Senior Security Analyst (FedRamp / NIST)

The Company

Serving the People Who Serve the People

What your impact will look like here

• Primarily, this role will work alongside GRC leadership to support and delivery Granicus’ existing and successful FedRAMP program (JAB Authorization), which includes, but is not limited, to the following
• Lead, either individually or in partnership with GRC leadership, annual compliance audit components, including interaction with 3PAO.
• Take ownership and curate, as necessary, System Security Plan and any other documentation and policies.
• Stay apprised of any potential or upcoming changes to FedRAMP elements (e.g., NIST rev5) and ensure any work needed to comply is included in roadmap planning.
• Lead elements of Continuous Monitoring (ConMon) process, including governance of POAMs, preparation of communication and evidence for the JAB, and all follow-up JAB interaction.
• Act as point of contact with Joint Authorization Board as necessary, including any informal or ad-hoc engagement (e.g., discuss potential technology changes). This role act as a trusted partner to JAB personnel, building on the positive, multi-year relationship Granicus has cultivated with the JAB.
• Work with technical teams to structure Significant Change Requests
• As a senior member of the team, this role will also have the opportunity and will be called upon to support other GRC related efforts, which may include –
• Assisting with other certifications that Granicus maintains (e.g., ISO 27001)
• Policy rationalization and optimization to accommodate global operating model and varied compliance and regulatory obligations.
• Supporting Enterprise Risk Management Program
• Helping to integrate newly acquired companies into Granicus processes

You will love this job if you have

• Proven problem solving and analytical abilities, and can intake, assess and normalize, and present large amounts of complicated data.
• Ability to communicate in a clear, concise, and comprehensive manner, with internal and external stakeholders, including Granicus senior leaders and external compliance/regulatory personnel.
• Collaborative mindset, acting as an enabler of the business’ compliance/security goals and partner to technology teams to aid with risk reduction efforts, rather than an auditor-like approach to simply identify and track deficiencies.
• Strong, cross-discipline technical, security, and compliance background, with ability to have moderately deep conversations with technology teams.
• 3+ years of experience meaningfully supporting and leading elements of a FedRAMP program, including ongoing maintenance of all required processes, policies, or other documentation
• Deep familiarity with cyber security control frameworks, particularly NIST CSF and NIST 800-53
• 10+ years of Cyber Security experience, with 5+ of these years being in the Governance, Risk, and Compliance space.
• Bachelors and/or master’s degree in Computer Science, Cyber Security, Information Technology, Risk Management, or related field.

Security and Privacy Requirements

The Team

The Culture

The Impact

The Benefits