Allocate resources effectively to support the goals of the security program. 8+ years in information security or risk management, including acting as a high-level individual contributor or program lead for security initiatives. Direct FedRAMP Moderate experience: Hands-on involvement in maintaining a FedRAMP Moderate Authorization (ATO) or leading the full Assessment & Authorization (A&A) process. Strong knowledge of government security frameworks such as NIST SP 800-53 and the Risk Management Framework (RMF), with experience applying these controls in a FedRAMP, FISMA, or similar compliance environment. Program and project management skills: Demonstrated ability to coordinate complex security compliance projects, manage A&A timelines, and collaborate with cross-functional teams to meet security objectives. Tactical execution and detail orientation: Strong hands-on ability to implement and oversee security controls, conduct control assessments, maintain detailed security documentation (e.g. System Security Plans, POA&M reports), and prepare required compliance reports. Excellent communication and stakeholder engagement: Ability to effectively communicate security status, risks, and requirements to both technical and executive audiences. Experience interfacing with external assessors or auditors and government stakeholders. 3 days a week in our Santa Clara office DoD IL4 experience: Hands-on familiarity with Department of Defense Impact Level 4/5 cloud security requirements. Professional certifications such as CISSP, CISM, or CAP (or equivalent) demonstrating formal security management knowledge. Advanced education in cybersecurity or a related field additional training focused on security and compliance. Maintain and improve our compliance programs for FedRAMP Moderate, GovRAMP, and IL4, ensuring consistent alignment with applicable government standards. Own the creation and management of system security documentation and produce regular reports for internal and external stakeholders. Develop and refine security policies for public-sector offerings, coordinating cross-functional reviews and approvals. Collaborate with security operations to align standard operating procedures (SOPs) with updated government requirements and best practices.
