Key Facts

Remote From:

Anywhere

Full time

Expert & Leadership (>10 years)

English

Hard Skills

Cyber Operations Risk Management Psychological Evaluations FedRAMP Regulatory Compliance Assessment And Authorization

Other Skills

•
Governance

Roles & Responsibilities

10+ years in federal cybersecurity, FedRAMP, CMMC, enterprise risk, cybersecurity governance, assessment oversight, or regulatory oversight
Demonstrated understanding of federal cybersecurity assessment programs, independent assessment oversight, or regulatory risk management
Familiarity with governance, impartiality, and oversight principles within regulated or accredited environments
Ability to operate at board / governance oversight level

Requirements:

Review High and Critical impartiality risks presented by management
Evaluate structural independence safeguards and separation controls
Challenge management where risk mitigation is insufficient
Ensure no single interest predominates within assessment governance activities

Job description

External Federal Risk & Assessment
Governance Subject Matter Expert

Impartiality Committee Member (CMMC / FedRAMP / ISO/IEC 17020)

Location: 100% Remote – Global

Type: Independent Contractor (Committee Appointment)

Pay: Stipend / Per-Meeting Compensation: $500

Travel: None (virtual)

About Us:

RSI Security is a leading cybersecurity and compliance firm providing independent assessment, advisory, and risk management services across commercial and federal environments. RSI operates a CMMC Certified Third-Party Assessment Organization (C3PAO) and is pursuing authorization as a FedRAMP Third Party Assessment Organization (3PAO) to support independent security assessments for cloud service providers and regulated organizations.

To preserve independence, objectivity, and assessment integrity, RSI maintains formal structural separation between assessment, advisory, and commercial functions. Oversight of impartiality, conflict-of-interest management, and governance risk is exercised through an independent Impartiality Committee aligned with ISO/IEC 17020 principles and federal assessment expectations.

RSI’s governance framework is designed to ensure that assessment activities remain free from commercial influence, maintain public trust, and uphold the integrity expected within accredited and regulated cybersecurity assessment environments.

About the Role:

The External Federal Assessment Governance Subject Matter Expert serves as a voting member of the RSIS Impartiality Committee.

This is a governance oversight role — not an audit, consulting, advisory, sales, or certification decision function.

The Committee provides independent oversight of:

Structural impartiality risks
Commercial influence risks
Advisory-to-assessment separation controls
Conflict-of-interest trends
Governance adequacy related to FedRAMP, CMMC, and ISO/IEC 17020 oversight expectations

Committee members do not:

Participate in assessment execution
Perform certification decisions
Engage in consulting for RSIS certification clients
Influence engagement acceptance decisions

Key Responsibilities

Review High and Critical impartiality risks presented by management
Evaluate structural independence safeguards and separation controls
Challenge management where risk mitigation is insufficient
Ensure no single interest predominates within assessment governance activities
Escalate unresolved structural or independence risks to the Governing Authority
Participate in periodic meetings (minimum quarterly)
Provide independent perspective on federal cybersecurity assessment governance, impartiality, and oversight risks

Governance Authority

Committee members:

Hold voting authority within the Committee
Operate independently from management
May request documentation necessary to discharge oversight responsibilities
Have authority to escalate unresolved concerns in accordance with the Committee Charter

Competence Requirements

Candidates must demonstrate:

10+ years in federal cybersecurity, FedRAMP, CMMC, enterprise risk, cybersecurity governance, assessment oversight, or regulatory oversight
Demonstrated understanding of federal cybersecurity assessment programs, independent assessment oversight, or regulatory risk management
Familiarity with governance, impartiality, and oversight principles within regulated or accredited environments
Ability to operate at board / governance oversight level
Independence from RSI advisory revenue streams

Preferred:

Experience with FedRAMP, NIST-based frameworks, CMMC, ISO/IEC 17020, or accredited assessment environments
Experience serving on governance boards or oversight committees
Background in regulatory, public-interest, or independent risk oversight roles

Independence Requirements

Prior to appointment, candidates must:

Complete formal Conflict of Interest screening
Disclose advisory or financial relationships with RSI entities
Commit to ongoing annual independence attestations
Agree not to perform advisory services for RSIS certification clients during tenure

Cooling-off and recusal requirements apply where applicable.

Term & Review

Appointments are for a two-year term, renewable once, subject to continued independence verification and performance review in accordance with the Impartiality Committee Charter.

RSI Security is an Equal Opportunity Employer. We prioritize competence, qualifications, and the integrity of the certification process in all hiring decisions.