Open to U.S. citizens or nationals (residents of American Samoa and Swains
Island). Subject to background check. Full information
Supervisory status: Not Supervisory
Job title: FedRAMP Information Systems Security Officer (ISSO)/Cloud Security Assessment
Official title in USAJOBS:
Number of vacancies: 3
Location: Anywhere in the U.S. (remote)
Salary range: GS-13 ($98,496 to $158,432)
Your salary, including base and locality, will be determined upon selection,
dependent on your actual duty location. Please note the maximum salary available
for the GS pay system is $183,500. For specific details on locality pay, please
visit OPM’s Salaries & Wages page
or for a salary calculator
OPM’s 2023 General Schedule (GS) Salary Calculator. You can find more
information in our
compensation and benefits section.
Occasional travel may be required up to 10%-20% per year.
This is a permanent position.
Learn more about the benefits of working at
The American people deserve to trust that their government is effectively securing their online interactions. Those agencies, in turn, trust FedRAMP to provide fair, accurate and unbiased assessments of cloud service offerings. FedRAMP is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment and maintaining a centralized repository of security packages that agencies can request and reuse.
The FedRAMP Program Lead will unite vision and execution to lead an interdisciplinary team in delivering the IT/Cybersecurity assessment of commercial cloud services leveraging current industry and government cybersecurity laws and policies.
1. Own the product vision and lead end-to-end product/program development and management.
Operates as part of the FedRAMP Cloud Assessment Team supporting program strategy and roadmap, including objectives, goals, and metrics, in support of federal cybersecurity and FedRAMP program policy.
Develop a communications strategy and training that includes internal/external government and commercial stakeholders supporting Vulnerability Management program goals and expectations.
Identify, proactively monitor and address program risks associated with cybersecurity and vulnerability management within the cloud cybersecurity assessment process.
Work with the team to set and meet quality standards for vulnerability management deliverables.
Make evidence-based program decisions through use of user research, analytics, and other tools.
Ensure commercial cloud service providers adhere to federal regulations and standards.
2. Work with agency partners to enable cybersecurity risk management.
Work with partners and stakeholders to operate within established in-house cloud security assessment program.
Collaborate with partners to navigate complex bureaucratic relationships to bring stakeholders together around a common program vision and strategy to support the cybersecurity assessment of commercial cloud services..
Work with partners to establish relationships with their security, operations, and IT teams that will help sustain the product in the long term.
3. Build expertise around program management.
Keep abreast of program management best practices and share within the TTS organization to grow overall program management quality.
Stay on top of new technologies and how they can be used to help solve government problems.
Contribute to FedRAMP’s culture of transparency by publishing accounts of successes and challenges to help promote transparency and help agencies and commercial entities understand and navigate program complexities
Continually seek out new tools that could improve the way we work.
Pay attention to well-supported open source product offerings that can be reused in a government context to solve common problems.
Provide as much detail as possible on your resume so that we can evaluate your
previous experience. Follow our
guidance on creating a federal style resume.
Failure to provide required information may result in disqualification.
For each job on your resume, provide:
- The exact dates you held each job (from month/year to month/year or “present”)
- Number of hours per week you worked (if part time)
SPECIALIZED EXPERIENCE REQUIREMENTS:
To qualify, you must have one (1) year of specialized experience at the next
lower GS-grade (or equivalent). Specialized experience is defined as follows:
- Experience implementing, evaluating, and assessing cybersecurity and compliance standards, such as International Standards Organization (ISO), Health Insurance Portability and Accountability Act (HIPAA), Security Operations Center (SOC), Payment Card Industry (PCI), National Institute of Standards and Technology (NIST), or FedRAMP.
- Experience participating in the delivery of a highly complex digital program, product or business
- Experience building and managing collaborative relationships with a complex set of stakeholders to achieve program goals.
- Experience in developing organizational cybersecurity policy and practice to further the assessment of complex IT and cloud-based systems.
How to Apply
Get notified when this position is
open for applications.