Lead FedRAMP authorization and HITRUST alignment for cloud systems. Create and maintain SSPs, POA&Ms, control mappings, and evidence. Coordinate 3PAO audits, perform risk assessments, continuous monitoring, vulnerability coordination, policy development, and compliance training for engineering and IT teams.
Jorie AI is transforming healthcare operations through intelligent automation, secure cloud solutions, and data-driven insights. As a Compliance Specialist – FedRAMP, you will play a key role in ensuring Jorie’s cloud infrastructure and services meet stringent federal security and compliance standards while maintaining alignment with existing HITRUST and HIPAA
frameworks.
This position requires deep understanding of FedRAMP authorization processes, cloud security compliance, and the integration of HITRUST controls across multi-framework compliance programs. The ideal candidate is proactive, detail-oriented, and comfortable working cross-functionally with IT, security, and audit teams in a fast-paced technology environment.
Key Responsibilities
FedRAMP Compliance Oversight
- Support the implementation and maintenance of Jorie’s FedRAMP authorization program in alignment with agency and customer requirements.
- Develop and maintain FedRAMP System Security Plans (SSP), POA&Ms, and supporting documentation.
- Coordinate with internal IT and cloud engineering teams to ensure continuous compliance of systems within AWS, Azure, or other CSP environments.
- Liaise with 3PAOs (Third-Party Assessment Organizations) and government stakeholders during audits and assessments.
HITRUST and Multi-Framework Alignment
- Ensure consistent control alignment between FedRAMP Moderate/High baselines, HITRUST CSF, and NIST 800-53 frameworks.
- Maintain evidence documentation, control mapping, and compliance matrices for overlapping regulatory programs (HITRUST, SOC 2, HIPAA, PCI).
- Participate in ongoing HITRUST recertification processes, including control review, evidence validation, and policy updates.
- Collaborate with internal and external auditors (e.g., ISP) to ensure accurate reporting and compliance posture visibility.
Risk Management & Continuous Monitoring
- Assist in continuous monitoring of security controls and remediation of POA&M items.
- Conduct risk assessments for cloud systems, vendors, and new integrations impacting the FedRAMP boundary.
- Coordinate vulnerability scans, incident response activities, and configuration management documentation in alignment with FedRAMP and HITRUST requirements.
Policy, Documentation, and Training
- Develop, update, and enforce policies related to data security, cloud compliance, and regulatory reporting.
- Provide compliance guidance and training to engineering, DevOps, and IT personnel involved in the FedRAMP environment.
- Support internal readiness reviews, gap assessments, and compliance roadmap initiatives.
Qualifications
Education
- Bachelor’s degree in Information Security, Computer Science, Compliance, or related field required.
Experience
- 3–6 years of experience in compliance, information security, or risk management.
- At least 2 years of direct experience supporting FedRAMP programs or equivalent government compliance frameworks.
- Hands-on experience with HITRUST CSF certification processes, evidence collection, and auditor coordination.
- Experience working in cloud-based environments (AWS, Azure, or GCP) and familiarity with continuous monitoring tools (Splunk, Qualys, Nessus, etc.).
- Background in healthcare, AI, or SaaS industries strongly preferred.
Skills & Competencies
- In-depth understanding of NIST 800-53, FedRAMP Moderate/High baselines, and HITRUST CSF control mapping.
- Strong knowledge of HIPAA, HITRUST, SOC 2, and ISO 27001 standards.
- Excellent documentation and writing skills — ability to produce and maintain formal compliance deliverables.
- Strong analytical, organizational, and communication skills, with the ability to work across technical and non-technical teams.
- FedRAMP (3PAO) Assessor or equivalent experience
Preferred Certifications
- HITRUST Certified CSF Practitioner (CCSFP) – required
- Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) – preferred
- Certified Information Systems Security Professional (CISSP) – a plus
- Security+ or CCSP (Certified Cloud Security Professional)
Similar Jobs
24 Minutes Ago
Easy Apply
Easy Apply
Legal Tech • Software • Generative AI
Manage deal workflows for new business, renewals, and expansions; review pricing, discounts, contracts, and billing for policy and revenue-recognition alignment; run approval workflows and escalate complex deals; partner with Sales, CS, Finance, Legal, and RevOps; optimize quote-to-cash processes, track deal metrics, and implement AI-powered automation to improve efficiency and scalability.
Top Skills:
Ai-Powered ToolsBi/Reporting ToolsCpq ToolsCrm PlatformsDealhubExcelGoogle SheetsHubspotSalesforce
Legal Tech • Software • Generative AI
Build and own Eve's marketing site and GTM engineering stack: integrate and optimize external tools, design AI agents for sales and marketing, implement webhooks and middleware to sync product/CRM data, and create programmatic campaigns and internal tools in partnership with Marketing, Sales, RevOps, and Product to drive growth and automation.
Top Skills:
Ai AgentsCRMCSSHTMLJavaScriptLlmsMarketing AutomationMiddlewarePythonSQLWebhooks
.png)
Artificial Intelligence • Blockchain • Fintech • Financial Services • Cryptocurrency • NFT • Web3
Design and build machine learning systems for Coinbase, responsibly use generative AI tools and copilots, apply human-in-the-loop practices, and deliver measurable efficiency, cost, and quality improvements while collaborating in a remote-first environment with periodic in-person surges.
Top Skills:
GeminiGenerative AiGleanLibrechat
What you need to know about the San Francisco Tech Scene
San Francisco and the surrounding Bay Area attracts more startup funding than any other region in the world. Home to Stanford University and UC Berkeley, leading VC firms and several of the world’s most valuable companies, the Bay Area is the place to go for anyone looking to make it big in the tech industry. That said, San Francisco has a lot to offer beyond technology thanks to a thriving art and music scene, excellent food and a short drive to several of the country’s most beautiful recreational areas.
Key Facts About San Francisco Tech
- Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Google, Apple, Salesforce, Meta
- Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
- Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
- Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine
