Back to search
RSI Security Himalayas · Posted 9d ago

External Federal Risk & Assessment Governance Subject Matter Expert

USD Contractor Remote

Cybersecurity Governance Federal Risk Management Assessment Oversight Regulatory Compliance
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

External Federal Risk & Assessment

Governance Subject Matter Expert

Impartiality Committee Member (CMMC / FedRAMP / ISO/IEC 17020)

Location: 100% Remote – Global

Type: Independent Contractor (Committee Appointment)

Pay: Stipend / Per-Meeting Compensation: $500

Travel: None (virtual)

About Us:

RSI Security is a leading cybersecurity and compliance firm providing independent assessment, advisory, and risk management services across commercial and federal environments. RSI operates a CMMC Certified Third-Party Assessment Organization (C3PAO) and is pursuing authorization as a FedRAMP Third Party Assessment Organization (3PAO) to support independent security assessments for cloud service providers and regulated organizations.

To preserve independence, objectivity, and assessment integrity, RSI maintains formal structural separation between assessment, advisory, and commercial functions. Oversight of impartiality, conflict-of-interest management, and governance risk is exercised through an independent Impartiality Committee aligned with ISO/IEC 17020 principles and federal assessment expectations.

RSI’s governance framework is designed to ensure that assessment activities remain free from commercial influence, maintain public trust, and uphold the integrity expected within accredited and regulated cybersecurity assessment environments.

About the Role:

The External Federal Assessment Governance Subject Matter Expert serves as a voting member of the RSIS Impartiality Committee.

This is a governance oversight role — not an audit, consulting, advisory, sales, or certification decision function.

The Committee provides independent oversight of:

  • Structural impartiality risks
  • Commercial influence risks
  • Advisory-to-assessment separation controls
  • Conflict-of-interest trends
  • Governance adequacy related to FedRAMP, CMMC, and ISO/IEC 17020 oversight expectations

Committee members do not:

  • Participate in assessment execution
  • Perform certification decisions
  • Engage in consulting for RSIS certification clients
  • Influence engagement acceptance decisions

Key Responsibilities

  • Review High and Critical impartiality risks presented by management
  • Evaluate structural independence safeguards and separation controls
  • Challenge management where risk mitigation is insufficient
  • Ensure no single interest predominates within assessment governance activities
  • Escalate unresolved structural or independence risks to the Governing Authority
  • Participate in periodic meetings (minimum quarterly)
  • Provide independent perspective on federal cybersecurity assessment governance, impartiality, and oversight risks

Governance Authority

Committee members:

  • Hold voting authority within the Committee
  • Operate independently from management
  • May request documentation necessary to discharge oversight responsibilities
  • Have authority to escalate unresolved concerns in accordance with the Committee Charter

Competence Requirements

Candidates must demonstrate:

  • 10+ years in federal cybersecurity, FedRAMP, CMMC, enterprise risk, cybersecurity governance, assessment oversight, or regulatory oversight
  • Demonstrated understanding of federal cybersecurity assessment programs, independent assessment oversight, or regulatory risk management
  • Familiarity with governance, impartiality, and oversight principles within regulated or accredited environments
  • Ability to operate at board / governance oversight level
  • Independence from RSI advisory revenue streams

Preferred:

  • Experience with FedRAMP, NIST-based frameworks, CMMC, ISO/IEC 17020, or accredited assessment environments
  • Experience serving on governance boards or oversight committees
  • Background in regulatory, public-interest, or independent risk oversight roles

Independence Requirements

Prior to appointment, candidates must:

  • Complete formal Conflict of Interest screening
  • Disclose advisory or financial relationships with RSI entities
  • Commit to ongoing annual independence attestations
  • Agree not to perform advisory services for RSIS certification clients during tenure

Cooling-off and recusal requirements apply where applicable.

Term & Review

Appointments are for a two-year term, renewable once, subject to continued independence verification and performance review in accordance with the Impartiality Committee Charter.

RSI Security is an Equal Opportunity Employer. We prioritize competence, qualifications, and the integrity of the certification process in all hiring decisions.


Originally posted on Himalayas

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If the repetitive CV tweaking gets heavy, Daniel can help set up Caio Agent.
Ask about Agent