Senior Compliance & Privacy Analyst - FedRAMP United States (Remote)

Five9

posted about 2 months ago

Full-time - Mid Level
Remote
Professional, Scientific, and Technical Services

About the position

The Senior Compliance & Privacy Analyst at Five9 is responsible for ensuring compliance with FedRAMP standards and managing the continuous monitoring of the FedRAMP program. This role involves collaborating with various stakeholders, including internal teams and external vendors, to assess vulnerabilities, maintain documentation, and support the authorization process. The analyst will play a key role in fostering a culture of compliance and security within the organization, ensuring that all necessary controls are implemented and documented effectively.

Responsibilities

  • Perform comprehensive assessments of systems, infrastructure, and processes to identify vulnerabilities and gaps in meeting FedRAMP compliance.
  • Analyze infrastructure, data flows, access controls, encryption methods, and security frameworks to ensure alignment with the FedRAMP Moderate baseline.
  • Maintain documentation and perform continuous monitoring of compliance with FedRAMP standards.
  • Assist with authorization packages, System Security Plans, and preparing for FedRAMP P-ATO assessments.
  • Collaborate with engineering teams to provide guidance on building FedRAMP compliant cloud architecture.
  • Collaborate with team members to help manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
  • Conduct continuous monitoring activities to assess the effectiveness of security controls and identify potential vulnerabilities or non-compliance issues.
  • Generate or facilitate deviation requests as required.
  • Coordinate with internal stakeholder engineering teams to document security compliance control implementations for technical, management, and operational requirements.
  • Assist in tracking of metrics and measurements through Plans of Action and Milestones (POA&Ms) and prepare Annual Authorization reports to support continuous monitoring.
  • Cultivate strong working relations with industry regulators, accreditation bodies, and authorized auditing firms.

Requirements

  • Strong governance, risk and compliance experience and familiarity with cloud data security (NIST SP 800 Series, FedRAMP and FISMA).
  • Proven experience in FedRAMP Continuous Monitoring activities and understanding of SaaS SDLC and agile processes.
  • Familiarity with vulnerability management concepts, such as CVE and CVSS.
  • Ability to quickly change priorities and handle simultaneous tasks.
  • Strong analytical and problem-solving skills, excellent communication and interpersonal skills, and ability to work independently and as part of a team.
  • Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
  • Experience with technical documentation related to FIPS 199, NIST SP 800-53 REV 5, continuous monitoring, and POA&M management.
  • Bachelor's degree and 5+ years of experience or an additional 4 years of experience in lieu of a degree.
  • U.S. citizenship is required, and employment will be conditioned upon obtaining the Public Trust Verification.

Nice-to-haves

  • Prior experience with Nessus Tenable, Wiz, or Sunbird.
  • Knowledge of other industry security standards (for example PCI, SOC 2, ISO 27000, etc.).
  • Working knowledge of HIPAA and privacy.
  • Certification in relevant areas such as CISSP, CISM, CISA, PMP.

Benefits

  • Health, dental, and vision coverage, beginning on the first day of employment.
  • Short & Long-Term Disability coverage.
  • Basic Life Insurance.
  • 401k saving plan with employer matching.
  • Access to an innovative mental health support platform.
  • Generous employee stock purchase plan.
  • Paid Time Off and Company paid holidays.
  • Paid volunteer hours.
  • 12 weeks paid parental leave.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service