processes, evidence gathering, and control mapping for frameworks like FedRAMP, CMMC, ISMAP, and IRAP.
Compliance Expertise: Strong understanding of public sector certification requirements and security frameworks (e.g., NIST 800-53, ISO 27001).
Cross-Functional Collaboration: Ability to coordinate and communicate effectively with diverse teams, including InfoSec, legal, engineering, and GRC.
Remediation Management: Proven experience in tracking remediation actions, ensuring continuous monitoring of controls, and addressing gaps promptly.
Risk Management: Skill in identifying, documenting, and mitigating risks related to security and compliance, with a focus on audit readiness.
Reporting & Communication: Strong written and verbal communication skills to deliver clear status updates, reports, and risk assessments to leadership.
Process Optimization: Ability to identify inefficiencies in audit processes and propose solutions to improve workflows, documentation, and automation.
Tool Integration: Familiarity with GRC tools (e.g., RADAR, Archer) for compliance tracking, evidence management, and reporting automation.
Education:
Bachelor’s Degree: Preferred in a relevant field such as Information Security, Cybersecurity, IT, Business Administration, or related disciplines.
Required Certifications:
Certified Information Systems Auditor (CISA) – highly beneficial for audit and compliance roles.
Certified Information Systems Security Professional (CISSP) – beneficial for a broader understanding of security frameworks and practices.
Certified in Risk and Information Systems Control (CRISC) – useful for risk identification and mitigation.
Certified Information Security Manager (CISM) – for managing and overseeing an organization’s information security program.
FedRAMP-specific training or certification (if available).
Required Skills:
AUDIT
DOCUMENTATION
NIST
GOVERNANCE, RISK AND COMPLIANCE
REMEDIATION
Additional Skills:
EXCELLENT WRITTEN AND VERBAL COMMUNICATION SKILLS RISK ASSESSMENTS TECHNICAL AUDIT COMPLIANCE SPECIALIST COLLECTION INFOSEC LIAISON INFORMATION SECURITY CISSP CISA GOVERNANCE OPTIMIZATION MITIGATION METRICS TRADING DOCUMENTING SENSORS CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL TOPO OPERATIONS CISM
Minimum Degree Required: Bachelor’s Degree Certifications & Licenses:
CISA
CISM
CISSP
Certified Information Security Manager
Certified Information Systems Auditor
Certified Information Systems Security Professional Certified in Risk and Information Systems Control (CRISC)
From:
Sunita Sharma,
TechSource
sunita@tsourceinc.net
Reply to: sunita@tsourceinc.net