Lead FedRAMP authorization and HITRUST alignment for cloud systems. Create and maintain SSPs, POA&Ms, control mappings, and evidence. Coordinate 3PAO audits, perform risk assessments, continuous monitoring, vulnerability coordination, policy development, and compliance training for engineering and IT teams.
Jorie AI is transforming healthcare operations through intelligent automation, secure cloud solutions, and data-driven insights. As a Compliance Specialist – FedRAMP, you will play a key role in ensuring Jorie’s cloud infrastructure and services meet stringent federal security and compliance standards while maintaining alignment with existing HITRUST and HIPAA
frameworks.
This position requires deep understanding of FedRAMP authorization processes, cloud security compliance, and the integration of HITRUST controls across multi-framework compliance programs. The ideal candidate is proactive, detail-oriented, and comfortable working cross-functionally with IT, security, and audit teams in a fast-paced technology environment.
Key Responsibilities
FedRAMP Compliance Oversight
- Support the implementation and maintenance of Jorie’s FedRAMP authorization program in alignment with agency and customer requirements.
- Develop and maintain FedRAMP System Security Plans (SSP), POA&Ms, and supporting documentation.
- Coordinate with internal IT and cloud engineering teams to ensure continuous compliance of systems within AWS, Azure, or other CSP environments.
- Liaise with 3PAOs (Third-Party Assessment Organizations) and government stakeholders during audits and assessments.
HITRUST and Multi-Framework Alignment
- Ensure consistent control alignment between FedRAMP Moderate/High baselines, HITRUST CSF, and NIST 800-53 frameworks.
- Maintain evidence documentation, control mapping, and compliance matrices for overlapping regulatory programs (HITRUST, SOC 2, HIPAA, PCI).
- Participate in ongoing HITRUST recertification processes, including control review, evidence validation, and policy updates.
- Collaborate with internal and external auditors (e.g., ISP) to ensure accurate reporting and compliance posture visibility.
Risk Management & Continuous Monitoring
- Assist in continuous monitoring of security controls and remediation of POA&M items.
- Conduct risk assessments for cloud systems, vendors, and new integrations impacting the FedRAMP boundary.
- Coordinate vulnerability scans, incident response activities, and configuration management documentation in alignment with FedRAMP and HITRUST requirements.
Policy, Documentation, and Training
- Develop, update, and enforce policies related to data security, cloud compliance, and regulatory reporting.
- Provide compliance guidance and training to engineering, DevOps, and IT personnel involved in the FedRAMP environment.
- Support internal readiness reviews, gap assessments, and compliance roadmap initiatives.
Qualifications
Education
- Bachelor’s degree in Information Security, Computer Science, Compliance, or related field required.
Experience
- 3–6 years of experience in compliance, information security, or risk management.
- At least 2 years of direct experience supporting FedRAMP programs or equivalent government compliance frameworks.
- Hands-on experience with HITRUST CSF certification processes, evidence collection, and auditor coordination.
- Experience working in cloud-based environments (AWS, Azure, or GCP) and familiarity with continuous monitoring tools (Splunk, Qualys, Nessus, etc.).
- Background in healthcare, AI, or SaaS industries strongly preferred.
Skills & Competencies
- In-depth understanding of NIST 800-53, FedRAMP Moderate/High baselines, and HITRUST CSF control mapping.
- Strong knowledge of HIPAA, HITRUST, SOC 2, and ISO 27001 standards.
- Excellent documentation and writing skills — ability to produce and maintain formal compliance deliverables.
- Strong analytical, organizational, and communication skills, with the ability to work across technical and non-technical teams.
- FedRAMP (3PAO) Assessor or equivalent experience
Preferred Certifications
- HITRUST Certified CSF Practitioner (CCSFP) – required
- Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) – preferred
- Certified Information Systems Security Professional (CISSP) – a plus
- Security+ or CCSP (Certified Cloud Security Professional)
Similar Jobs
Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
Manage and grow strategic partnerships with Presidio and Trace3 by developing and executing joint GTM plans, coordinating cross-functional enablement and marketing, leveraging investments to maximize ROI, aligning with sales leadership, and using data-driven insights to drive partner-sourced revenue and brand elevation.
Machine Learning • Payments • Security • Software • Financial Services
Lead and manage engineering teams building scalable, low-latency fraud detection systems. Drive system design, performance optimization, streaming/event-driven data platforms, Agile delivery, regulatory compliance, and talent development while partnering with product and risk stakeholders to improve automation and platform reliability.
Top Skills:
Data Management Platform (Dmp)Distributed SystemsEvent-Driven ArchitectureHigh-Throughput SystemsLow-Latency SystemsRule EnginesStreaming
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Lead and transform the strategic global partnership with Wipro, driving revenue, pipeline, and co-innovation. Architect AI-led joint GTM, multi-directional ecosystem strategies, joint business plans, and governance. Influence senior executives, align cross-functional teams, and deliver scalable co-created solutions and new business models to accelerate ServiceNow growth.
Top Skills:
AIAutomationDataServicenow
What you need to know about the Seattle Tech Scene
Home to tech titans like Microsoft and Amazon, Seattle punches far above its weight in innovation. But its surrounding mountains, sprinkled with world-famous hiking trails and climbing routes, make the city a destination for outdoorsy types as well. Established as a logging town before shifting to shipbuilding and logistics, the Emerald City is now known for its contributions to aerospace, software, biotech and cloud computing. And its status as a thriving tech ecosystem is attracting out-of-town companies looking to establish new tech and engineering hubs.
Key Facts About Seattle Tech
- Number of Tech Workers: 287,000; 13% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Amazon, Microsoft, Meta, Google
- Key Industries: Artificial intelligence, cloud computing, software, biotechnology, game development
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Madrona, Fuse, Tola, Maveron
- Research Centers and Universities: University of Washington, Seattle University, Seattle Pacific University, Allen Institute for Brain Science, Bill & Melinda Gates Foundation, Seattle Children’s Research Institute
