External Federal Risk & Assessment Governance Subject Matter Expert in at RSI Security

External Federal Risk & Assessment
Governance Subject Matter Expert

Location: 100% Remote – Global

Type: Independent Contractor (Committee Appointment)

Pay: Stipend / Per-Meeting Compensation: $500

Travel: None (virtual)

RSI Security is a leading cybersecurity and compliance firm providing independent assessment, advisory, and risk management services across commercial and federal environments. RSI operates a CMMC Certified Third-Party Assessment Organization (C3PAO) and is pursuing authorization as a FedRAMP Third Party Assessment Organization (3PAO) to support independent security assessments for cloud service providers and regulated organizations.

To preserve independence, objectivity, and assessment integrity, RSI maintains formal structural separation between assessment, advisory, and commercial functions. Oversight of impartiality, conflict-of-interest management, and governance risk is exercised through an independent Impartiality Committee aligned with ISO/IEC 17020 principles and federal assessment expectations.

RSI’s governance framework is designed to ensure that assessment activities remain free from commercial influence, maintain public trust, and uphold the integrity expected within accredited and regulated cybersecurity assessment environments.

The External Federal Assessment Governance Subject Matter Expert serves as a voting member of the RSIS Impartiality Committee.

This is a governance oversight role — not an audit, consulting, advisory, sales, or certification decision function.

The Committee provides independent oversight of:

• Structural impartiality risks
• Commercial influence risks
• Advisory-to-assessment separation controls
• Conflict-of-interest trends
• Governance adequacy related to FedRAMP, CMMC, and ISO/IEC 17020 oversight expectations

Committee members do not:

• Participate in assessment execution
• Perform certification decisions
• Engage in consulting for RSIS certification clients
• Influence engagement acceptance decisions

Key Responsibilities

• Review High and Critical impartiality risks presented by management
• Evaluate structural independence safeguards and separation controls
• Challenge management where risk mitigation is insufficient
• Ensure no single interest predominates within assessment governance activities
• Escalate unresolved structural or independence risks to the Governing Authority
• Participate in periodic meetings (minimum quarterly)
• Provide independent perspective on federal cybersecurity assessment governance, impartiality, and oversight risks

Committee members:

• Hold voting authority within the Committee
• Operate independently from management
• May request documentation necessary to discharge oversight responsibilities
• Have authority to escalate unresolved concerns in accordance with the Committee Charter

Candidates must demonstrate:

• 10+ years in federal cybersecurity, FedRAMP, CMMC, enterprise risk, cybersecurity governance, assessment oversight, or regulatory oversight
• Demonstrated understanding of federal cybersecurity assessment programs, independent assessment oversight, or regulatory risk management
• Familiarity with governance, impartiality, and oversight principles within regulated or accredited environments
• Ability to operate at board / governance oversight level
• Independence from RSI advisory revenue streams

Preferred:

• Experience with FedRAMP, NIST-based frameworks, CMMC, ISO/IEC 17020, or accredited assessment environments
• Experience serving on governance boards or oversight committees
• Background in regulatory, public-interest, or independent risk oversight roles

Prior to appointment, candidates must:

• Complete formal Conflict of Interest screening
• Disclose advisory or financial relationships with RSI entities
• Commit to ongoing annual independence attestations
• Agree not to perform advisory services for RSIS certification clients during tenure

Cooling-off and recusal requirements apply where applicable.

Appointments are for a two-year term, renewable once, subject to continued independence verification and performance review in accordance with the Impartiality Committee Charter.

RSI Security is an Equal Opportunity Employer. We prioritize competence, qualifications, and the integrity of the certification process in all hiring decisions.