Security and Compliance Manager

As the Security and Compliance Manager , you will support Primer’s Public Sector business as the lead for federal security and compliance with US government contracts. Your most important responsibility will be to achieve and maintain Primer’s compliance with initiatives such as NIST 800-171/CMMC 2.0, and FedRamp processes.  Additionally, you will wear several hats including acting as the Facility Security Officer (FSO) and the Personnel Security Officer (PSO) for Primer Federal and serving as the resident expert on US federal programs including Export Control and the Risk Management Framework (RMF) process for DOD.

Working with Primer Federal, you will be responsible for driving forward progress on Authority To Operate (ATO) processes, and maturing security and compliance controls to support a GCC High IT environment.  You will also be expected to work cross-functionally across other parts of Primer, such as the Legal, Human Resources, Product and Engineering teams. In general, this role requires high levels of trust, autonomy, and balancing security requirements with delivery needs.

Role Responsibilities - How You Will Make an Impact:

• Drive Primer’s federal security programs, to include NIST 800-171/CMMC 2.0, Export Control, FedRAMP, DoD/CC SRG, and help align security strategy with business goals.
• Work with other internal Primer teams to lead the rollout of practical changes required for compliance - this would include gathering detailed IT requirements and budget, thinking through and revamping processes, and being very detail oriented and ready to learn about technologies and trade offs between technologies.
• Create and maintain program-specific training for employees and ensuring policies are being enforced.
• Serve as the official FSO for Primer Federal.  While this doesn't require previous experience as an FSO, you will be required to complete any required training courses to obtain necessary certifications.
• Serve as the PSO for Primer Federal, assisting personnel with security clearances and providing identification validation.
• Organize and lead future security/compliance gap analyses and assessments, in a hands-on way by writing and pulling together documentation, diagrams, identifying/tracking tasks for internal Primer teams (e.g. Engineering, Product, etc.), and communicating with external stakeholders.
• Comprehend Risk Management Framework (RMF) accreditation requirements for specific customer deployments, and be able to translate those requirements into an actionable project plan to meet customer timelines.
• Utilize your expertise to ensure Primer Federal’s GGC High IT environment continually meets federal requirements for processing and storing sensitive data.

Relevant Skills and Experience:

• US citizenship required
• Located in the DC metro area
• Experience with FedRamp and RMF processes
• Familiarity with relevant NIST, Export Controls, and NISPOM requirements
• General technical knowledge of cloud technologies and platforms (AWS, Azure, GCP)
• Active TS/SCI security clearance preferred
• 3+ years of professional experience working in or with the US Department of Defense or related US Government organizations
• Bonus points for CISSP/CISM certification, experience in knowledge of Department of Defense acquisition processes, software development cycle, key machine learning concepts, contract execution, proposal writing, consulting, or deploying quantitative solutions

The annual cash compensation range for this position is US$185,000 to US$206,000.  Final compensation will be determined based on experience and skills and may vary from the range listed above.