Senior IT Compliance Specialist

Senior Information Compliance SpecialistWe are seeking a Senior Information Compliance Specialist to support our Information Security Division. This role is responsible for driving federal compliance initiatives, supporting ATO processes, and ensuring adherence to key regulatory frameworks including NIST, FISMA, and FedRAMP. The ideal candidate brings a strong mix of technical security knowledge, compliance expertise, and the ability to collaborate across teams to maintain a robust control environment.ResponsibilitiesSupport the Program Manager in FedRAMP compliance, documentation, and continuous monitoring activitiesDevelop, maintain, and review security documentation required under FISMA for accuracy and completenessCoordinate and support control implementation across FedRAMP High control familiesConduct gap analyses against NIST SP 800-53 controls and drive remediation efforts, ensuring traceability to evidenceLead and support Authority to Operate (ATO) processes, including preparation, submission, and ongoing maintenanceManage security documentation and audit evidence collection; respond to audit requests and findingsTrack vulnerabilities, control gaps, and POA&Ms, ensuring timely remediation and reportingPerform security control assessments and establish metrics to measure control effectivenessExecute continuous monitoring activities post-ATO to maintain complianceServe as a primary point of contact for audits, compliance inquiries, and documentation reviewsCollaborate with technical and non-technical stakeholders to identify risks and collect relevant informationProvide regular briefings on ATO status, audit findings, remediation progress, and control gapsIdentify and assess potential threats and vulnerabilities to the organization's information systemsContribute to reducing regulatory and reputational risk by ensuring adherence to internal policies and standardsRequired QualificationsBachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience)7–8+ years of experience in information security, risk, or complianceHands-on experience with FedRAMP (approximately 3+ years preferred)Strong knowledge of NIST frameworks, including SP 800-53 and Risk Management Framework (RMF)Experience supporting or executing ATO processesUnderstanding of FISMA requirements and federal compliance standardsAbility to interpret and analyze security documentation, not just compile itExperience tracking vulnerabilities, POA&Ms, and compliance gapsFamiliarity with cloud security tools (Azure preferred; AWS acceptable)Proficiency with Microsoft 365 applicationsStrong organizational, analytical, and process management skillsExcellent communication and collaboration abilities across technical and business teamsPreferred QualificationsExperience within financial services or a regulated industryFamiliarity with IRS 1075 compliance requirementsExperience with Azure security tools (Defender for Cloud, Sentinel, Azure Policy/Blueprints, Key Vault, Private Link, Purview)Professional certifications such as CISM, CISSP, or CISAJ-18808-Ljbffr