"Alerted.org

Summary: This role is responsible for leading the Cybersecurity Governance, Risk, & Compliance function with responsibility for a risk-‑based compliance program that integrates Assessment & Authorization (A&A/RMF), policy and planning, and continuous monitoring across on-premise‑ and cloud environments. Coordinates security control assessments and system authorizations per NIST RMF practices and develops/maintains cybersecurity policy and governance to ensure alignment with enterprise goals and regulatory obligations (e.g., SOX, NIST 800-NNN‑, ISO/IEC 27001, privacy laws). Primary alignment to NICE Systems Authorization and Cybersecurity Policy & Planning work roles, with additional responsibilities consistent with the Authorizing Official/Designating Representative role for risk acceptance and accreditation decisions. Essential Functions: * Lead the enterprise Assessment & Authorization (A&A) lifecycle—categorization, control selection/implementation, assessment, authorization, and continuous monitoring—using the NIST RMF and organizational procedures. * Oversee and perform security control assessments; document results, identify systemic issues, and track remediation to closure. * Prepare, review, and maintain authorization packages (e.g., SSP, SAR, POA&M); recommend risk disposition and authorization decisions. * Develop, publish, and maintain cybersecurity policies, standards, and implementation guidelines; ensure policy alignment to business objectives and regulations. * Establish compliance metrics and executive reporting (e.g., control effectiveness, residual risk trends, time-to‑-‑remediate, audit closure rate); drive continuous improvement. * Coordinate internal/external audits; design and implement independent audit processes for applications, networks, and systems; validate corrective actions. * Govern third-party‑ / supplier compliance (security and privacy requirements, contractual clauses, assessments) and track risk treatment. * Advise leadership on risk acceptance and authorization determinations; ensure decisions reflect organizational risk tolerance and mission impacts * Integrate policy, standards, and A&A activities with security architecture/engineering and IT operations to embed compliance by design. * Monitor emerging regulations and technologies; update policy and control baselines accordingly. Qualifications: * Bachelor’s degree in information systems, computer science, cybersecurity, or related field (or equivalent experience). * Certifications: CISA, CISM, CRISC, CIPM, CGEIT, or CISSP (preferred). * 5+ years in IT Compliance / GRC, including RMF based A&A, policy governance, audit management, and third party risk. * Hands on with NIST control baselines, ISO/IEC 27001 controls, SOX ITGCs, and privacy obligations, * Experience with GRC platforms, evidence automation, and cloud compliance tooling. * Strong leadership, stakeholder communication, and executive reporting skills. Full-Time