About Saliense

At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including:

• 20 Days PTO + 40 Hours of Paid Sick & Safe Time
• 11 Federal Holidays + 2 Corporate Holidays
• Health, Vision, Dental, and Life Insurance
• 401(k) with Tiered Match & 100% Vesting
• Parental Leave for Birthing and Non-Birthing Parents
• Professional Development Reimbursement Program

We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com to learn more. 

There are many more - connect with us to get a preview of the full benefits package.

About the role

The Cybersecurity Policy and Governance Specialist is a senior cybersecurity policy author and RMF governance expert responsible for defining, documenting, and revising the policies, standards, and technical guidance required to modernize the organization’s RMF program. This role develops written artifacts that support and enable a shift from traditional point-in-time ATOs to a Continuous Authorization to Operate (cATO) model. The specialist produces clear, authoritative, and technically precise documentation—including policies, standards, procedures, control guidance, and platform requirements—that translate NIST RMF, NIST SP 800-53 Rev. 5, and FISMA requirements into implementable, automation-ready governance

What you'll do

• Author, revise, and maintain enterprise cybersecurity policies, RMF standards, and governance frameworks aligned with NIST RMF, NIST SP 800-53 Rev. 5, and FISMA.
• Develop policy language and technical standards that explicitly support continuous assessment, automated evidence collection, and ongoing risk acceptance required for cATO.
• Produce detailed RMF guidance, SOPs, and procedural documentation that translate regulatory requirements into actionable implementation direction for development and technical teams.
• Ensure documentation is written with sufficient technical depth to support cloud-native, DevSecOps/CICD, and automated control assessment activities.
• Define written requirements, standards, and governance rules for the configuration and use of the RegScale GRC platform, including workflows, control inheritance models, approval paths, and reporting processes and products.
• Author platform governance documentation covering RBAC, least-privilege access, service accounts, and identity integration requirements from a compliance perspective
• Lead the development of written migration guidance, standards, and acceptance criteria governing the transition of RMF data and artifacts from CSAM to RegScale.
• Author migration playbooks, data quality standards, and validation procedures to ensure historical RMF artifacts remain authoritative and usable for continuous monitoring.
• Ensure migration documentation supports long-term sustainment and future GRC platform evolution.
• Support the development of cATO governance models, including policies, standards, and decision frameworks that detail how continuous risk will be assessed, documented, and accepted.
• Define requirements for automated controls, continuous monitoring outputs, and ongoing authorization evidence.
• Align written governance with DevSecOps/CICD pipelines, cloud services, and integrated security tooling to support near real-time authorization decisions.

Qualifications

• 4+ Years of professional experience related to the listed tasks
• Master’s degree

• Experience authoring, revising, and maintaining enterprise cybersecurity policies, RMF standards, and governance documentation aligned with NIST RMF, NIST SP 800‑53 Rev. 5, and FISMA
• Experience developing policy language and technical standards that support continuous authorization (cATO), including continuous assessment, automated evidence collection, and ongoing risk acceptance
• Experience producing RMF guidance, SOPs, and procedural documentation that translate regulatory requirements into actionable implementation guidance for technical and development teams
• Experience writing governance and compliance documentation with sufficient technical depth to support cloud‑native environments, DevSecOps/CICD practices, and automated control assessment
• Experience defining written requirements, standards, and governance rules for GRC platforms (e.g., RegScale), including workflows, control inheritance, approval paths, and reporting
• Experience authoring platform governance documentation covering RBAC, least‑privilege access, service accounts, and identity integration from a compliance perspective
• Experience leading or supporting RMF data and artifact migrations between GRC platforms (e.g., CSAM to RegScale), including development of migration guidance and acceptance criteria
• Experience creating migration playbooks, data quality standards, and validation procedures to preserve the authority and usability of historical RMF artifacts
• Experience producing documentation that supports long‑term sustainment and future evolution of enterprise GRC platforms
• Experience contributing to or leading the development of cATO governance models, including policies, standards, and risk acceptance decision frameworks
• Experience defining requirements for automated controls, continuous monitoring outputs, and ongoing authorization evidence
• Experience aligning cybersecurity governance with DevSecOps pipelines, cloud services, and integrated security tooling to support near real‑time authorization decisions