Senior Security Compliance Manager - Public Sector
Dallas, TX
Flexport
Cut costs, automate workflows, reliably move goods, go carbon-neutral, and improve your supply chain from end to end. It all starts here.The Opportunity
Flexport is seeking a dynamic and experienced Public Sector GRC Manager to lead, manage, and drive the growth of our public sector program. In this key role, you will take full ownership of our public sector initiatives and work closely with internal and external stakeholders, including Security, Operations, Engineering, Legal, Finance, and Executive Management. As the Public Sector GRC Manager, you will play a critical part in establishing and scaling our public sector program by conducting comprehensive gap assessments, driving control remediation, and implementing continuous control monitoring mechanisms.
You Will
- Lead and oversee Flexport's public sector program, including the creation and maintenance of the System Security Plan (SSP) and the management of the ConMon initiative.
- Serve as a subject matter expert (SME) on public sector compliance, providing valuable input to Engineering, IT, and various business teams regarding the impact of public sector requirements on product updates, SSP revisions, and relevant processes.
- Leverage your technical expertise and program management skills to meticulously plan, track, collaborate, and report on program deliverables. This includes organizing and leading meetings, assigning and monitoring action items, and preparing comprehensive status reports.
- Provide dedicated support for compliance audits and assessments, including assisting external third-party auditors with evidence collection and upload, supporting auditor interviews, and facilitating thorough walkthroughs of policies, procedures, and relevant compliance and security documentation.
- Establish tailored compliance review processes specific to GRC (Governance, Risk, and Compliance) and conduct security impact analyses. This involves evaluating access management controls, deploying relevant training to applicable users, and mapping technical implementations to the corresponding NIST security controls.
- Collaborate closely with the Engineering team to execute effective continuous monitoring, ensuring the tracking and timely updating of the Plan of Action and Milestones.
- Provide support to the GRC team in handling other important ad hoc tasks as required.
You Should Have
- A Bachelor's Degree in Computer Information Systems or a related field (preferred).
- At least 6 years of experience in security compliance, risk management, IT audit, or information security assurance.
- The ability to quickly grasp new concepts, assimilate knowledge, understand stakeholders' business challenges and risks, and act as a trusted advisor to drive policy adoption and monitor compliance against established policies and standards.
- In-depth familiarity with Federal requirements, such as FedRAMP, CMMC, or NIST 800-171, and the processes involved in obtaining authorization.
- Excellent listening and presentation skills necessary to effectively understand, communicate with, and persuade diverse audiences.
- Strong technical background in cloud security and thorough familiarity with various security controls and their implementation in cloud environments.
- Experience in compliance management and auditing, with a focus on cloud security.
- Exceptional communication abilities to effectively engage with various stakeholders, including technical teams, business leaders, and federal agencies.
- Collaborative skills are crucial for ensuring compliance with Federal requirements by working closely with other teams.
- Demonstrated ability to manage multiple projects simultaneously and effectively prioritize tasks to meet critical deadlines.
- Knowledge of or experience working with Cloud technologies/environments, particularly AWS or other relevant cloud platforms.
- Familiarity with security tools and solutions, such as Firewalls, IPS, Encryption, and security monitoring.
- A proven track record of taking initiative, working independently, and thriving in ambiguous situations.
- Relevant certifications, such as Certified Information Systems Security Professional (CISSP) or other applicable credentials.
About Flexport:
We believe trade can move the human race forward. That’s why it’s our mission to make global trade easy for everyone. Flexport is building the platform for global logistics, empowering buyers, sellers and their logistics partners with the technology and services to grow and innovate. Today, companies of all sizes—from emerging brands to Fortune 500s—use Flexport technology to move more than $10B of merchandise across 112 countries every year.
The recent global supply chain crisis has put Flexport center stage as we continue to play a pivotal role in how goods move around the world. At a valuation of $8 billion, we’re experiencing record growth and are proud to have the support of the best investors in the game who believe in our mission, solutions and people. Ready to tackle global challenges that impact business, society, and the environment? Come join us.
Worried about not having any freight forwarding experience?
Don’t be! Our mission is to make global trade easy for everyone. That’s why it’s important to bring people from diverse backgrounds and experiences together with our industry veterans to help move the global logistics industry forward.
We know this industry is complex. That’s why we invest in education starting day one with Flexport Academy, a one week intensive onboarding program designed specifically to set every new Flexport employee up for success.
At Flexport, our ability to fulfill our mission of making global trade easy for everyone relies on having a diverse, dedicated and engaged workforce. That is why Flexport is committed to creating and nurturing an environment where anyone can be their authentic self. All qualified applicants will receive consideration for employment regardless of race, color, religion, sex, national origin, age, physical and mental disability, health status, marital and family status, sexual orientation, gender identity and expression, military and veteran status, and any other characteristic protected by applicable law.
To learn more about what our tech teams have been up to, head to the Engineering Blog.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS CISSP Cloud CMMC Compliance Encryption FedRAMP Finance Firewalls Governance IPS Monitoring NIST POA&M Risk management Security Impact Analysis System Security Plan
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs