Here at Everlaw we are seeking a highly skilled and experienced Public Sector Compliance Lead to guide our compliance initiatives within the public sector. This role requires deep expertise in regulatory standards, including FedRAMP, StateRAMP, CJIS, and other government frameworks. The ideal candidate will lead cross-functional teams to ensure alignment with public sector security requirements, audit readiness, and certification processes. You will be responsible for driving the development and implementation of security programs, ensuring adherence to government regulations, and acting as the subject matter expert for compliance-related technical issues.
At Everlaw, our mission is to promote justice by illuminating truth. Our company culture is open and vibrant and we’re committed to the professional growth of our team members, offering an annual learning and development stipend and regular check-ins with managers regarding career goals. If you’re looking for a place that values passion, integrity, thinking big, and a desire to learn, we’d love to hear from you! Think you’re missing some of the skills and are hesitant to apply? We do not believe in the ‘perfect’ candidate and encourage you to apply if you feel you can bring value to our team.
This is a full-time exempt position based in our Oakland, California office with a hybrid work schedule: in office M/W/Th with the option to work from home Tu/Fr.
Key Responsibilities:
- Lead, manage, and mature security compliance programs for public sector certifications (FedRAMP, StateRAMP, CJIS, etc.).
- Responsible for executing and managing public sector security program operational activities, including CJIS program management activities such as managing and monitoring access, clearance processes, and related tasks.
- Serve as the primary expert for compliance requirements, coordinating with subject matter experts (SMEs).
- Translate control requirements into simpler terms, making them applicable to our environment to enhance understanding and implementation.
- Provide technical guidance and lead discussions with Engineering, IT, and other teams to articulate NIST requirements and facilitate necessary design and infrastructure modifications.
- Analyze boundary diagram, data flows, and interconnections, offering recommendations for compliance enhancements.
- Drive security improvements to help meet compliance requirements and internal efficiencies.
- Engage with customers as needed to showcase our compliance capabilities.
- Oversee and manage audit preparation, evidence collection, and ATO, certification renewal process.
- Collaborate with Security Engineering, PeopleOPS, IT, and PMO teams to ensure program activities are planned and executed and to meet compliance with government standards.
- Lead and manage the Continuous Monitoring (ConMon) initiative and suggest program improvements.
- Identify opportunities to automate manual processes and implement solutions to improve efficiency and reduce human error in compliance workflows.
- Support the S&T team as a collaborative team player, assisting with other ad hoc tasks as needed.
Project Management:
- Expert in managing multiple projects and establishing project timelines.
- Ability to manage project milestones and report progress, escalating issues in a timely manner.
- Strong leadership skills to coordinate cross-functional teams, address challenges promptly, and adapt plans as necessary to accommodate changing circumstances or new information.
Qualifications:
- Experience: Minimum of 3 years experience in security compliance roles focused on public sector clients; Proven track record in leading security audits and managing responses to compliance findings.
- Technical Expertise: Extensive knowledge of public sector security compliance frameworks, including but limited to FedRAMP, CJIS, NIST. Strong technical background in cloud security and compliance.
- Collaboration: Experience collaborating with cross-functional teams such as engineering and Legal in managing audits and ensuring compliance.
- Communication: Excellent written and verbal communication skills, with the ability to translate complex technical concepts to both technical and non-technical stakeholders.
Preferred:
- Previous experience in public sector compliance roles.
- Certifications: CISSP, PMP or their equivalent
- Experience with GRC tools (e.g., AuditBoard).
Apply to join our team and help shape the future of secure public sector solutions!