PagerDuty is hiring a
Security Compliance ConMon Specialist, Remote - United States

Summary

PagerDuty is seeking a Security Compliance ConMon Specialist to ensure ongoing compliance with FedRAMP and SOC 2 programs. The role involves monitoring, assessing, and reporting on the security posture of cloud services, leading process development, and participating in FedRAMP assessment activities.

Requirements

• 3+ years of FedRAMP experience; 6 years of Security & Compliance experience in a tech/security environment, leading at least one compliance program such as SOC 2, HITECH or similar
• Experience establishing, creating and managing audit workflows across multiple teams
• Strong analytical and organizational skills with the ability to successfully manage multiple priorities and deadlines
• Metrics driven, with a strong bias towards action and getting stuff done
• A focus on process improvement (automation, single pane of glass, continuous improvement)

Responsibilities

• Establish and operate a FedRAMP Vulnerability Management program
• Serve as the primary author for updating, maintaining, and submitting the monthly FedRAMP Continuous Monitoring Package: Plan of Actions and Milestones (POA&M), Deviation Request Forms, inventory workbook, and supporting evidence for POA&M closures
• Perform continuous monitoring activities in accordance with FedRAMP requirements to ensure ongoing compliance with 800-53 r5 security controls
• Lead the development and improvement and scalability of processes, procedures, and documentation related to FedRAMP and SOC 2 compliance
• Debrief external stakeholders on the monthly Continuous Monitoring Package, including, but not limited to, Third-Party Assessment Organizations (3PAO), Federal Agencies, and the FedRAMP Program Management Office
• Participate and support FedRAMP assessment activities, including Significant Change Requests (SCR), feature onboarding, annual assessments, and agency Authority to Operate (ATO) Reviews
• Support customer trust programs, including the Third-Party Risk Program and play to role of SME in external audits
• Review information security risk findings and non-compliance with business leaders and propose solutions to mitigate risks
• Actively drives automation and the continuous improvement of team processes to ensure minimal SLAs for each process

Preferred Qualifications

• Deep understanding of relevant information security frameworks, including FedRAMP, NIST 800-53, Cybersecurity Maturity Model Certification (CMMC), and DoD Cloud Security Requirements Guide (SRG)
• Experience in managing a FedRAMP continuous monitoring program within a Software as a Service (SaaS) company
• Past experience in a FedRAMP assessment, having participated either as an assessor or as a Cloud Service Provider (CSP) throughout the entire audit process, from initiation to completion
• Knowledgeable with FedRAMP requirements, processes, templates, and guidance
• Familiarity with SaaS security tools (such as Sumo Logic, Datadog, Crowdstrike, Wiz, Snyk, and Qualys). Familiarity with contemporary risk and issue management tools (such as JIRA, Lucidchart, UpGuard and Hyperproof)
• Proficient in utilizing Excel or Google Sheets to manipulate, analyze, and visualize vulnerability report data
• Familiarity with Cloud Native and SaaS constructs including architectures, DevOps, CI/CD, SecOps disciplines

Benefits

• Competitive salary
• Comprehensive benefits package from day one
• Flexible work arrangements
• Generous paid vacation time
• Paid holidays and sick leave
• Dutonian Wellness Days - scheduled company-wide paid days off in addition to PTO
• Company equity*
• ESPP (Employee Stock Purchase Program)*
• Retirement or pension plan*
• Paid parental leave - up to 22 weeks for pregnant parent, up to 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)*
• HibernationDuty - an annual company paid week off when everyone at PagerDuty, with the exception of a small, coverage crew, is asked to take a much needed break to truly disconnect and recharge
• Paid volunteer time off - 20 hours per year
• Company-wide hack weeks
• Mental wellness programs