Head of Governance, Risk and Compliance presso undefined

About Constellation

Constellation GovCloud (CGC) is a platform that accelerates compliance with requirements such as FedRAMP, FISMA, CMMC and others.  Once authorized, CGC enables these technology platforms to stay compliant through continuous monitoring and makes these compliant solutions available to end users and partners through a unique cloud marketplace.  

About this role 

CGC is seeking an experienced Director of Governance, Risk, and Compliance (GRC) to lead and mature our compliance programs in support of our secure cloud platform. This role will be responsible for maintaining our existing FedRAMP Moderate authorization, advancing to FedRAMP High/IL4, and executing our roadmap toward FedRAMP “20x” expansion. The GRC Director will also play a central role in onboarding Independent Software Vendors (ISVs) into our platform, ensuring compliance requirements are integrated effectively across security and engineering teams.

At Constellation GovCloud, you will be responsible for:

• FedRAMP Authorization Management
  • Maintain and oversee day-to-day compliance for our FedRAMP Moderate authorization.
  • Lead initiatives to achieve and maintain FedRAMP High/IL4 authorization.
  • Drive strategic planning and execution toward FedRAMP “20x” expansion.
• ISV Onboarding & Authorization
  • Develop and manage compliance onboarding processes for ISVs integrating into the CGC platform.
  • Successfully ensure ISV authorizations through the FedRAMP Significant Change process in a timely fashion.
  • Provide expert guidance to ISVs on FedRAMP requirements, documentation, and risk management expectations.
• Cross-Functional Leadership
  • Partner with the Security Operations team on control implementation, monitoring, and incident response.
  • Collaborate with Engineering teams to ensure compliance requirements are embedded in design and operations.
  • Act as a compliance subject matter expert for internal stakeholders and external auditors/3PAOs.
• Regulatory Expertise & Change Management
  • Stay current on evolving FedRAMP requirements, NIST publications, and related federal security standards.
  • Anticipate and communicate the impact of regulatory changes to leadership and stakeholders.
  • Update policies, processes, and documentation accordingly.
• Risk & Compliance Oversight
  • Manage risk assessments, security authorization packages, and continuous monitoring artifacts.
  • Ensure timely reporting of compliance status, risks, and mitigation plans to leadership.
  • Represent CGC in auditor, customer, and regulator engagements.

The Director of GRC will be measured by their ability to:

• Sustain CGC’s FedRAMP Moderate ATO with zero lapses.
• Deliver FedRAMP High/IL4 authorization on schedule.
• Successfully build and execute the roadmap toward FedRAMP “20x.”
• Successfully ensure ISV authorizations through the FedRAMP Significant Change process in a timely fashion.

We’re looking for someone who has the following:

• Required:
  • 5+ years in compliance, risk management, or governance roles, with at least 3 years in a leadership position.
  • Deep experience with FedRAMP (Moderate and High), NIST 800-53, and U.S. government cloud compliance.
  • Strong track record leading cross-functional compliance programs in cloud or SaaS environments.
  • Excellent communication and stakeholder management skills.
  • MUST BE A US CITIZEN
• Preferred:
  • Experience working directly with 3PAOs, government customers, and ISVs.
  • Familiarity with IL4, IL5, or DoD SRG requirements.
  • Hands-on exposure to risk assessment, audit preparation, and compliance automation tooling.
  • Certifications such as CISSP, CISM, CISA, or comparable GRC credentials.

BENEFITS AND PERKS:

At CGC, we want to empower and inspire employees to be and do their best. Workdays are dynamic, collegial, and fun. Our office features multiple places to work unconstrained by typical office barriers. Our wellness package provides access to an on-site gym and includes medical, dental, and vision insurance along with options for FSA and EAP. We offer 401(k) with employer match, unlimited PTO, and a culture respectful of the reality that not everything in one's personal life is guaranteed to happen only after hours.

Merlin International, Inc. does not discriminate based on race, color, religion, national origin, sex, sexual orientation, gender identity, age, genetic information, disability, veteran status, or any other status protected by applicable law or regulation. It is our intention that all qualified applicants be given equal opportunity and that selection decisions be based on job-related factors.