Compliance Lead - FedRAMP

  • Location: Chicago
  • Department: Security
  • Work Status: Full-time

Overview

At Relativity, we make software to help users organize data, discover the truth, and act on it. Our e-discovery platform is used by more than 13,000 organizations around the world to manage large volumes of data and quickly identify key issues during litigation, internal investigations, and compliance projects.

Here you can own your career in a community of values-driven people who help our customers around the world solve complex data challenges. If this sounds like the place for you, check out the details of this position below.

The Compliance Lead – FedRAMP will provide expertise for the development, enforcement and maintenance of compliance initiatives for our newly developing FedRAMP program. This will include risk assessment, policy development, control design, change management, compliance monitoring and audit planning/management. The Compliance Lead – FedRAMP will also facilitate the development and documentation for our initial FedRAMP System Security Plan and Program with our 3PAO. 

Do you have two + years of related professional services experience within Federal projects, information security auditing and/or consulting? Do you have experience performing FedRAMP assessments and familiarity with the NIST risk management framework and cloud computing technologies? Are you currently employed by a 3PAO, national consulting firm or accounting firm that assists in FedRAMP and/ or FISMA assessment and would like to reduce your travel schedule? Are you looking for a professional challenge to help build a new program from the bottom up? Then this position in Relativity compliance is custom designed for you.

Responsibilities

  • Provide expertise for the development, enforcement, and maintenance of compliance initiatives for FedRAMP program, including policy development, control design, change management, compliance monitoring and audit management.
  • Facilitate the development and documentation for our initial FedRAMP System Security Plan and Program with our 3PAO.
  • Assist in decision making and project status reporting (along with PM).
  • Work with the functional teams (e.g. engineering, IT, cloud services, support staff, etc.) and the 3PAO to provide clarity and proscribe solutions that are known to work in FedRAMP environment. 
  • Collaborate with your compliance team members and our functional teams in developing FedRAMP compliant policy, procedure, control and change management documentation.
  • Design and conduct FedRAMP related internal control testing and compliance assessment activities to support moving through the FedRAMP “gates”.
  • Participate in the update of our GRC system to include the facilitation and automation of future FedRAMP risk assessment, testing, change management and ongoing reporting requirements.
  • Facilitate the design of FedRAMP compliance sustainment activities, roles and responsibilities.
  • The Relativity Compliance team is maturing across multiple market credentials. Once our program is FedRAMP authorized, opportunities will exist for diversifying your portfolio of credentials, maturing our capabilities, and leading new compliance efforts.

Preferred Qualifications

  • One or more relevant certifications (i.e. CISA, CISSP, CISM, CCSP, Sec+) or the ability to achieve within 12 months of hire
  • Project or program management experience is a “plus”.
  • Knowledge of secure software development lifecycle (SSDLC) methodology, ideally with cloud applications
  • Experience with secure supplier categorization, vendor performance rating and vendor testing, ideally within FedRAMP / NIST standards.
  • Experience using Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.)
  • Ability guide collaborative, cross functional root cause analysis activities needed to remediate our compliance and risk posture.

Minimum Qualifications

  • Two or more years of experience specific to Federal projects and information security auditing of FISMA/FedRAMP and the NIST 800-53 / SP  800-37 security controls and risk management framework
  • At least five years of experience conducting audits for compliance monitoring, internal audit or external audit purposes, covering SOX 404 ITG controls and/or SOC 2 SSAE 16 controls
  • Bachelor’s degree
  • Experience planning and managing third-party audits (e.g., 3PAO, agency, auditor, etc.)
  • Working knowledge of security concepts and NIST 800-53 framework and control principles
  • Motivated self-starter who thrives in a changing, growing environment
  • Able to work independently while collaborating effectively with other team members
  • Articulate speaker; comfortable communicating complex security and compliance related topics

About Relativity

Relativity has over 160,000 users in 40+ countries from organizations including the U.S. Department of Justice, more than 70 Fortune 100 companies, and all of the Am Law 200. Relativity's cloud solution, RelativityOne, offers all the functionality of Relativity in a secure and comprehensive SaaS product. Our company has also been named one of Chicago's Top Workplaces by the Chicago Tribune for seven consecutive years. If you’re ready to grow with us, we’d love to hear from you. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

How We #ActOnIt

Connect With Us

Not ready to apply? Connect with us for general consideration.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.