Senior Security Compliance Manager - Public Sector

The Opportunity

Flexport is seeking a dynamic and experienced Public Sector GRC Manager to lead, manage, and drive the growth of our public sector program. In this key role, you will take full ownership of our public sector initiatives and work closely with internal and external stakeholders, including Security, Operations, Engineering, Legal, Finance, and Executive Management. As the Public Sector GRC Manager, you will play a critical part in establishing and scaling our public sector program by conducting comprehensive gap assessments, driving control remediation, and implementing continuous control monitoring mechanisms.

You Will

• Lead and oversee Flexport's public sector program, including the creation and maintenance of the System Security Plan (SSP) and the management of the ConMon initiative.
• Serve as a subject matter expert (SME) on public sector compliance, providing valuable input to Engineering, IT, and various business teams regarding the impact of public sector requirements on product updates, SSP revisions, and relevant processes.
• Leverage your technical expertise and program management skills to meticulously plan, track, collaborate, and report on program deliverables. This includes organizing and leading meetings, assigning and monitoring action items, and preparing comprehensive status reports.
• Provide dedicated support for compliance audits and assessments, including assisting external third-party auditors with evidence collection and upload, supporting auditor interviews, and facilitating thorough walkthroughs of policies, procedures, and relevant compliance and security documentation.
• Establish tailored compliance review processes specific to GRC (Governance, Risk, and Compliance) and conduct security impact analyses. This involves evaluating access management controls, deploying relevant training to applicable users, and mapping technical implementations to the corresponding NIST security controls.
• Collaborate closely with the Engineering team to execute effective continuous monitoring, ensuring the tracking and timely updating of the Plan of Action and Milestones.
• Provide support to the GRC team in handling other important ad hoc tasks as required.

You Should Have

• A Bachelor's Degree in Computer Information Systems or a related field (preferred).
• At least 6 years of experience in security compliance, risk management, IT audit, or information security assurance.
• The ability to quickly grasp new concepts, assimilate knowledge, understand stakeholders' business challenges and risks, and act as a trusted advisor to drive policy adoption and monitor compliance against established policies and standards.
• In-depth familiarity with Federal requirements, such as FedRAMP, CMMC, or NIST 800-171, and the processes involved in obtaining authorization.
• Excellent listening and presentation skills necessary to effectively understand, communicate with, and persuade diverse audiences.
• Strong technical background in cloud security and thorough familiarity with various security controls and their implementation in cloud environments.
• Experience in compliance management and auditing, with a focus on cloud security.
• Exceptional communication abilities to effectively engage with various stakeholders, including technical teams, business leaders, and federal agencies.
  • Collaborative skills are crucial for ensuring compliance with Federal requirements by working closely with other teams.
• Demonstrated ability to manage multiple projects simultaneously and effectively prioritize tasks to meet critical deadlines.
• Knowledge of or experience working with Cloud technologies/environments, particularly AWS or other relevant cloud platforms.
• Familiarity with security tools and solutions, such as Firewalls, IPS, Encryption, and security monitoring.
• A proven track record of taking initiative, working independently, and thriving in ambiguous situations.
• Relevant certifications, such as Certified Information Systems Security Professional (CISSP) or other applicable credentials.

About Flexport:

We believe trade can move the human race forward. That’s why it’s our mission to make global trade easy for everyone. Flexport is building the platform for global logistics, empowering buyers, sellers and their logistics partners with the technology and services to grow and innovate. Today, companies of all sizes—from emerging brands to Fortune 500s—use Flexport technology to move more than $10B of merchandise across 112 countries every year. 

The recent global supply chain crisis has put Flexport center stage as we continue to play a pivotal role in how goods move around the world. At a valuation of $8 billion, we’re experiencing record growth and are proud to have the support of the best investors in the game who believe in our mission, solutions and people. Ready to tackle global challenges that impact business, society, and the environment? Come join us.

Worried about not having any freight forwarding experience?

Don’t be! Our mission is to make global trade easy for everyone. That’s why it’s important to bring people from diverse backgrounds and experiences together with our industry veterans to help move the global logistics industry forward.

We know this industry is complex. That’s why we invest in education starting day one with Flexport Academy, a one week intensive onboarding program designed specifically to set every new Flexport employee up for success. 

At Flexport, our ability to fulfill our mission of making global trade easy for everyone relies on having a diverse, dedicated and engaged workforce. That is why Flexport is committed to creating and nurturing an environment where anyone can be their authentic self. All qualified applicants will receive consideration for employment regardless of race, color, religion, sex, national origin, age, physical and mental disability, health status, marital and family status, sexual orientation, gender identity and expression, military and veteran status, and any other characteristic protected by applicable law.

To learn more about what our tech teams have been up to, head to the Engineering Blog.