PagerDuty is hiring a
Security Compliance ConMon Specialist, Remote - United States
Summary
PagerDuty is seeking a Security Compliance ConMon Specialist to ensure ongoing compliance with FedRAMP and SOC 2 programs. The role involves monitoring, assessing, and reporting on the security posture of cloud services, leading process development, and participating in FedRAMP assessment activities.
Requirements
- 3+ years of FedRAMP experience; 6 years of Security & Compliance experience in a tech/security environment, leading at least one compliance program such as SOC 2, HITECH or similar
- Experience establishing, creating and managing audit workflows across multiple teams
- Strong analytical and organizational skills with the ability to successfully manage multiple priorities and deadlines
- Metrics driven, with a strong bias towards action and getting stuff done
- A focus on process improvement (automation, single pane of glass, continuous improvement)
Responsibilities
- Establish and operate a FedRAMP Vulnerability Management program
- Serve as the primary author for updating, maintaining, and submitting the monthly FedRAMP Continuous Monitoring Package: Plan of Actions and Milestones (POA&M), Deviation Request Forms, inventory workbook, and supporting evidence for POA&M closures
- Perform continuous monitoring activities in accordance with FedRAMP requirements to ensure ongoing compliance with 800-53 r5 security controls
- Lead the development and improvement and scalability of processes, procedures, and documentation related to FedRAMP and SOC 2 compliance
- Debrief external stakeholders on the monthly Continuous Monitoring Package, including, but not limited to, Third-Party Assessment Organizations (3PAO), Federal Agencies, and the FedRAMP Program Management Office
- Participate and support FedRAMP assessment activities, including Significant Change Requests (SCR), feature onboarding, annual assessments, and agency Authority to Operate (ATO) Reviews
- Support customer trust programs, including the Third-Party Risk Program and play to role of SME in external audits
- Review information security risk findings and non-compliance with business leaders and propose solutions to mitigate risks
- Actively drives automation and the continuous improvement of team processes to ensure minimal SLAs for each process
Preferred Qualifications
- Deep understanding of relevant information security frameworks, including FedRAMP, NIST 800-53, Cybersecurity Maturity Model Certification (CMMC), and DoD Cloud Security Requirements Guide (SRG)
- Experience in managing a FedRAMP continuous monitoring program within a Software as a Service (SaaS) company
- Past experience in a FedRAMP assessment, having participated either as an assessor or as a Cloud Service Provider (CSP) throughout the entire audit process, from initiation to completion
- Knowledgeable with FedRAMP requirements, processes, templates, and guidance
- Familiarity with SaaS security tools (such as Sumo Logic, Datadog, Crowdstrike, Wiz, Snyk, and Qualys). Familiarity with contemporary risk and issue management tools (such as JIRA, Lucidchart, UpGuard and Hyperproof)
- Proficient in utilizing Excel or Google Sheets to manipulate, analyze, and visualize vulnerability report data
- Familiarity with Cloud Native and SaaS constructs including architectures, DevOps, CI/CD, SecOps disciplines
Benefits
- Competitive salary
- Comprehensive benefits package from day one
- Flexible work arrangements
- Generous paid vacation time
- Paid holidays and sick leave
- Dutonian Wellness Days - scheduled company-wide paid days off in addition to PTO
- Company equity*
- ESPP (Employee Stock Purchase Program)*
- Retirement or pension plan*
- Paid parental leave - up to 22 weeks for pregnant parent, up to 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)*
- HibernationDuty - an annual company paid week off when everyone at PagerDuty, with the exception of a small, coverage crew, is asked to take a much needed break to truly disconnect and recharge
- Paid volunteer time off - 20 hours per year
- Company-wide hack weeks
- Mental wellness programs
This job is filled or no longer available