This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description As a member of the Cyber Security group, the IT Risk and Compliance Analyst I is responsible for supporting the organization’s IT risk management, third-party risk management, and compliance efforts. - Assist in identifying, assessing, and mitigating IT-related risks while ensuring compliance with relevant laws, regulations, and industry standards. - Collaborate with IT and other business departments to evaluate IT controls in the context of PCI and NIST standards. - Perform comprehensive enterprise-wide IT risk assessments and audits, collaborating cross-functionally to identify, prioritize, and mitigate cyber risks and compliance issues. - Develop, implement, and maintain robust IT security policies, procedures, and controls aligned with organizational objectives, industry frameworks (e.g., NIST 800-53), and regulatory requirements (e.g., PCI DSS). - Design and execute engaging security awareness training programs and campaigns to cultivate a security-minded culture. - Create and maintain documentation related to IT risk and compliance activities. - Continuously monitor and evaluate emerging IT risks, regulatory changes, and industry trends to proactively adapt security and compliance controls. - Conduct third-party cyber risk assessments, ensuring vendors and partners align with core cyber and compliance standards. - Establish and maintain a comprehensive risk register, identifying, assessing, and mitigating IT security risks to enhance organizational resilience. - Provide expert guidance to stakeholders on interpreting and implementing company standards and regulatory requirements. - Complete inbound VSQs, RFPs, and RFIs, ensuring comprehensive and timely responses. - Other non-essential duties as assigned or may be necessary. Qualifications - Comprehensive knowledge of industry standards, frameworks (e.g., NIST-CSF), and regulatory requirements (e.g., PCI DSS). - Experience with Governance, Risk, and Compliance (GRC) tools. - Demonstrated experience in policy and procedure development. - Demonstrated experience in conducting risk assessments, audits, and developing mitigation strategies. - Ability to stay current with evolving cybersecurity threats, industry trends, and regulatory changes, applying this knowledge to enhance organizational security posture. - Detail-oriented with strong organization, prioritization, and time management skills. - Critical thinking, ability to analyze complex IT risk and compliance challenges. - Proven ability to work collaboratively in cross-functional teams and build strong relationships with various stakeholders across the organization. - Strong communication skills to effectively interact with internal and external partners at all levels to resolve issues and provide solutions. - Intermediate to advanced proficiency in Microsoft Office suite, including Word, Excel, and PowerPoint. - Professional certifications such as CISA, CRISC, GCCC, GSEC, CGRC, or similar - preferred. Requirements - 3+ years of experience in IT risk management, compliance, information security, or similar roles. - Prior experience with NIST CSF, PCI DSS, or similar audits. Benefits - Comprehensive medical benefits coverage, dental plans, and vision coverage. - Health care and dependent care spending accounts. - Short- and long-term disability. - Life insurance and accidental death & dismemberment insurance. - Employee and Family Assistance Program (EAP). - Employee discount programs. - Retirement plan with a generous company match. - Employee Stock Purchase Plan (ESPP). - Paid Time Off (PTO).

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description Due to growth, we are adding headcount! Our Principal, Business and Regulatory Strategy will be the liaison between legal and our provider services team using superior knowledge of PBM regulatory requirements to align them with our payables and reimbursement strategies. The Principal, Business and Regulatory Strategy is for driving business solutions and readiness that aligns with regulatory transformation and requirements. Acting as a connective tissue between Compliance, Legal, Product, Technology, Operations, and the business unit, this role translates the interpretation of statutes from the Legal team including rules, guidance, and standards into actionable work, and facilitates durable, risk‑right solutions. The role partners closely with Legal on interpretation, drives cross‑functional implementation plans, designs and validates controls, and ensures sustainable adherence for Medicare, Medicaid/State programs, Exchange/Commercial, privacy & security, auditing/monitoring, and related accreditation obligations. Responsibilities - Drive cross‑functional operational requirements and implementation (scope, milestones, owners, dependencies, and success criteria) spanning Product, Operations, Technology, and Customer Success. - Coordinating complex pharmacy benefits relationships through operational and contract understanding, inter-entity dynamics, and reimbursement structures and strategies. - Facilitate solution design to reflect regulatory intent and operational practicality. - Manage traceability from requirement to control to process/tech change to evidence. - Define/validate preventive & detective controls; align with policies, standards, and procedures. - Establish accompanying fit‑for‑purpose evidence models (reports, dashboards, logs, audit trails) and/or testing protocols to demonstrate ongoing adherence to regulatory requirements. - Ensure policies, procedures, desk‑level work instructions, and training are updated prior to effective dates. - Coordinate change readiness and adoption with affected teams including recommending content relevant to client impact and experience. - Exercise authority to gate/hold releases when regulatory or control gaps create material risk, escalating through leadership as needed. - Sign‑off authority on control adequacy and evidence sufficiency for go‑live operational readiness. - Monitor reduction in post‑go‑live defects and implement root cause analysis or defect remediation plans supportive of the regulatory environment. - Other duties as assigned. Qualifications - Bachelor’s degree in business, or other directly applicable field, or equivalent work experience, required. - 10+ years’ experience in healthcare/health plan/PBM regulatory compliance, pharmacy operations management, regulatory operations, or operational implementation required. - Demonstrated success leading cross‑functional regulatory change. - Ability to translate regulatory text into practical requirements, contractual implications and control designs; strong partnership with Legal and technical/operational teams. - Proficiency with risks, issues, testing, and evidence advanced communication, facilitation, and influence skills across executive to front‑line levels. - Strong knowledge of pharmacy contracting and/or pharmacy benefits regulatory requirements. - Proven ability to lead cross-functional teams and influence senior stakeholders. - Participate in, adhere to, and support compliance program objectives. - The ability to consistently interact cooperatively and respectfully with other employees. Benefits - Top of the industry benefits for Health, Dental, and Vision insurance. - 20 days paid time off. - 4 weeks paid parental leave. - 9 paid holidays. - 401K company match of up to 5% - No vesting requirement. - Adoption Assistance Program. - Flexible Spending Account. - Educational Assistance Plan and Professional Membership assistance. - Referral Bonus Program – up to $750!

Requisition Number: 2347055 Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. Optum Financial is a health care FinTech organization transforming how care is financed and paid for, using technology and innovation to make health care more affordable, accessible, and efficient for millions of consumers, employers, and partners. The work you do with our Compliance team plays a critical role in safeguarding our members, clients, and the enterprise by ensuring adherence to financial services laws, regulatory expectations, and ethical standards. This Compliance Consultant role will help Optum Financial prevent, detect, and correct compliance risk by strengthening governance, monitoring, and issue management across the business. Here, you will find a culture grounded in integrity, collaboration, and accountability, working alongside talented peers committed to proactive risk management and continuous improvement. Come make an impact as you help strengthen trust, protect consumers, and advance regulatory excellence across Optum Financial-while supporting our mission to help people live healthier lives. You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week. Primary Responsibilities: - Compliance Governance & Program Support - Assist with the development, maintenance, and implementation of Optum Financial compliance policies, standards and standard operating procedures - Support compliance training governance activities including training content maintenance and oversight of training completion - Contribute to compliance risk assessments and regulatory change reviews by gathering information, documenting impacts, and supporting analysis - Help ensure compliance documentation remains current and well organized - Compliance Testing, Monitoring & Issue Management - Execute risk-based compliance testing and monitoring activities under the direction of Compliance leadership - Assist in developing testing workpapers, documenting results, and summarizing findings in a clear and defensible manner - Support issue management activities including tracking, validating, and documenting remediation of corrective action plans - Maintain accurate records and evidence to support internal reviews, audits, and regulatory examinations - Compliance Advisory & Regulatory Support - Support financial crimes compliance activities (e.g., Anti-Money Laundering (AML), Sanctions) by assisting with risk assessments, compliance framework, escalation / alert reviews, and advisory support as needed - Support compliance advisory activities by partnering with business teams on compliance questions, emerging risks and regulatory interpretation - Assist in researching regulatory requirements and documenting risk and decisioning in memo or briefing format - Escalate potential compliance concerns and emerging risks appropriately, supporting informed decision-making You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. Required Qualifications: - 3+ years of experience in banking compliance, financial crimes compliance, or a related financial legal and compliance function - Experience supporting compliance testing, monitoring and/or risk assessments - General understanding of US banking regulations, including financial crimes and sanctions compliance - Demonstrated analytical, writing, and communication skills - Proven attention to detail with a demonstrated sense of ownership and accountability - Demonstrated ability to manage multiple priorities in a fast-paced environment Preferred Qualifications: - Professional compliance certification (e.g., CRCM, ACAMS, CFE, or similar) - Experience within a bank, regulated fintech, or financial institution - Experience working with compliance technology tools (e.g., case management systems, transaction monitoring, sanctions screening, regulatory change management tools) - Experience supporting regulatory exams or external audits *All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $91,700 to $163,700 annually based on full-time employment. We comply with all minimum wage laws as applicable. Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants. At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.

<p class="MsoNormal" style="margin-bottom: 0in;"><strong>FedRAMP Advisory &amp; Compliance Specialist/Lead (1099) (RegScale-Enabled)</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Position Overview</strong></p><p class="MsoNormal" style="margin-bottom: 0in;">The FedRAMP Advisory &amp; Compliance Specialist supports cloud service providers and federal partners in achieving and maintaining FedRAMP authorization through automated, scalable governance, risk, and compliance (GRC) solutions. This role provides expertise across the entire FedRAMP lifecycle, including readiness assessments, authorization package development, audit preparation, and continuous monitoring operations.</p><p class="MsoNormal" style="margin-bottom: 0in;">The position leverages modern compliance automation platforms, including RegScale, to implement machine-readable compliance artifacts, automated validation processes, and continuous monitoring capabilities that streamline authorization and reduce long-term compliance overhead.</p><p class="MsoNormal" style="margin-bottom: 0in;">C2Labs_FedRAMP Advisory Service&hellip;</p><p class="MsoNormal" style="margin-bottom: 0in;">&nbsp;</p><p class="MsoNormal"><span style="text-decoration: underline;"><strong style="mso-bidi-font-weight: normal;">******Engagement Type: </strong>1099 Independent Contractor (Remote; part-time to full-time as project demand requires)</span></p><p class="MsoNormal" style="margin-bottom: 0in;">&nbsp;</p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Key Responsibilities</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>FedRAMP Authorization &amp; Compliance</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l5 level1 lfo1; tab-stops: list .5in;">Support cloud service providers in achieving FedRAMP authorization through advisory services aligned with federal regulatory frameworks.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l5 level1 lfo1; tab-stops: list .5in;">Develop and maintain authorization artifacts including:</li><ul style="margin-top: 0in;" type="circle"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l5 level2 lfo1; tab-stops: list 1.0in;">System Security Plans (SSP)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l5 level2 lfo1; tab-stops: list 1.0in;">Security Assessment Plans (SAP)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l5 level2 lfo1; tab-stops: list 1.0in;">Security Assessment Reports (SAR)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l5 level2 lfo1; tab-stops: list 1.0in;">Plans of Action and Milestones (POA&amp;M)</li></ul><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l5 level1 lfo1; tab-stops: list .5in;">Assist in implementing automation-first compliance models aligned with FedRAMP modernization initiatives.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l5 level1 lfo1; tab-stops: list .5in;">Ensure security controls align with NIST 800-53 and FedRAMP security requirements.</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Security Documentation &amp; Artifact Development</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l8 level1 lfo2; tab-stops: list .5in;">Develop comprehensive system documentation including system descriptions, authorization boundaries, and network/data flow diagrams.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l8 level1 lfo2; tab-stops: list .5in;">Identify and catalog supporting evidence for security control validation.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l8 level1 lfo2; tab-stops: list .5in;">Map controls and responsibilities using Customer Responsibility Matrices (CRM) and Control Implementation Summaries (CIS).</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l8 level1 lfo2; tab-stops: list .5in;">Maintain traceability between policies, controls, and evidence repositories.</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Gap Analysis &amp; Compliance Readiness</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l7 level1 lfo3; tab-stops: list .5in;">Conduct FedRAMP readiness assessments and documentation reviews.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l7 level1 lfo3; tab-stops: list .5in;">Perform gap analyses against FedRAMP control requirements and compliance templates.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l7 level1 lfo3; tab-stops: list .5in;">Evaluate system architecture, vulnerability management processes, and encryption mechanisms.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l7 level1 lfo3; tab-stops: list .5in;">Develop remediation roadmaps to address compliance gaps.</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Security Control Assessment &amp; Validation</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l9 level1 lfo4; tab-stops: list .5in;">Perform internal control assessments to evaluate security control implementation.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l9 level1 lfo4; tab-stops: list .5in;">Validate compliance evidence against FedRAMP requirements.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l9 level1 lfo4; tab-stops: list .5in;">Document control deficiencies and track remediation activities.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l9 level1 lfo4; tab-stops: list .5in;">Support pre-audit preparation and third-party assessment organization (3PAO) engagement readiness.</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Continuous Monitoring &amp; Operational Compliance</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l13 level1 lfo5; tab-stops: list .5in;">Establish automated continuous monitoring (ConMon) processes to maintain authorization status.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l13 level1 lfo5; tab-stops: list .5in;">Monitor security posture through integration with vulnerability scanning tools and security platforms.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l13 level1 lfo5; tab-stops: list .5in;">Track configuration drift, vulnerabilities, and security control degradation.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l13 level1 lfo5; tab-stops: list .5in;">Generate and maintain continuous monitoring reports for agency review.</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Compliance Automation &amp; GRC Platform Integration</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l4 level1 lfo6; tab-stops: list .5in;">Implement and manage compliance activities using GRC automation platforms such as RegScale.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l4 level1 lfo6; tab-stops: list .5in;">Configure automated control baselines and compliance workflows.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l4 level1 lfo6; tab-stops: list .5in;">Maintain centralized evidence libraries and artifact repositories.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l4 level1 lfo6; tab-stops: list .5in;">Generate machine-readable compliance artifacts using OSCAL standards.</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Risk Management &amp; Remediation</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l2 level1 lfo7; tab-stops: list .5in;">Develop and maintain POA&amp;M remediation plans.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l2 level1 lfo7; tab-stops: list .5in;">Track remediation progress and report compliance posture to stakeholders.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l2 level1 lfo7; tab-stops: list .5in;">Support risk assessments and issue tracking through automated compliance dashboards.</li></ul><p class="MsoNormal" style="margin-bottom: 0in;">&nbsp;</p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Core Skills &amp; Expertise</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Regulatory &amp; Compliance Frameworks</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l1 level1 lfo8; tab-stops: list .5in;">FedRAMP Authorization Framework</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l1 level1 lfo8; tab-stops: list .5in;">NIST Risk Management Framework (RMF)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l1 level1 lfo8; tab-stops: list .5in;">NIST SP 800-53 Security Controls</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l1 level1 lfo8; tab-stops: list .5in;">Continuous Authorization &amp; Continuous Monitoring</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l1 level1 lfo8; tab-stops: list .5in;">Federal cloud security compliance</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Security Documentation &amp; Authorization Artifacts</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l12 level1 lfo9; tab-stops: list .5in;">System Security Plans (SSP)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l12 level1 lfo9; tab-stops: list .5in;">Security Assessment Plans (SAP)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l12 level1 lfo9; tab-stops: list .5in;">Security Assessment Reports (SAR)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l12 level1 lfo9; tab-stops: list .5in;">Plan of Action &amp; Milestones (POA&amp;M)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l12 level1 lfo9; tab-stops: list .5in;">Customer Responsibility Matrix (CRM)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l12 level1 lfo9; tab-stops: list .5in;">Control Implementation Statements</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>GRC &amp; Compliance Tools</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l3 level1 lfo10; tab-stops: list .5in;">RegScale (Compliance Automation Platform)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l3 level1 lfo10; tab-stops: list .5in;">OSCAL-based machine-readable compliance artifacts</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l3 level1 lfo10; tab-stops: list .5in;">Vulnerability scanning integrations (e.g., Tenable, Qualys)</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l3 level1 lfo10; tab-stops: list .5in;">Compliance evidence management systems</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Cybersecurity &amp; Risk Management</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l0 level1 lfo11; tab-stops: list .5in;">Security control validation and testing</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l0 level1 lfo11; tab-stops: list .5in;">Vulnerability management</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l0 level1 lfo11; tab-stops: list .5in;">Security architecture review</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l0 level1 lfo11; tab-stops: list .5in;">Configuration management</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l0 level1 lfo11; tab-stops: list .5in;">Encryption and FIPS compliance</li></ul><p class="MsoNormal" style="margin-bottom: 0in;"><strong>&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Continuous Monitoring &amp; Reporting</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l11 level1 lfo12; tab-stops: list .5in;">Automated compliance monitoring</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l11 level1 lfo12; tab-stops: list .5in;">Security telemetry integration</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l11 level1 lfo12; tab-stops: list .5in;">Real-time compliance dashboards</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l11 level1 lfo12; tab-stops: list .5in;">Audit readiness reporting</li></ul><p class="MsoNormal" style="margin-bottom: 0in;">&nbsp;</p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Key Capabilities</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l6 level1 lfo13; tab-stops: list .5in;">FedRAMP readiness and authorization acceleration</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l6 level1 lfo13; tab-stops: list .5in;">Compliance automation and platform-driven validation</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l6 level1 lfo13; tab-stops: list .5in;">Continuous monitoring program development</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l6 level1 lfo13; tab-stops: list .5in;">Security control assessment and validation</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l6 level1 lfo13; tab-stops: list .5in;">Regulatory documentation development</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l6 level1 lfo13; tab-stops: list .5in;">Evidence-based compliance management</li></ul><p class="MsoNormal" style="margin-bottom: 0in;">&nbsp;</p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>Business Impact</strong></p><ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l10 level1 lfo14; tab-stops: list .5in;">Accelerates FedRAMP authorization timelines through automation and expert advisory services.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l10 level1 lfo14; tab-stops: list .5in;">Reduces long-term compliance costs by transforming static documentation processes into continuous validation models.</li><li class="MsoNormal" style="margin-bottom: 0in; mso-list: l10 level1 lfo14; tab-stops: list .5in;">Enables organizations to maintain an <strong>audit-ready security posture</strong> while scaling cloud services within federal environments.</li></ul><p class="MsoNormal" style="margin-bottom: 0in;">&nbsp;</p><p class="MsoNormal" style="margin-bottom: 0in;"><strong>EOE Statement&nbsp;</strong></p><p class="MsoNormal" style="margin-bottom: 0in;">We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race, color, religion, sex, national origin, age, disability, or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen.</p>