Governance, Risk and Compliance Manager (Hybrid)
Company: Fei.com, Inc.
Location: Columbia
Posted on: February 22, 2026
|
|
|
Job Description:
Job Description Job Description At FEI Systems, we create
innovative technology solutions to improve the delivery of health
and human services because we know when cumbersome administrative
processes stand in the way, those who need it most are often left
without access to proper care and support. From comprehensive case
management software to disaster recovery services and content
management information systems used in delivering foreign aid, our
solutions are improving the lives of millions of people. We’re
looking for a Governance, Risk and Compliance Manager who shares
our commitment to leveraging technology to make a real impact in
the world – a professional who knows, beyond all else, that the
quality of our products and services is only as good as the company
we keep. Position Summary: We are seeking a highly skilled
Governance, Risk and Compliance Manager to manage the
implementation, assessment, and continuous monitoring of security
controls in alignment with the NIST Risk Management Framework
(RMF). This role is hands-on and requires close collaboration with
system owners, control owners, client liaisons, and external
assessors to ensure that our information systems remain secure,
compliant, and resilient. Additionally, this position leads FEI’s
Internal Audit program. This position requires experience with
AICPA SOC 2 Type 2 audits. This role will focus on ensuring FEI’s
product lines meet all five Trust Services Criteria (Security,
Availability, Processing Integrity, Confidentiality, and Privacy)
by managing evidence gathering, maintaining documentation,
facilitating internal reviews, and communication between internal
teams and external auditors. Duties and Responsibilities: Design
and maintain a comprehensive Governance, Risk and Compliance
program that addresses relevant regulatory requirements and
industry best practices. Develop and update policies, procedures,
and controls to reflect current regulations and organizational
needs. Create and maintain a compliance risk assessment framework
to identify, evaluate, and prioritize compliance risks. Plan and
manage compliance-related assignments for one or more
programs/customers. Serve as the primary point of contact for the
customer relative to matters of information security. Develop,
review, and maintain RMF documentation, including SSPs, POA&Ms,
Risk Assessments, Contingency Plans, and Continuous Monitoring
Plans. Collaborate with internal control owners to ensure technical
security controls are correctly configured and operational. Map
implemented security and privacy controls to industry frameworks
(e.g., NIST SP 800-53 Rev. 5, SAE 18, ISO 27000). Manage completion
of Security Control Assessments (SCA) to include: evidence
validation and remediation tracking. Manage external security
audits, responding to findings and implementing improvements. Work
with assessors to resolve findings and close gaps in compliance.
Update POA&Ms with mitigation plans, timelines, and status
updates. Monitor security controls and maintain ongoing situational
awareness of compliance posture. Lead the preparation of compliance
reports and security metrics for leadership and stakeholders.
Maintain knowledge of evolving NIST standards, federal security
requirements, and related frameworks (e.g., FedRAMP, FISMA). Manage
the coordination and maintenance of the SOC 2 audit project plan,
timelines, and deliverables. Partner with process owners to gather,
review, and organize audit evidence for all five Trust Services
Criteria Collaborate with engineering, IT, HR, legal, and
operations teams to obtain control evidence (e.g., policies,
procedures, system logs, training records). Ensure evidence meets
auditor requirements in both content and format. Maintain a
centralized repository for SOC 2 documentation, ensuring security
and confidentiality. Assist in monitoring and maintaining SOC 2
controls across all trust service categories. Track and follow up
on remediation actions for identified gaps or deficiencies. Support
control owners in understanding control requirements and
implementation best practices. Serve as primary point of contact
for auditor questions during the engagement. Coordinate audit
interviews and walkthroughs with relevant stakeholders. Monitor and
respond to auditor requests in a timely manner. Support the review
of the auditor’s draft report for accuracy and completeness.
Document lessons learned and update procedures to improve future
readiness. Manage ongoing compliance monitoring to maintain SOC 2
readiness year-round. Mandatory Qualifications: Practical
experience with NIST RMF and NIST SP 800-53 security control
implementation, AICPA Trust Services Criteria, and SOC 2
requirements. Excellent communication and interpersonal skills for
cross-functional collaboration. Excellent writing skills for
preparing formal security documentation. Strong technical
understanding of network, system, and application security
concepts. Strong organizational skills with the ability to manage
multiple priorities under tight deadlines. Strong management
skills, including experience managing one or more employees.
Preferred Qualifications: Security certifications such as CISSP,
CISA, or CISM. Experience supporting compliance frameworks (NIST,
AICPA, FedRAMP, ISO 27001, HIPAA, GDPR). Working knowledge of cloud
security best practices (AWS or Azure). Understanding of data
privacy principles and regulatory requirements. Prior work in a
SaaS or technology-driven organization. Prior experience working
with federal agencies or regulated environments. Experience and
Education: Bachelor’s degree in Information Security, Compliance,
Business Administration, or related field 5-7 years of experience
in IT compliance, security audits, or risk management (SOC 2
experience strongly preferred). Travel Requirements: There is
minimal travel required, i.e., less than 10% of the time. May
attend at least one offsite security conference/training event per
year. Other: Must be able to obtain Public Trust; other clearance
may or may not be required. Location: Hybrid (Columbia, MD) Status
: Full-time position with full company benefits NOTICE:
EO/AA/VEVRAA/Disabled Employer – Federal Contractor. FEi Systems
participates in E-Verify, a federal program that enables employers
to verify the identity and employment eligibility of all persons
hired to work in the United States by providing the Social Security
Administration (SSA) and, if necessary, the Department of Homeland
Security (DHS), with information from each new employee’s Form I-9
to confirm work authorization. For more information on E-Verify,
please contact DHS at (888) 464-4218. Applicants will receive
consideration for employment without regard to race, color,
religion, sex, national origin, age, marital status, political
affiliation, disability, or genetic information, except where it
relates to a bona fide occupational qualification or requirement.
FEI Systems creates an Affirmative Action Plan on an annual basis.
Pursuant to federal law, the portions of FEI Systems’ Affirmative
Action Program that relate to Section 503 (Persons with
Disabilities) and/or Section 4212 (Protected Veterans), are
available for inspection upon request by applicants and employees
during FEI Systems’ normal business hours.
Keywords: Fei.com, Inc., Wilmington , Governance, Risk and Compliance Manager (Hybrid), IT / Software / Systems , Columbia, Delaware
