FedRAMP Operations Lead

FedRAMP Operations Lead

The FedRAMP operations lead is a senior technical and governance authority responsible for securing, maintaining and maturing the organization’s cloud platforms in alignment with federal requirements. The role supports vulnerability management, documentation upkeep, annual assessments, control monitoring, reporting, and coordination with internal teams, agencies, the FedRAMP PMO, and 3

PAOs.

You will directly influence the enterprise’s security posture, working across engineering, product, operations, and external assessors to ensure federal-grade trust, security and compliance.

As a FedRAMP Operations lead, you will:

• Collaborate with internal teams to manage the continuous monitoring program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing the artifacts.
• Conduct continuous monitoring activities to assess the effectiveness of security controls and identify vulnerabilities or non‑compliance issues.
• Implement and maintain continuous monitoring processes to ensure alignment with FedRAMP guidelines.

• Maintain and update the System Security Plan (SSP) and all required FedRAMP documentation.
• Develop, maintain, and submit continuous monitoring deliverables per FedRAMP’s required cadence.
• Keep risk documentation, assessments, and reports current, including updates to the POA&Ms.

• Conduct regular risk assessments and vulnerability scans to identify emerging threats and vulnerabilities.
• Monitor security alerts/incidents, investigate events, and coordinate response actions in alignment with FedRAMP requirements.
• Support incident response processes and ensure all required incident communication and reporting activities occur.

• Join recurring agency Con Mon meetings, including reviewing and submitting required artifacts.
• Interface with FedRAMP PMO, the agency sponsor, consultants, and the 3
  
  PAO assessment team to maintain certification.
• Assist with the annual 3
  
  PAO assessment—from planning through project closure.

• Assist with annual security assessments, including scope definition, SAP prep, security testing, SAR development, and POA&Ms updates.
• Generate or support deviation requests and manage assessment artifacts for reuse.

• Collaborate with cross‑functional teams on risk mitigation strategies and compliance improvements.
• Educate internal stakeholders on FedRAMP security requirements and Con Mon processes.

You’re a fit for the role of FedRAMP Operations lead if your background includes:

• 5+ years in cloud security architecture, engineering, or related roles involving federal workloads.
• Demonstrated mastery of FedRAMP, NIST RMF, and NIST SP 800‑53 Rev 5 controls.
• Deep understanding of FedRAMP requirements, continuous monitoring processes, and NIST security controls.
• Experience in vulnerability management, risk assessments, and security incident analysis.
• Strong communication skills, capable of interfacing with federal agencies and auditors.
• Ability to analyze security data and generate reports for leadership and agencies.
• Bachelors degree in cybersecurity, information security, or related discipline.

• Hybrid Work Model:
  We’ve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected.
• Flexibility & Work-Life Balance:
  Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance.
• Career Development and Growth:
  By fostering a culture of continuous learning and skill development, we prepare our…