External Federal Risk & Assessment Governance Subject Matter Expert

 <p style="line-height:1.2;text-align:center;"><span style="font-size:16pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#512a2e;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">External Federal Risk & Assessment </span></span></span></span></span></span><br><span style="font-size:16pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#512a2e;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Governance Subject Matter Expert</span></span></span></span></span></span></p><h3 style="line-height:1.2;text-align:center;"><span style="font-size:12pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#9d8962;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Impartiality Committee Member (CMMC / FedRAMP / ISO/IEC 17020) </span></span></span></span></span></span></h3> <p style="line-height:1.2;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Location: 100% Remote – Global</span></span></span></span></span></span></p><p style="line-height:1.2;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Type: Independent Contractor (Committee Appointment)</span></span></span></span></span></span></p><p style="line-height:1.2;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Pay: Stipend / Per-Meeting Compensation: $500</span></span></span></span></span></span></p><p style="line-height:1.2;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Travel: None (virtual)</span></span></span></span></span></span></p> <h2 style="line-height:1.2;"><span style="font-size:13.999999999999998pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#702231;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">About Us:</span></span></span></span></span></span></h2><p style="line-height:1.2;margin-top:16px;margin-bottom:16px;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">RSI Security is a leading cybersecurity and compliance firm providing independent assessment, advisory, and risk management services across commercial and federal environments. RSI operates a CMMC Certified Third-Party Assessment Organization (C3PAO) and is pursuing authorization as a FedRAMP Third Party Assessment Organization (3PAO) to support independent security assessments for cloud service providers and regulated organizations.</span></span></span></span></span></span></p><p style="line-height:1.2;margin-top:16px;margin-bottom:16px;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">To preserve independence, objectivity, and assessment integrity, RSI maintains formal structural separation between assessment, advisory, and commercial functions. Oversight of impartiality, conflict-of-interest management, and governance risk is exercised through an independent Impartiality Committee aligned with ISO/IEC 17020 principles and federal assessment expectations.</span></span></span></span></span></span></p><p style="line-height:1.2;margin-top:16px;margin-bottom:16px;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">RSI’s governance framework is designed to ensure that assessment activities remain free from commercial influence, maintain public trust, and uphold the integrity expected within accredited and regulated cybersecurity assessment environments.</span></span></span></span></span></span></p><h2 style="line-height:1.2;"><span style="font-size:13.999999999999998pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#702231;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">About the Role:</span></span></span></span></span></span></h2><p style="line-height:1.2;margin-bottom:16px;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">The External Federal Assessment Governance Subject Matter Expert serves as a voting member of the RSIS Impartiality Committee.</span></span></span></span></span></span></p><p style="line-height:1.2;margin-top:16px;margin-bottom:16px;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">This is a governance oversight role — not an audit, consulting, advisory, sales, or certification decision function.</span></span></span></span></span></span></p><p style="line-height:1.2;margin-top:16px;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">The Committee provides independent oversight of:</span></span></span></span></span></span></p><ul><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Structural impartiality risks</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Commercial influence risks</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Advisory-to-assessment separation controls</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Conflict-of-interest trends</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Governance adequacy related to FedRAMP, CMMC, and ISO/IEC 17020 oversight expectations </span></span></span></span></span></span></li></ul><p style="line-height:1.2;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Committee members do </span></span></span></span></span></span><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">not</span></span></span></span></span></span><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">:</span></span></span></span></span></span></p><ul><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Participate in assessment execution</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Perform certification decisions</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Engage in consulting for RSIS certification clients</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Influence engagement acceptance decisions</span></span></span></span></span></span></li></ul><p style="line-height:1.2;"><span style="font-size:13.999999999999998pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#702231;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Key Responsibilities</span></span></span></span></span></span></p><ul><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Review High and Critical impartiality risks presented by management</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Evaluate structural independence safeguards and separation controls</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Challenge management where risk mitigation is insufficient</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Ensure no single interest predominates within assessment governance activities</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Escalate unresolved structural or independence risks to the Governing Authority</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Participate in periodic meetings (minimum quarterly)</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Provide independent perspective on federal cybersecurity assessment governance, impartiality, and oversight risks</span></span></span></span></span></span></li></ul><h2 style="line-height:1.2;"><span style="font-size:13.999999999999998pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#702231;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Governance Authority</span></span></span></span></span></span></h2><p style="line-height:1.2;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Committee members:</span></span></span></span></span></span></p><ul><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Hold voting authority within the Committee</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Operate independently from management</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">May request documentation necessary to discharge oversight responsibilities</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Have authority to escalate unresolved concerns in accordance with the Committee Charter</span></span></span></span></span></span></li></ul><h2 style="line-height:1.2;"><span style="font-size:13.999999999999998pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#702231;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Competence Requirements</span></span></span></span></span></span></h2><p style="line-height:1.2;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Candidates must demonstrate:</span></span></span></span></span></span></p><ul><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">10+ years in federal cybersecurity, FedRAMP, CMMC, enterprise risk, cybersecurity governance, assessment oversight, or regulatory oversight</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Demonstrated understanding of federal cybersecurity assessment programs, independent assessment oversight, or regulatory risk management</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Familiarity with governance, impartiality, and oversight principles within regulated or accredited environments</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Ability to operate at board / governance oversight level</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Independence from RSI advisory revenue streams</span></span></span></span></span></span></li></ul><p style="line-height:1.2;margin-top:16px;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Preferred:</span></span></span></span></span></span></p><ul><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Experience with FedRAMP, NIST-based frameworks, CMMC, ISO/IEC 17020, or accredited assessment environments</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Experience serving on governance boards or oversight committees</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Background in regulatory, public-interest, or independent risk oversight roles</span></span></span></span></span></span></li></ul><h2 style="line-height:1.2;"><span style="font-size:13.999999999999998pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#702231;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Independence Requirements</span></span></span></span></span></span></h2><p style="line-height:1.2;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Prior to appointment, candidates must:</span></span></span></span></span></span></p><ul><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Complete formal Conflict of Interest screening</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Disclose advisory or financial relationships with RSI entities</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Commit to ongoing annual independence attestations</span></span></span></span></span></span></li><li style="list-style-type:disc;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Agree not to perform advisory services for RSIS certification clients during tenure</span></span></span></span></span></span></li></ul><p style="line-height:1.2;margin-top:16px;margin-bottom:16px;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Cooling-off and recusal requirements apply where applicable.</span></span></span></span></span></span></p><h2 style="line-height:1.2;"><span style="font-size:13.999999999999998pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#702231;"><span style="font-weight:700;"><span style="font-style:normal;"><span style="text-decoration:none;">Term & Review</span></span></span></span></span></span></h2><p style="line-height:1.2;margin-bottom:16px;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:normal;"><span style="text-decoration:none;">Appointments are for a two-year term, renewable once, subject to continued independence verification and performance review in accordance with the Impartiality Committee Charter.</span></span></span></span></span></span></p><p style="line-height:1.2;"><span style="font-size:11pt;font-variant:normal;white-space:pre-wrap;"><span style="font-family:'Helvetica Neue', sans-serif;"><span style="color:#000000;"><span style="font-weight:400;"><span style="font-style:italic;"><span style="text-decoration:none;">RSI Security is an Equal Opportunity Employer. We prioritize competence, qualifications, and the integrity of the certification process in all hiring decisions.</span></span></span></span></span></span></p><br> 

Back to blog