Audit & Risk Mgmt Consultant

About the Team

Our Security, Risk, and Compliance team partners closely with cross-functional stakeholders to enable secure, compliant, and scalable operations that meet customer and regulatory expectations. The team plays a critical role in supporting government customers by ensuring the organization's security posture, internal controls, and compliance programs align with applicable government standards and frameworks. We operate at the intersection of security, technology, audit, and business execution, bringing rigor, structure, and accountability to highly collaborative and audit-driven initiatives.

About the Role

This role is responsible for leading and executing GovRAMP, FedRAMP, and related government compliance initiatives from readiness through assessment and ongoing maintenance. The individual serves as a primary liaison between government customers, external assessors, and internal teams, translating regulatory, security, and technical requirements into clear, actionable workstreams.

As a developed professional within the career band, this role requires deep expertise in security compliance and regulatory programs, the ability to independently manage complex projects, and strong stakeholder influence. Success in this role is driven by ownership, judgment, and the ability to bring structure and momentum to cross-functional compliance efforts.

Responsibilities

• Lead and project manage GovRAMP and FedRAMP readiness, assessment coordination, and execution activities across internal stakeholders and external assessors or government customer representatives.

• Serve as the primary point of contact for government customers, translating security, compliance, and technical requirements into actionable plans and deliverables.

• Coordinate and support customer-facing security and compliance requests, including questionnaires, evidence collection, control mapping, policy documentation, audit artifacts, and follow-up actions.

• Partner with Information Security, Product, Engineering, Infrastructure, Legal, PMO, and customer-facing teams to drive completion of compliance deliverables and remediation activities.

• Review, evaluate, develop, implement, maintain, and validate internal controls, business processes, and supporting documentation to ensure alignment with corporate objectives and government standards.

• Track project milestones, dependencies, risks, issues, and decisions associated with government compliance programs and communicate status, risks, and outcomes to leadership and stakeholders.

• Ensure policies, procedures, standards, and process documentation are periodically reviewed, updated, and maintained across the organization.

• Support audits and assessments by coordinating evidence requests, stakeholder interviews, remediation tracking, and communications with external auditors, assessors, or customer representatives.

• Contribute to continuous improvement of the organization's security and compliance framework, including controls maturity, process design, and readiness for evolving government requirements.

• Provide professional guidance in areas of expertise, lead small project teams, and formally train or mentor junior team members as needed.

Requirements

• Bachelor's degree in a relevant field or an equivalent combination of education and experience.

• Significant experience in security compliance, audit, risk management, internal controls, or regulatory program management.

• Hands-on experience supporting or managing FedRAMP, GovRAMP, or similar government or security compliance frameworks.

• Excellent understanding of internal controls, audit methodologies, risk management practices, and compliance documentation.

• Experience working cross-functionally with Information Security, Engineering, Product, Legal, and customer-facing teams.

• Proven ability to independently manage complex initiatives, resolve ambiguity, and drive work to completion.

• Excellent written and verbal communication skills, with the ability to communicate effectively with customers, auditors, technical teams, and executive stakeholders.

• Demonstrated ability to analyze complex problems, apply professional judgment, and improve processes using best practices.

Preferred Qualifications

• Experience working directly with government customers or within highly regulated environments.

• Familiarity with frameworks and standards such as NIST 800-53, FedRAMP, GovRAMP, SOC 2, ISO 27001, SOX, or similar.

• Experience coordinating with external auditors or third-party assessors.

• Relevant certifications such as CISA, CRISC, CISSP, CISM, PMP, or comparable credentials.
  
  Physical and/or logical access to criminal justice information is an essential function of this role. The successful candidate will be required to pass both the standard company background check for all employees and an enhanced criminal background check conducted by the Company's state and local law enforcement partners conducted in compliance with the FBI's Criminal Justice Information System ("CJIS") security policy. Employees in this role may also be subject to ongoing criminal background checks as required by the Company's state and local law enforcement partners. Candidates and/or employees who are not certified by state and local law enforcement to access criminal justice information will not be able to perform the essential functions of this role. Employees who subsequently fail to obtain or maintain CJIS compliance may be reassigned or terminated.