This role requires a strong understanding of vulnerability management, FedRAMP requirements, and the authorization process. The successful candidate will partner with internal and external stakeholders, including vendors and third-party assessment organizations (3PAOs), to ensure remediation is completed, controls are implemented and documented in accordance with FedRAMP compliance standards, and SLAs are met. The primary responsibilities are to complete activities required to maintain and update FedRAMP Continuous Monitoring documentation for the Five9 FedRAMP program. This role will be coordinating with departments at multiple levels as required to ensure the business objectives within FedRAMP program are achieved.
Responsibilities
- Perform comprehensive assessments of systems, infrastructure, and processes to identify vulnerabilities and gaps in meeting FedRAMP compliance
- Analyze infrastructure, data flows, access controls, encryption methods, and security frameworks to ensure alignment with the FedRAMP Moderate baseline
- Maintain documentation and perform continuous monitoring of compliance with FedRAMP standards
- Assist with authorization packages, System Security Plans, and preparing for FedRAMP P-ATO assessments
- Collaborate with engineering teams to provide guidance on building FedRAMP compliant cloud architecture
- Collaborate with team members to help manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
- Conduct continuous monitoring activities to assess the effectiveness of security controls and identify potential vulnerabilities or non-compliance issues.
- Generate or facilitate deviation requests as required.
- Coordinate with internal stakeholder engineering teams to document security compliance control implementations for technical, management, and operational requirements.
- Assist in tracking of metrics and measurements through Plans of Action and Milestones (POA&Ms) and prepare Annual Authorization reports to support continuous monitoring
- Cultivate strong working relations with industry regulators, accreditation bodies, and authorized auditing firms
Qualifications:
- Strong governance, risk and compliance experience and familiarity with cloud data security (NIST SP 800 Series, FedRAMP and FISMA)
- Proven experience in FedRAMP Continuous Monitoring activities and understanding of SaaS SDLC and agile processes.
- Familiarity with vulnerability management concepts, such as CVE and CVSS.
- Ability to quickly change priorities and handle simultaneous tasks.
- Strong analytical and problem-solving skills, excellent communication and interpersonal skills, and ability to work independently and as part of a team.
- Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
- Experience with technical documentation related to FIPS 199, NIST SP 800-53 REV 5, continuous monitoring, and POA&M management
- Bachelor’s degree and 5+ years of experience or an additional 4 years of experience in lieu of a degree.
- Clearance: To comply with U.S. federal government security requirements, U.S. citizenship is required, and your employment will be conditioned upon obtaining the Public Trust Verification.
Preferred Skills:
- Prior experience with Nessus Tenable, Wiz, or Sunbird
- Knowledge of other industry security standards (for example PCI, SOC 2, ISO 27000, etc.)
- Working knowledge of HIPAA and privacy
- Certification in relevant areas such as CISSP, CISM, CISA, PMP