Senior Compliance & Privacy Analyst - FedRAMP

Five9 - San Ramon, CA

posted 14 days ago

Full-time - Mid Level
Remote - San Ramon, CA
Professional, Scientific, and Technical Services

About the position

The Senior Compliance & Privacy Analyst - FedRAMP at Five9 is responsible for ensuring compliance with FedRAMP standards and managing the continuous monitoring of the FedRAMP program. This role involves collaborating with various stakeholders, including internal teams and external vendors, to assess vulnerabilities, maintain documentation, and implement necessary controls to meet compliance requirements. The analyst will play a key role in guiding the organization towards achieving its FedRAMP compliance objectives while fostering a culture of security and risk management.

Responsibilities

  • Perform comprehensive assessments of systems, infrastructure, and processes to identify vulnerabilities and gaps in meeting FedRAMP compliance.
  • Analyze infrastructure, data flows, access controls, encryption methods, and security frameworks to ensure alignment with the FedRAMP Moderate baseline.
  • Maintain documentation and perform continuous monitoring of compliance with FedRAMP standards.
  • Assist with authorization packages, System Security Plans, and preparing for FedRAMP P-ATO assessments.
  • Collaborate with engineering teams to provide guidance on building FedRAMP compliant cloud architecture.
  • Collaborate with team members to help manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
  • Conduct continuous monitoring activities to assess the effectiveness of security controls and identify potential vulnerabilities or non-compliance issues.
  • Generate or facilitate deviation requests as required.
  • Coordinate with internal stakeholder engineering teams to document security compliance control implementations for technical, management, and operational requirements.
  • Assist in tracking of metrics and measurements through Plans of Action and Milestones (POA&Ms) and prepare Annual Authorization reports to support continuous monitoring.
  • Cultivate strong working relations with industry regulators, accreditation bodies, and authorized auditing firms.

Requirements

  • Strong governance, risk and compliance experience and familiarity with cloud data security (NIST SP 800 Series, FedRAMP and FISMA).
  • Proven experience in FedRAMP Continuous Monitoring activities and understanding of SaaS SDLC and agile processes.
  • Familiarity with vulnerability management concepts, such as CVE and CVSS.
  • Ability to quickly change priorities and handle simultaneous tasks.
  • Strong analytical and problem-solving skills, excellent communication and interpersonal skills, and ability to work independently and as part of a team.
  • Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
  • Experience with technical documentation related to FIPS 199, NIST SP 800-53 REV 5, continuous monitoring, and POA&M management.
  • Bachelor's degree and 5+ years of experience or an additional 4 years of experience in lieu of a degree.

Nice-to-haves

  • Prior experience with Nessus Tenable, Wiz, or Sunbird.
  • Knowledge of other industry security standards (for example PCI, SOC 2, ISO 27000, etc.).
  • Working knowledge of HIPAA and privacy.
  • Certification in relevant areas such as CISSP, CISM, CISA, PMP.

Benefits

  • Health, dental, and vision coverage, beginning on the first day of employment.
  • Five9 covers 100% of the employee portion of the health, dental and vision coverage and shares a high portion of the dependent cost.
  • Short & Long-Term Disability, Basic Life Insurance, and a 401k saving plan with employer matching.
  • Access to an innovative mental health support platform that offers personalized care and resources.
  • Generous employee stock purchase plan.
  • Paid Time Off, Company paid holidays, paid volunteer hours and 12 weeks paid parental leave.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service