Information Systems Security Officer (ISSO) at Docebo

Atlanta, Georgia, United States

Docebo Logo
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, EdTech, Government ContractsIndustries

Requirements

  • Expertise in FedRAMP authorization and maintenance, including end-to-end governance, risk management, continuous monitoring, ATO/ATO-maintenance artifacts, cross-functional coordination, and government/3PAO engagement
  • Knowledge of DoD RMF authorizations
  • Compliance with regulatory frameworks including FedRAMP, NIST, and DoD guidelines
  • Ability to own and operate FedRAMP program for assigned systems

Responsibilities

  • Own the FedRAMP/DoD RMF authorization lifecycle for assigned systems (strategy → authorization → continuous monitoring → ATO maintenance)
  • Define and maintain the FedRAMP program governance model, roles & responsibilities (including Sponsor/Authorizing Official interactions)
  • Create, own, maintain, and version-control the System Security Plan (SSP), Security Assessment Report (SAR), continuous monitoring (ConMon) artifacts, POA&Ms, SSP annexes, and all ATO package deliverables
  • Build and run the ConMon program: define telemetry requirements, dashboards, vulnerability ingestion, thresholds, incident feed, and reporting cadence
  • Triage vulnerabilities, manage POA&Ms (track remediation owners, dates, residual risk), and ensure POA&M closure meets customer and FedRAMP expectations
  • Lead the selection, engagement, and technical coordination with 3PAOs and any external assessors. Ensure assessments, testing, and SAR content are accurate and timely
  • Evaluate security impact for architectural or operational changes (Security Impact Analysis), own risk acceptance processes, and coordinate Risk Acceptance with Sponsors/Authorizing Officials
  • Integrate change control with the ConMon program to ensure authorized/approved changes are documented and do not break control baselines
  • Act as the primary internal liaison across Product, Engineering, DevOps, Security, Sales, Legal, and Marketing for anything impacting the FedRAMP posture and ATO timelines. Drive working groups and weekly syncs
  • Support pre-sales and customer conversations on FedRAMP posture and timelines alongside Sales; maintain the relationship with the government Sponsor/Authorizing Official and the FedRAMP PMO as required
  • Build and manage program timelines (Gantt), identify and mitigate schedule risk, report status to Management and stakeholders, and maintain an issues/risk register for the authorization lifecycle
  • Develop/update policies, control implementations, and procedures to ensure alignment with FedRAMP Rev (current guidance), NIST SP 800-53/800-37/800-137, and DoD RMF as applicable
  • Provide training for engineers, product managers, and GRC teams on FedRAMP requirements, evidence collection, secure configuration baselines, and artifacts expectations

Skills

Key technologies and capabilities for this role

FedRAMPDoD RMFNISTGovernanceRisk ManagementContinuous MonitoringATOComplianceInformation SecurityRegulatory Frameworks

Questions & Answers

Common questions about this position

What is the employment type for this ISSO position?

This is a full-time position.

Is this ISSO role remote or does it require office presence?

This information is not specified in the job description.

What are the key responsibilities or skills needed for the ISSO role?

The role requires owning the FedRAMP/DoD RMF authorization lifecycle, maintaining the System Security Plan (SSP) and other ATO artifacts, building and running the continuous monitoring (ConMon) program, triaging vulnerabilities, managing POA&Ms, and coordinating with 3PAOs.

What is the company culture like at Docebo?

Docebo emphasizes the 'Docebo Heart' by trusting each other, assuming positive intent, and making space for differences that strengthen the team, with a global team of 900+ Docebians challenging the status quo.

What makes a strong candidate for the ISSO position?

A strong candidate is a specialized expert in FedRAMP authorization and maintenance, with deep knowledge of governance, risk management, continuous monitoring, NIST, and DoD RMF guidelines, plus experience in cross-functional coordination and government/3PAO engagement.

Docebo

Corporate e-learning platform with AI integration

Website

About Docebo

Docebo creates software and support systems to assist businesses in training their employees and stakeholders. Its platform combines various learning methods, such as formal, social, and experiential learning, enhanced by artificial intelligence to make the learning experience more personalized and engaging. This approach sets Docebo apart from traditional learning management systems that focus solely on formal courses. The company primarily targets corporate clients across different industries, recognizing the growing need for effective training solutions in the corporate e-learning sector. Docebo operates on a Software-as-a-Service (SaaS) model, where clients subscribe to access its platform, allowing for flexible usage based on their needs. The company's goal is to provide a comprehensive learning platform that supports continuous employee development and adapts to the evolving demands of the workforce.

Toronto, CanadaHeadquarters
2005Year Founded
$5.6MTotal Funding
IPOCompany Stage
Enterprise Software, EducationIndustries
1,001-5,000Employees

Benefits

Paid Vacation
Employee Stock Purchase Plan
Hybrid Work Options
Remote Work Options

Risks

Dayforce's new LMS launch could increase competition in the e-learning market.
CFO transition might cause temporary instability in Docebo's financial management.
Warburg Pincus's share acquisition may lead to increased influence over company decisions.

Differentiation

Docebo integrates formal, social, and experiential learning methods, enhancing learning personalization.
The platform leverages advanced AI capabilities for dynamic and personalized learning experiences.
Docebo's SaaS model allows scalable and flexible learning solutions for corporate clients.

Upsides

Docebo's partnership with Class Technologies enhances virtual instructor-led training capabilities.
Recognition with nine Brandon Hall Awards reinforces Docebo's leadership in learning innovation.
The alliance with Deloitte supports building robust learning ecosystems for large organizations.

Related Jobs

Remote
Remote iconRemote

Regulatory & Security Compliance Analyst

Rain
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
El Dorado Hills
Remote iconRemote

Senior Vulnerability Manager

Keeper Security
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
Remote
Remote iconRemote

ATO Security Documentation Specialist

Effectual
Salary not specified
  • Employment type iconFull Time
  • Experience level iconMid-level (3 to 4 years)
United States
Remote iconRemote

Security Program Manager

OpenAI
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
San Antonio
Remote iconRemote

Actuary, Risk and Compliance

Humana
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
United States
Remote iconRemote

Compliance Analyst

Cresta
Salary not specified
  • Employment type iconFull Time
  • Experience level iconJunior (1 to 2 years)
Remote
Remote iconRemote

Security Operations Manager

Jobber
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
United States +1 more
Remote iconRemote

Information Security Manager

Geoforce
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)

Land your dream remote job 3x faster with AI

Try Jobo Free