Governance Compliance Specialist

At some point in any digital investigation, an analyst needs to step beyond the perimeter and engage threats at the source. Authentic8 Silo places any type of digital analyst in region-specific, multi-application workspaces, securely and anonymously, anywhere across the globe. Target content can be captured, analyzed, and transformed in order to derive intelligence and support investigation requirements. All delivered in a cloud-native, multi-tenant platform.

Compliance officers, mission managers, and administrators have their own specific audit and oversight requirements; to meet these needs, Silo also ensures compliance and appropriate use through class-leading policy enforcement and audit logging.

Silo transforms how more than 750 of the world's most sophisticated organizations, from domestic and foreign government agencies to commercial entities across all sectors conduct their digital investigations.

Authentic8 is seeking a highly skilled and motivated Governance Compliance Specialist (GCS) to facilitate its robust security program objectives and lead all activities related to periodic documentation and compliance auditing. Working under the supervision of the Governance Risk & Compliance Manager, the GCS will play a critical role in ensuring continuous adherence to established security standards and frameworks. This position requires a professional with a background in security, a natural disposition for managing complex projects with numerous deliverables, and the acumen to maintain effective relationships across a multidisciplinary team. The ideal candidate will be a hands-on contributor who is passionate about embedding security best practices into the company culture to support our mission of providing a secure cloud-based service to cutting-edge public and private organizations.

Responsibilities::
• Manage the Information Assurance Control Calendar by completing assigned compliance activities (e.g., access reviews) and coordinating with stakeholders to ensure periodic tasks (e.g., contingency and incident response plan testing) are completed on schedule.
• Ensure company policies, plans, procedures, and standards are reviewed and updated regularly for accuracy and compliance.
• Maintain and manage the Plan of Action & Milestones (POA&M) for FedRAMP, CMMC, and internal findings to ensure timely resolution of security gaps.
• Lead and facilitate monthly FedRAMP meetings, providing authorizing officials with briefings on all deliverables and program status.
• Lead and oversee the company’s supply chain risk management program, conducting risk assessments for all new and existing vendors, suppliers, and services.
• Lead the CVE (Common Vulnerabilities and Exposures) meeting, providing detailed explanations of vulnerabilities, their impact, and recommended remediation steps to relevant stakeholders.
• Assist the Governance Risk & Compliance Manager in preparing for external assessments (e.g., FedRAMP audits, SOC 2 attestations) by maintaining audit-ready documentation, collecting evidence, and coordinating with stakeholders during the process.
• Ensure all personnel complete mandatory training during onboarding and on a periodic basis as required, and collaborate with relevant teams to develop and update training materials yearly based on evolving security protocols and company requirements.
• Support current and potential customers by providing detailed and timely responses to Requests for Information (RFI).
• Ensure continuous adherence to established regulatory frameworks, including FedRAMP, ISO 27001, CMMC, SOC 2, HIPAA, GDPR, and PCI DSS.

Qualifications::
• Four or more years of professional experience in Information Technology, with at least two years in Information Assurance, Information Security, or Risk Management.
• Bachelor's degree in a related field (e.g., computer science, information systems, cybersecurity) or a commensurate number of years of professional experience.
• Proven success in leading complex projects and activities among a multidisciplinary team.
• Demonstrated familiarity with NIST 800-53 and FedRAMP frameworks.

Desired::
• Professional credentials demonstrating a strong understanding of security fundamentals (e.g., ISC2, CompTIA, ISACA, GIAC).
• Experience working with cloud-based services, such as SaaS or PaaS.
• Experience in project or program management.
• Familiarity with compliance frameworks including NIST 800-53, HIPAA, GDPR, and PCI DSS.

Salary Range:
• $70,000 - $80,000 + Bonus & Equity
Individual pay will be determined by location and additional factors, including job related skills, experience, and relevant education or training.

Authentic8 Core Values & Principles:

Integrity: We apply our best efforts. We are honest with and accountable to others.
Mission-Focused: We clearly define and communicate our goals and do not stray in the pursuit of our objective.
Respect: We value and respect the ideas and experience our diverse backgrounds bring us. Positive consideration of differing viewpoints makes us stronger.
We are collaborative: We recognize the best work is the product of teams. We must each be reliable and expect to rely on others.
We are transparent: By operating with common information and understanding we ensure that we are aligned.
We find innovative solutions: We seek innovative solutions not as a buzzword but as a means to solve difficult problems with zeal, efficiency and quality.
We take ownership: We are responsible for our actions, our reputation and our business.

Authentic8 offers competitive benefits, including medical, dental and vision, flexible PTO, a 401k program and stock options.

It is the policy of Authentic8 to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law.