Liberty was founded on the principles of challenge and change. We are looking for talented individuals that want to challenge the assumptions of what an IT partner is capable of delivering and help our clients achieve the transformational change that is critical for their success. If you have the knowledge, the experience, and the drive to succeed, Liberty has a place for you. We are committed to help you to realize your potential and achieve success in your career.
Please submit your resume and we'll contact you as soon as relevant positions open up that fit your skills and background.It is the policy of Liberty IT Solutions, LLC to provide equal employment opportunity without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, disability, protected veteran status, genetic information, or any other basis protected by institutional policy or by federal, state or local laws unless such distinction is required by law.
Risk and Compliance Lead
- Job Title
- Risk and Compliance Lead
- Job ID
- Melbourne or Remote, FL
- Other Location
Summary: We are looking for a Risk & Compliance Lead to join our growing organization. The lead is the person identified to FedRAMP, VA, HIPAA, etc as the named individual responsible for security and privacy. In this position, you will contribute to maintaining and achieving security compliance certifications and authorizations for WellHive’s SaaS offering. Keen attention to detail, analytical, problem-solving, and automation abilities, and interest in security compliance are essential.
Required Education: Bachelor’s Degree or higher in a business or technical discipline
Required Years of Experience: 8 years, or 8 years of additional relevant experience may be substituted for education
- Responsible for identifying, planning, and road mapping future compliance activities such as annual FedRAMP assessments and considerations for business value in complying with other frameworks such as HITRUST, SOC 2, etc.
- Monitor for updates to compliance requirements from FedRAMP and others and include in planning and road mapping.
- Present high-level compliance needs, concerns, and business value to the executive team.
- Manage the work of the Risk & Compliance team.
- Maintain an understanding of the architecture of the system and its supporting processes.
- Assist in the development and maintenance of compliance with various security frameworks (FedRAMP, HITRUST, etc) and contractual obligations (customer and partner agreements, MOUs, ISAs, BAAs, etc).
- Analyze requirements and perform gap analysis.
- Collaborate with engineers responsible for the architecture and implementation of the system to develop plans for filling in gaps and reducing overall risk.
- Maintain customer and assessor facing documentation of the system and its processes from a compliance perspective.
- Collect and analyze evidence that the system and its processes continue to operate in a compliant manner.
- Participate in engagements with assessors and auditors.
- Assist in the continuous improvement of compliance-related processes by proposing and implementing solutions (process changes, tools, automation) to reduce toil and improve quality.
- Understanding of basic cloud and software development lifecycle concepts.
- Programming experience, especially around building internal tools and automation.
- Enough exposure to security compliance activities to have some insight and interest in learning more.
- Ability to read and understand formalized security requirements from sources like the NIST SP 800 series, FIPS, and contracts. Should be able to interpret these requirements in the context of the system and its supporting processes.
- Effective verbal and written communication skills. Should be able to adapt communication style to suit different audiences.
- Cloud and/or security-related certifications (AWS Certified Solutions Architect, CCSK, etc.).
- FedRAMP, NIST SP 800-53, HIPAA, and/or HITRUST knowledge.
- Experience working with the Department of Veterans Affairs (VA), especially the Veterans Health Administration (VHA).
- Exposure to Open Security Controls Assessment Language (OSCAL) or a similar “compliance and documentation as code” technology, like OpenControl.