Regulatory & Security Compliance Analyst
RainSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, EdTech, Government ContractsIndustries
Requirements
- Expertise in FedRAMP authorization and maintenance, including end-to-end governance, risk management, continuous monitoring, ATO/ATO-maintenance artifacts, cross-functional coordination, and government/3PAO engagement
- Knowledge of DoD RMF authorizations
- Compliance with regulatory frameworks including FedRAMP, NIST, and DoD guidelines
- Ability to own and operate FedRAMP program for assigned systems
Responsibilities
- Own the FedRAMP/DoD RMF authorization lifecycle for assigned systems (strategy → authorization → continuous monitoring → ATO maintenance)
- Define and maintain the FedRAMP program governance model, roles & responsibilities (including Sponsor/Authorizing Official interactions)
- Create, own, maintain, and version-control the System Security Plan (SSP), Security Assessment Report (SAR), continuous monitoring (ConMon) artifacts, POA&Ms, SSP annexes, and all ATO package deliverables
- Build and run the ConMon program: define telemetry requirements, dashboards, vulnerability ingestion, thresholds, incident feed, and reporting cadence
- Triage vulnerabilities, manage POA&Ms (track remediation owners, dates, residual risk), and ensure POA&M closure meets customer and FedRAMP expectations
- Lead the selection, engagement, and technical coordination with 3PAOs and any external assessors. Ensure assessments, testing, and SAR content are accurate and timely
- Evaluate security impact for architectural or operational changes (Security Impact Analysis), own risk acceptance processes, and coordinate Risk Acceptance with Sponsors/Authorizing Officials
- Integrate change control with the ConMon program to ensure authorized/approved changes are documented and do not break control baselines
- Act as the primary internal liaison across Product, Engineering, DevOps, Security, Sales, Legal, and Marketing for anything impacting the FedRAMP posture and ATO timelines. Drive working groups and weekly syncs
- Support pre-sales and customer conversations on FedRAMP posture and timelines alongside Sales; maintain the relationship with the government Sponsor/Authorizing Official and the FedRAMP PMO as required
- Build and manage program timelines (Gantt), identify and mitigate schedule risk, report status to Management and stakeholders, and maintain an issues/risk register for the authorization lifecycle
- Develop/update policies, control implementations, and procedures to ensure alignment with FedRAMP Rev (current guidance), NIST SP 800-53/800-37/800-137, and DoD RMF as applicable
- Provide training for engineers, product managers, and GRC teams on FedRAMP requirements, evidence collection, secure configuration baselines, and artifacts expectations
Skills
FedRAMP
DoD RMF
NIST
Governance
Risk Management
Continuous Monitoring
ATO
Compliance
Information Security
Regulatory Frameworks
Docebo
Corporate e-learning platform with AI integration
About Docebo
Docebo creates software and support systems to assist businesses in training their employees and stakeholders. Its platform combines various learning methods, such as formal, social, and experiential learning, enhanced by artificial intelligence to make the learning experience more personalized and engaging. This approach sets Docebo apart from traditional learning management systems that focus solely on formal courses. The company primarily targets corporate clients across different industries, recognizing the growing need for effective training solutions in the corporate e-learning sector. Docebo operates on a Software-as-a-Service (SaaS) model, where clients subscribe to access its platform, allowing for flexible usage based on their needs. The company's goal is to provide a comprehensive learning platform that supports continuous employee development and adapts to the evolving demands of the workforce.
Toronto, CanadaHeadquarters
2005Year Founded
$5.6MTotal Funding
IPOCompany Stage
Enterprise Software, EducationIndustries
1,001-5,000Employees
Benefits
Paid Vacation
Employee Stock Purchase Plan
Hybrid Work Options
Remote Work Options
Risks
Dayforce's new LMS launch could increase competition in the e-learning market.
CFO transition might cause temporary instability in Docebo's financial management.
Warburg Pincus's share acquisition may lead to increased influence over company decisions.
Differentiation
Docebo integrates formal, social, and experiential learning methods, enhancing learning personalization.
The platform leverages advanced AI capabilities for dynamic and personalized learning experiences.
Docebo's SaaS model allows scalable and flexible learning solutions for corporate clients.
Upsides
Docebo's partnership with Class Technologies enhances virtual instructor-led training capabilities.
Recognition with nine Brandon Hall Awards reinforces Docebo's leadership in learning innovation.
The alliance with Deloitte supports building robust learning ecosystems for large organizations.
Related Jobs
RemoteRemoteSenior Penetration Tester
HumanaSalary not specified
RemoteSr Software Developer in Test (FedRamp)
CriblSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Program Manager
OpenAISalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteActuary, Risk and Compliance
HumanaSalary not specified
RemoteSenior Compliance Analyst
EarnestSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSecurity Operations Manager
JobberSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteInformation Security Engineer
AlgoliaSalary not specified