Fedramp Isso

Summary

Join PagerDuty as a FedRAMP ISSO and lead the security and compliance of our FedRAMP-authorized environments. You will be the subject matter expert for FedRAMP compliance, collaborating with cross-functional teams to ensure adherence to security requirements and maintain audit readiness. This role requires a deep understanding of FedRAMP, NIST 800-53 controls, and cloud security best practices. You will translate FedRAMP requirements into actionable items, develop and maintain documentation, partner with 3PAOs, and collaborate with customers for external audits. The ideal candidate has 5+ years of experience in information security, with at least 3 years supporting FedRAMP compliance. This is a chance to build lovable security solutions and secure infrastructure at scale.

Requirements

• 5+ years of experience in information security, compliance, or related roles, with at least 3 years of experience supporting FedRAMP compliance efforts
• Strong understanding of FedRAMP requirements, NIST 800-53 controls, and security assessment processes
• Demonstrated ability to collaborate with cross-functional teams to support security initiatives
• Has been a major contributor to a FedRAMP audit, from SAP planning to authorization
• Experience with tools and processes for vulnerability management, system audits, and risk assessments
• Detail-oriented with strong organizational skills and the ability to manage multiple priorities
• Experience drafting and managing POA&Ms, incident reports, and continuous monitoring deliverables
• Exceptional written and verbal communication skills for creating and managing FedRAMP documentation

Responsibilities

• Apply knowledge of the NIST 800-53 control framework to implement FedRAMP requirements and ensure compliance with security initiatives
• Translate FedRAMP requirements into actionable items to support solution design, process implementation, and policy enforcement
• Develop, maintain, and update FedRAMP documentation, including the System Security Plan (SSP), policies, procedures, and contingency plans (e.g., ISCP)
• Partner with 3PAOs to support assessments, drive audit readiness, and coordinate timely evidence collection
• Collaborate with customers to facilitate external audits and ensure successful attainment and maintenance of Authority to Operate (ATO)
• Provide internal guidance to integrate FedRAMP controls (e.g., encryption, access controls, logging) into product design, development, and operational processes
• Provide guidance and support for adjacent compliance frameworks (e.g., DoD IL, CMMC, SOC 2, or ISO 27001) to align with FedRAMP requirements

Preferred Qualifications

• Experience supporting FedRAMP Moderate or High system authorizations
• Experience supporting DoD IL 4 or 5 environments
• Knowledge of cloud computing environments, such as AWS, Azure, or Google Cloud, particularly FedRAMP-authorized regions (e.g., AWS GovCloud, Azure Government)
• Familiar with SaaS security tools (such as Sumo Logic, Datadog, Crowdstrike, Wiz, Snyk, and Qualys). Familiarity with contemporary risk and issue management tools (such as JIRA, Lucidchart, UpGuard and Hyperproof)
• Familiarity with Cloud Native and SaaS constructs, including architectures, DevOps, CI/CD, SecOps disciplines
• Relevant certifications, such as: Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Authorization Professional (CAP)
• CompTIA Advanced Security Practitioner (CASP+)
• Experience working with government agencies or contractors in the public sector

Benefits

• Competitive salary
• Comprehensive benefits package from day one
• Flexible work arrangements
• Generous paid vacation time
• Paid holidays and sick leave
• Dutonian Wellness Days - scheduled company-wide paid days off in addition to PTO
• Company equity*
• ESPP (Employee Stock Purchase Program)*
• Retirement or pension plan*
• Paid parental leave - up to 22 weeks for pregnant parent, up to 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)*
• HibernationDuty - an annual company paid week off when everyone at PagerDuty, with the exception of a small, coverage crew, is asked to take a much needed break to truly disconnect and recharge
• Paid volunteer time off - 20 hours per year
• Company-wide hack weeks
• Mental wellness programs
• Bonus
• Commission
• Equity