Director of Security & Compliance

Director of Security & Compliance ARRO Systems LLC Jacksonville, FL Job Details Full-time 16 hours ago Qualifications Security Authorization CMMC Compliance risk assessment DevSecOps Practices Azure FedRAMP Operational risk management IT system monitoring Regulatory compliance CISSP Cloud security management SOC 2 Collaborating with government agencies

FISMA CISM

Information security compliance Policy & process development Cloud-based systems IT security architecture NIST standards Mentoring Certified Authorization Professional Vulnerability management Senior level SaaS Cross-functional collaboration Cross-functional team management Leadership Incident response implementation Communication skills Cross-functional communication Senior leadership IT security monitoring Full Job Description Director of Security & Compliance Designated Information System Security Officer (ISSO)

Department:

Compliance Location:

Remote Reports to:

Executive Director Direct Reports:

GRC Lead About

ARRO ARRO

is a technology partner to government and emergency response organizations, delivering cloud-based solutions that require rigorous security and regulatory compliance. As ARRO expands its federal and state agency partnerships, we are investing in the leadership and infrastructure needed to achieve and sustain FedRAMP authorization and broader regulatory compliance across our platform. The Opportunity ARRO is seeking an experienced Director of Security & Compliance to own our enterprise security program and serve as our designated Information System Security Officer (ISSO). This is not a build-from-scratch role — we are mid-gap remediation in our FedRAMP authorization journey, with an active 3PAO relationship and real momentum. We need a leader who has lived inside a FedRAMP authorization, knows how to close a POA&M, and can drive cross-functional accountability across engineering, cloud infrastructure, and operations. This role carries significant organizational authority and executive visibility. You will report directly to the Executive Director and serve as the internal voice of security and compliance across the organization. What You'll Own FedRAMP Authorization & Ongoing Compliance Serve as ARRO's designated ISSO — named in the authorization package and accountable for the security posture of ARRO's information systems Own the FedRAMP authorization strategy and drive execution from mid-gap remediation through ATO and into continuous monitoring Serve as the primary point of contact for 3PAO assessors, external security consultants, and sponsoring agencies Oversee all FedRAMP documentation including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and ConMon artifacts Ensure ARRO maintains operational readiness for regulatory assessments across Fed

RAMP, NIST

800-53, CMMC, TX-RAMP, and SOC 2 Enterprise Security Program Lead the development and ongoing maturity of ARRO's enterprise security program, aligned with NIST 800-53 and applicable regulatory frameworks Establish and maintain a Continuous Monitoring Program, including vulnerability management, control assessments, risk reporting, and remediation tracking Own security policy development, maintenance, and enforcement across the organization Lead security incident response planning and tabletop exercises Ensure security controls are implemented effectively across ARRO's Azure Government / GCC High infrastructure and platform Governance, Risk & Compliance (GRC) Lead and mentor the GRC Lead, establishing clear ownership and accountability for compliance deliverables Maintain a structured risk management program including identification, assessment, prioritization, and remediation tracking Establish internal governance processes to track compliance posture and surface risk to executive leadership Coordinate audit readiness activities with 3PAO assessors and external consultants Cross-Functional Security Leadership Partner with Engineering leadership to integrate security practices into the software development lifecycle Collaborate with cloud and infrastructure teams to ensure secure architecture and operational practices in Azure Government / GCC High Provide the Executive Director and leadership team with clear, actionable visibility into ARRO's security posture, compliance progress, and risk landscape Promote a culture of security awareness and continuous improvement across the organization What We're Looking Fo r Required Demonstrated, hands-on FedRAMP authorization experience — you have shepherded a system through an ATO or actively maintained one post-authorization Deep working knowledge of

NIST 800-53

control implementation — you have authored or owned SSPs, POA&Ms, and ConMon artifacts Direct experience working with 3PAO assessors through an assessment cycle 7+ years in information security or GRC, with 3+ years in a leadership or program ownership capacity Demonstrated ability to drive cross-functional accountability without direct authority over engineering or infrastructure teams Strong written communication skills — this role requires executive-level reporting and regulatory documentation Strongly Preferred Formal ISSO experience — you have been a named ISSO on at least one system under FedRAMP or FISMA Hands-on experience in Azure Government or GCC High environments Familiarity with CMMC, TX-RAMP, or state-level regulatory frameworks Background in cloud infrastructure, DevSecOps, or security architecture Experience in a SaaS or cloud-native environment serving government clients Certifications (one or more preferred) CISSP — strongly preferred for ISSO designation CAP (Certified Authorization Professional) — directly aligned with Fed

RAMP/FISMA

work CISM — relevant given the governance and program management weight of this role Why Join ARRO Direct impact on outcomes that matter — ARRO's technology supports emergency response and public safety organizations Executive visibility and organizational authority to drive real change Active 3PAO relationship and real FedRAMP momentum — you're not starting from zero Budget flexibility to grow the team as the program matures Director of Security & Compliance ARRO is seeking a Director of Security & Compliance to lead their enterprise security program and serve as the Information System Security Officer (ISSO). This role is pivotal in ARRO's FedRAMP authorization journey, requiring someone with hands-on experience in achieving and maintaining Fed

RAMP ATO.

The ideal candidate will own the FedRAMP authorization strategy, manage relationships with 3PAO assessors, and oversee all FedRAMP documentation. This position reports directly to the Executive Director, offering significant organizational authority and visibility. The Director will also be responsible for developing and maintaining ARRO's enterprise security program, ensuring alignment with NIST 800-53 and other regulatory frameworks. Key responsibilities include establishing a Continuous Monitoring Program, leading security incident response, and collaborating with engineering and cloud infrastructure teams to implement effective security controls. Strong leadership and communication skills are essential, as the role involves mentoring the GRC Lead, managing risk, and providing clear visibility into ARRO's security posture to executive leadership.