Security Governance & SSP Lead (GRC, NIST RMF, CMS MARS-E, Cloud Security 14+ yrs)
Share
Job Location:
Austin, TX - USA
Monthly Salary:
Not Disclosed
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
Job Title: Security Governance & SSP Lead (GRC NIST RMF CMS MARS-E Cloud Security -14 yrs)
Location: Austin TX (Hybrid - Local candidates Only)
We are currently seeking candidates who meet the following qualification
Key Responsibilities
- Lead end-to-end System Security & Privacy Plan (SSP/SSPP) development maintenance and updates for enterprise systems.
- Drive remediation activities through POA&M management ensuring timely closure of compliance gaps.
- Translate penetration testing and vulnerability assessment findings into actionable remediation work items (EPICs/user stories).
- Coordinate with application infrastructure and security teams to validate remediation through re-testing and documented evidence.
- Oversee risk-based vulnerability management including prioritization and SLA-driven remediation tracking.
- Provide governance oversight for:
- Endpoint protection controls
- Web application security controls
- Cloud and hybrid security controls
- Produce assessor-ready documentation including:
- Security configurations
- Continuous monitoring evidence
- Formal approvals
- Incident traceability artifacts
- Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices.
- Deep focus on:
- Governance Risk and Compliance (GRC)
- Enterprise Security and Security Architecture
- Vulnerability Management and Penetration Testing
- Cloud Security and hybrid environments
- Proven experience owning SSP development end to end
- Hands-on experience with CMS MARS-E v2.2 or comparable federal/state security frameworks
- Strong expertise in:
- Control implementation documentation
- Audit evidence collection and validation
- POA&M creation tracking and remediation management
- Ability to translate technical security issues into compliance-aligned remediation actions
- Strong stakeholder management skills across security infrastructure and application teams
- Excellent written and verbal communication skills particularly when engaging executive stakeholders
- Knowledge of:
- National Institute of Standards and Technology (NIST) 800-53
- NIST Risk Management Framework (RMF)
- Privacy controls
- Knowledge of Secure SDLC and DevSecOps practices
- Experience operating in multi-vendor multi-platform environments
- Demonstrated ability to reduce repeat audit findings and improve compliance maturity
- Experience mentoring or guiding teams on security governance best practices
- Experience supporting systems within large state health and human services environments including SSP development and compliance alignment
If you meet these qualifications please submit your application via link provided in Linkedin
Kindly do not call the general line to submit your application.
Key Skills
- CCTV
- Customer Service
- Communication skills
- Computer Skills
- ICD Coding
- Military Experience
- Law Enforcement
- NIST Standards
- Security
- DoD Experience
- RMF
- Writing Skills
