Office of Solutions: FedRAMP Director
This job posting has closed.
Please see our other open positions.
Basic information
Open to U.S. citizens or nationals (residents of American Samoa and Swains
Island). Subject to background check. Full information
is
available on
USAJOBS.
Supervisory status: Supervisory
Job title: Office of Solutions: FedRAMP Director
Official title in USAJOBS: IT Program Manager PLCYPLN/INFOSEC
Number of vacancies: 1
Location: Anywhere in the U.S. (remote)
Salary range: GS-15 ($143,736 to $191,900)
Your salary, including base and locality, will be determined upon selection,
dependent on your actual duty location. Please note the maximum salary available
for the GS pay system is $191,900. For specific details on locality pay, please
visit OPM’s Salaries & Wages page
or for a salary calculator
OPM’s 2024 General Schedule (GS) Salary Calculator. You can find more
information in our
compensation and benefits section.
Travel requirement:
Occasional travel may be required up to 15% per year.
Work schedule:
Full time.
Appointment type:
This is a permanent position.
Learn more about the benefits of working at
GSA and
TTS.
Role summary
The Director of FedRAMP leads the federal government’s initiative to make it straightforward and safe for Federal agencies to use modern cloud-based software and infrastructure to deliver on their mission.
The position serves as the principal leader and point of contact for the Federal Risk Management and Authorization Program (FedRAMP).
FedRAMP was created in 2011 to accelerate the government’s use of commercial cloud services, by creating a standardized process for security review and authorization and making security information easily available to agencies. More generally, FedRAMP operates as a bridge between the public and private sectors, to help companies that offer innovative services navigate federal security expectations and to bring the best of the private sector into government.
Since its creation, the cloud sector has changed substantially and agency needs have focused more on software-as-a-service products. In recent years, Congress and the White House have updated the program’s mission and authorities, with a mandate to scale and modernize the program, while continuing to ensure the high bar of security that the public expects around government data and operations.
The Director will oversee FedRAMP’s strategy to achieve this. The position is a dynamic role that will engage with government and private sector stakeholders, make key policy and operational decisions affecting government-wide use of cloud products, while supervising program staff and resources. The role will require information security expertise, a vision for change, and entrepreneurial spirit to position the program as a cybersecurity leader, maintain trust in the FedRAMP brand, and operate efficiently and consistently.
Key objectives
1. You will expand the size and diversity of the FedRAMP marketplace.
-
Identify and understand the present and future needs of the federal government, and focus the FedRAMP program on bringing into government the cloud service providers that will safely help agencies meet those needs.
-
Increase the capacity and speed of the FedRAMP ecosystem, including by working collaboratively with federal agencies and others to create more channels and processes for authorizing cloud providers.
-
Serve as the primary spokesperson for the FedRAMP program with industry, government, and the media.
-
Manage relationships and forge partnerships with key government partners, including the FedRAMP Board, the Executive Office of the President, the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and others.
2. You will accelerate and simplify the FedRAMP process for federal agencies and cloud service providers.
-
Orient FedRAMP around agile delivery principles, by enabling cloud providers to operate using secure agile software development practices and rapid delivery of security updates and features.
-
Transition FedRAMP to an automation-first, API-driven program, in its internal operations as well as through customer-facing services for automated self-validation and submission.
-
Establish and publish customer-oriented key performance metrics for the program, and drive program improvements along those metrics to demonstrate visible progress to public and government stakeholders.
-
Continuously optimize the fundamental processes of the FedRAMP program, as well as the processes agencies and third parties operate to participate in FedRAMP.
3. You will grow FedRAMP’s reputation as a trusted independent evaluator of cloud services.
-
Protect and build the FedRAMP brand as a meaningful and rigorous security and risk management process, whose authorizations can consistently be presumed adequate for use by any federal agency.
-
Build the overall technical and information security expertise of the FedRAMP program, through recruitment, training, and ongoing staff development.
-
Keep FedRAMP focused on the biggest security threats to the federal government and the commercial cloud ecosystem.
-
Ensure the program maintains oversight of any third-party organizations involved in the assessment and review of cloud services.
Qualifications
Provide as much detail as possible on your resume so that we can evaluate your
previous experience. Follow our
guidance on creating a federal style resume.
Failure to provide required information may result in disqualification.
For each job on your resume, provide:
- The exact dates you held each job (from month/year to month/year or “present”)
- Number of hours per week you worked (if part time)
SPECIALIZED EXPERIENCE REQUIREMENTS:
To qualify, you must have one (1) year of specialized experience at the next
lower GS-grade (or equivalent). Specialized experience is defined as follows:
- Developing or leading the development of cloud-based infrastructure and software in commercial or government cloud environments.
- Implementing or leading the implementation of information security design and architecture principles.
- Working with information security compliance frameworks, such as FedRAMP, FISMA, SOC2, PCI, ISO 27001, or other relevant frameworks used in the public or private sector.
- Building coalitions across distinct stakeholder groups, such as customers, partners, and oversight or governance bodies.
How to Apply
Please choose cybersecurity or executive management from the role list of options to be notified about this position. This position will open for application on USAJOBS on Tuesday, 4/16/24. The application link will update on Tuesday.
This job posting has closed.
Please see our other open positions.
Basic information
Open to U.S. citizens or nationals (residents of American Samoa and Swains Island). Subject to background check. Full information is available on USAJOBS.
Supervisory status: Supervisory
Job title: Office of Solutions: FedRAMP Director
Official title in USAJOBS: IT Program Manager PLCYPLN/INFOSEC
Number of vacancies: 1
Location: Anywhere in the U.S. (remote)
Salary range: GS-15 ($143,736 to $191,900)
Your salary, including base and locality, will be determined upon selection, dependent on your actual duty location. Please note the maximum salary available for the GS pay system is $191,900. For specific details on locality pay, please visit OPM’s Salaries & Wages page or for a salary calculator OPM’s 2024 General Schedule (GS) Salary Calculator. You can find more information in our compensation and benefits section.
Travel requirement: Occasional travel may be required up to 15% per year.
Work schedule: Full time.
Appointment type: This is a permanent position.
Learn more about the benefits of working at GSA and TTS.
Role summary
The Director of FedRAMP leads the federal government’s initiative to make it straightforward and safe for Federal agencies to use modern cloud-based software and infrastructure to deliver on their mission.
The position serves as the principal leader and point of contact for the Federal Risk Management and Authorization Program (FedRAMP).
FedRAMP was created in 2011 to accelerate the government’s use of commercial cloud services, by creating a standardized process for security review and authorization and making security information easily available to agencies. More generally, FedRAMP operates as a bridge between the public and private sectors, to help companies that offer innovative services navigate federal security expectations and to bring the best of the private sector into government.
Since its creation, the cloud sector has changed substantially and agency needs have focused more on software-as-a-service products. In recent years, Congress and the White House have updated the program’s mission and authorities, with a mandate to scale and modernize the program, while continuing to ensure the high bar of security that the public expects around government data and operations.
The Director will oversee FedRAMP’s strategy to achieve this. The position is a dynamic role that will engage with government and private sector stakeholders, make key policy and operational decisions affecting government-wide use of cloud products, while supervising program staff and resources. The role will require information security expertise, a vision for change, and entrepreneurial spirit to position the program as a cybersecurity leader, maintain trust in the FedRAMP brand, and operate efficiently and consistently.
Key objectives
1. You will expand the size and diversity of the FedRAMP marketplace.
-
Identify and understand the present and future needs of the federal government, and focus the FedRAMP program on bringing into government the cloud service providers that will safely help agencies meet those needs.
-
Increase the capacity and speed of the FedRAMP ecosystem, including by working collaboratively with federal agencies and others to create more channels and processes for authorizing cloud providers.
-
Serve as the primary spokesperson for the FedRAMP program with industry, government, and the media.
-
Manage relationships and forge partnerships with key government partners, including the FedRAMP Board, the Executive Office of the President, the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and others.
2. You will accelerate and simplify the FedRAMP process for federal agencies and cloud service providers.
-
Orient FedRAMP around agile delivery principles, by enabling cloud providers to operate using secure agile software development practices and rapid delivery of security updates and features.
-
Transition FedRAMP to an automation-first, API-driven program, in its internal operations as well as through customer-facing services for automated self-validation and submission.
-
Establish and publish customer-oriented key performance metrics for the program, and drive program improvements along those metrics to demonstrate visible progress to public and government stakeholders.
-
Continuously optimize the fundamental processes of the FedRAMP program, as well as the processes agencies and third parties operate to participate in FedRAMP.
3. You will grow FedRAMP’s reputation as a trusted independent evaluator of cloud services.
-
Protect and build the FedRAMP brand as a meaningful and rigorous security and risk management process, whose authorizations can consistently be presumed adequate for use by any federal agency.
-
Build the overall technical and information security expertise of the FedRAMP program, through recruitment, training, and ongoing staff development.
-
Keep FedRAMP focused on the biggest security threats to the federal government and the commercial cloud ecosystem.
-
Ensure the program maintains oversight of any third-party organizations involved in the assessment and review of cloud services.
Qualifications
Provide as much detail as possible on your resume so that we can evaluate your previous experience. Follow our guidance on creating a federal style resume.
Failure to provide required information may result in disqualification.
For each job on your resume, provide:
- The exact dates you held each job (from month/year to month/year or “present”)
- Number of hours per week you worked (if part time)
SPECIALIZED EXPERIENCE REQUIREMENTS:
To qualify, you must have one (1) year of specialized experience at the next lower GS-grade (or equivalent). Specialized experience is defined as follows:
- Developing or leading the development of cloud-based infrastructure and software in commercial or government cloud environments.
- Implementing or leading the implementation of information security design and architecture principles.
- Working with information security compliance frameworks, such as FedRAMP, FISMA, SOC2, PCI, ISO 27001, or other relevant frameworks used in the public or private sector.
- Building coalitions across distinct stakeholder groups, such as customers, partners, and oversight or governance bodies.
How to Apply
Please choose cybersecurity or executive management from the role list of options to be notified about this position. This position will open for application on USAJOBS on Tuesday, 4/16/24. The application link will update on Tuesday.