Director, Information Security– FedRAMP

Position Overview

• Location Type: Remote
• Employment Type: Full-Time
• Salary: Not Specified

Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. The company brings together identity governance (IGA), granular application access, cloud security, and privileged access (PAM) to secure the entire business ecosystem and provide a frictionless user experience. The world’s largest brands trust Saviynt to accelerate digital transformation, empower distributed workforces, and meet continuous compliance.

The Director, Information Security, reports into Information Security leadership and will lead various Technical and Governance, Risk and Compliance (GRC) efforts as they relate primarily to the FedRAMP Program. The candidate will possess the ability to execute, scale, and continuously evolve the InfoSec and GRC functions to maximize the impact and oversight across the organization. The candidate must be comfortable managing projects in an Agile environment. The candidate should be familiar with policy and compliance requirements, including policy documentation and system requirements to successfully respond to potential audits.

Requirements

• Experience leading FedRAMP Info Sec and Compliance related activities
• Ability to execute, scale, and continuously evolve InfoSec and GRC functions
• Familiarity with policy and compliance requirements (including policy documentation and system requirements)
• Comfortable managing projects in an Agile environment
• Knowledge of NIST CSF and RMF frameworks
• Experience with System Security Plans (SSP)
• Experience with FedRAMP audit work
• Experience drafting and updating security documentation (policies, guidance documents, etc.)
• Working knowledge of ISO 27001, PCI-DSS, SOC 1, SOC 2 (a plus)

Responsibilities

• Serve as the lead for Saviynt’s FedRAMP Info Sec and Compliance related activities.
• Take Saviynt through the FedRAMP certification and re-recertification journey.
• Develop System Security Plans (SSP), drive FedRAMP audit work with support from cross-functional team members.
• Lead monthly ConMon discussions, especially the technical aspects.
• Review security documentation/artifacts such as audit reports, gap analysis reports, POA&Ms, etc.
• Serve as the Governance POC both internally and externally.
• Identify governance or compliance requirements, assess risks, review required forms.
• Serve as a liaison across cross-functional teams to help achieve Info Sec objectives.
• Proactively work with cross-functional peers to establish InfoSec requirements and expectations, so that compliance checks provide assurance for implemented controls.
• Accountable for the execution of various compliance assessments throughout the year, primarily FedRAMP related audits.
• Draft and update key security documentation including policies, guidance documents, Contingency Plan, Incident Response Plan, etc.
• Help automate GRC inefficiencies through automation and improved workflows.
• Perform vulnerability scanning and provide remediation guidance as needed.
• Support customer requests as they pertain to Compliance queries and to other Information Security questions, with the support of technical Info Sec members.
• Develop and update Policies, Standards and Procedures per the organization’s policy framework.
• Establish and lead risk management activities, including identification of risk and recommended mitigations; track and manage risks and issues from identification.

Application Instructions

• Not specified in the provided text.