×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Governance, Risk and Compliance Manager; Hybrid

Job in Columbia, Howard County, Maryland, 21046, USA
Listing for: FEI Systems
Full Time position
Listed on 2026-03-12
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below
Position: Governance, Risk and Compliance Manager (Hybrid)

At FEI Systems, we create innovative technology solutions to improve the delivery of health and human services because we know when cumbersome administrative processes stand in the way, those who need it most are often left without access to proper care and support. From comprehensive case management software to disaster recovery services and content management information systems used in delivering foreign aid, our solutions are improving the lives of millions of people.

All candidates will be required to complete at least one in‑person interview as part of our hiring process. Position Summary

We are seeking a highly skilled Governance, Risk and Compliance Manager to manage the implementation, assessment, and continuous monitoring of security controls in alignment with the NIST Risk Management Framework (RMF). This role is hands‑on and requires close collaboration with system owners, control owners, client liaisons, and external assessors to ensure that our information systems remain secure, compliant, and resilient. Additionally, this position leads FEI’s Internal Audit program.

The position requires experience with AICPA SOC 2 Type 2 audits. This role will focus on ensuring FEI’s product lines meet all five Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy) by managing evidence gathering, maintaining documentation, facilitating internal reviews, and communicating between internal teams and external auditors.

Duties and Responsibilities
  • Design and maintain a comprehensive Governance, Risk and Compliance program that addresses relevant regulatory requirements and industry best practices.
  • Develop and update policies, procedures, and controls to reflect current regulations and organizational needs.
  • Create and maintain a compliance risk assessment framework to identify, evaluate, and prioritize compliance risks.
  • Plan and manage compliance‑related assignments for one or more programs/customers.
  • Serve as the primary point of contact for the customer relative to matters of information security.
  • Develop, review, and maintain RMF documentation, including SSPs, POA&Ms, Risk Assessments, Contingency Plans, and Continuous Monitoring Plans.
  • Collaborate with internal control owners to ensure technical security controls are correctly configured and operational.
  • Map implemented security and privacy controls to industry frameworks (e.g., NIST SP 800-53 Rev. 5, SAE 18, ISO 27000).
  • Manage completion of Security Control Assessments (SCA) to include evidence validation and remediation tracking.
  • Manage external security audits, responding to findings and implementing improvements.
  • Work with assessors to resolve findings and close gaps in compliance.
  • Update POA&Ms with mitigation plans, timelines, and status updates.
  • Monitor security controls and maintain ongoing situational awareness of compliance posture.
  • Lead the preparation of compliance reports and security metrics for leadership and stakeholders.
  • Maintain knowledge of evolving NIST standards, federal security requirements, and related frameworks (e.g., FedRAMP, FISMA).
  • Manage the coordination and maintenance of the SOC 2 audit project plan, timelines, and deliverables.
  • Partner with process owners to gather, review, and organize audit evidence for all five Trust Services Criteria.
  • Collaborate with engineering, IT, HR, legal, and operations teams to obtain control evidence (e.g., policies, procedures, system logs, training records).
  • Ensure evidence meets auditor requirements in both content and format.
  • Maintain a centralized repository for SOC 2 documentation, ensuring security and confidentiality.
  • Assist in monitoring and maintaining SOC 2 controls across all trust service categories.
  • Track and follow up on remediation actions for identified gaps or deficiencies.
  • Support control owners in understanding control requirements and implementation best practices.
  • Serve as primary point of contact for auditor questions during the engagement.
  • Coordinate audit interviews and walkthroughs with relevant stakeholders.
  • Monitor and respond to auditor requests in a timely manner.
  • Support the review of the auditor’s draft report for accuracy and…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search