Risk and Compliance Lead in Chicago, Illinois at RLDatix
Explore Related Opportunities
Job Description
Location: Chicago, Illinois, US
RLDatix is on a mission to transform care delivery worldwide, ensuring every patient receives the safest, highest-quality care. Through our innovative Healthcare Operations Platform, we're connecting data to unlock trusted insights that enable improved decision-making and help deliver safer healthcare for all.
Job Description
RLDatix (RLD) is on a mission to help raise the standard of care…everywhere. Trusted by over 10,000 healthcare organizations around the world, our solutions help improve health and care. Our applications ensure that patients receive the best and safest care while supporting the providers who deliver it.
Joining TeamRLD means being part of a global effort of over 2,000 team members in making a difference in healthcare…every day.
We're searching for a US-based GovRAMP/TX-RAMP Risk & Compliance Officer to join our Information Security – Risk & Compliance team, so that we can unlock US state and local government healthcare market opportunities through GovRAMP and TX-RAMP authorization. The GovRAMP/TX-RAMP Risk & Compliance Officer will serve as the dedicated compliance delivery lead for our 18-month authorization program and its ongoing continuous monitoring lifecycle, acting as the primary compliance interface to the GovRAMP PMO, third-party assessors, and US state agency authorizing officials.
How You'll Spend Your Time
- Author and maintain System Security Plans (SSPs) for GovRAMP Core (60 controls) and Moderate (394 controls) using NIST SP 800-53 Rev 5 baseline to achieve authorization milestones
- Map existing SOC 2 Type II and HIPAA evidence to NIST control families in order to identify gaps and coordinate collection across Engineering, HR, Facilities, Legal, and SecOps
- Own the Plan of Action & Milestones (POA&M) from Phase 2 to track 3PAO findings, coordinate remediation, and provide monthly updates to the CISO for sign-off
- Produce monthly Continuous Monitoring (ConMon) deliverables including vulnerability scan reports, POA&M updates, and significant change notifications in order to meet GovRAMP PMO requirements
- Cross-train with the NAM Risk & Compliance Officer on SOC 2 Type II and HIPAA delivery to provide mutual holiday/sickness cover and strengthen team resilience
What Kind of Things We're Most Interested in You Having
- 5+ years' experience in security compliance or GRC roles within CSPs, SaaS vendors, or consulting firms supporting GovRAMP/FedRAMP/StateRAMP authorizations
- Proven success delivering at least one full GovRAMP, FedRAMP, or StateRAMP authorization (SSP through ATO and ongoing ConMon)
- In-depth knowledge on how to map SOC 2, HIPAA, and ISO 27001 to NIST SP 800-53 Rev 5 control families and author SSPs in OSCAL format or legacy template
- Ability to work US business hours from a US location for real-time collaboration with the GovRAMP PMO, 3PAO, and state agency officials
- Sincere interest in enabling US state and local healthcare agencies to adopt patient safety solutions
- A knack for working collaboratively within a cross-functional, remote-first environment
- One of the following professional certifications: CISSP, CISA, CRISC, CCSP, or CAP (CAP preferred)
By enabling flexibility in how we work and prioritizing employee wellness, we empower our team to do and be their best. Our benefits package includes health, dental, vision, life, disability insurance, 401K, paid time off, and paid holidays.
RLDatix is an equal opportunity employer, and our employment decisions are made without regard to race, color, religion, age, gender, national origin, disability, handicap, marital status or any other status or condition protected by Federal and/or State laws.
As part of RLDatix's commitment to the inclusion of all qualified individuals, we ensure that persons with disabilities are provided reasonable accommodation in the job application and interview process. If reasonable accommodation is needed to participate in either step, please don't hesitate to send a note to accessibility@rldatix.com.
Salary offers are based on a wide range of factors including location, relevant skills, training, experience, education, and, where applicable, licensure or certifications obtained. Market and organizational factors are also taken into consideration.
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status