Lead Craft’s FedRAMP readiness program — defining the roadmap, owning the ATO timeline, and driving execution across engineering and security stakeholders.
Design and implement AWS GovCloud architecture that meets FedRAMP Moderate and High requirements.
Translate NIST 800-53 Rev. 5 controls into concrete, auditable, and continuously enforced technical implementations — not just documentation.
Craft is the leader in supplier risk intelligence, enabling enterprises to discover, evaluate, and continuously monitor their suppliers at scale. They are a post-Series B high-growth technology company backed by top-tier investors in Silicon Valley and Europe, headquartered in San Francisco with hubs in Seattle and Warsaw.
Well-versed in FedRAMP assessment methodology within cloud information systems.
Electrosoft Services, Inc. provides comprehensive technology-based solutions and services to federal customers, specializing in cybersecurity, ICAM, enterprise IT modernization, and software solutions. They are an award-winning company that retains highly qualified employees and offers meaningful work, growth opportunities, and work-life balance.
Accelerate Onebrief’s execution of GRC programs supporting NIST RMF, FedRAMP High, CMMC, and SOC2 authorizations
Develop and manage integrated project plans for control implementation, remediation, and continuous monitoring
Coordinate cross-functional teams (Infrastructure, Engineering, Product) to ensure timely delivery of compliance requirements
Onebrief provides collaboration and AI-powered workflow software designed specifically for military staffs, aiming to make them faster, smarter, and more efficient. Valued at $2.15B, the company has raised $320m+ from top-tier investors and operates as an all-remote company.
Support client engagements related to CMMC readiness, implementation, and documentation
Develop, update, and maintain System Security Plans (SSPs)
Assist with NIST SP 800-171, NIST SP 800-53, and FedRAMP documentation, control mapping, and related deliverables
Hotman Group is a remote boutique cybersecurity and GRC firm supporting clients across a range of industries and compliance needs. They value strong writing, quality work, collaboration, sound judgment, and practical execution.