Federal Compliance Expert (Remote in the East Coast)
CyberArk, the global leader in privileged access management, helps organizations transform their business through improved security and reduced risk. As a trusted partner for thousands of companies around the world, CyberArk consistently sets the bar – driving innovation and helping our customers stay one step ahead of attackers.
We’re looking for an experienced and passionate Federal Product compliance expert, to help drive organization wide Federal compliance and risks processes such as Risk Assessment, Mitigation Planning, Compliance with Federal security standards, Audit preparation and execution.
As part of this role, you will develop, implement, and maintain policies, guidelines, and procedures to ensure compliance with applicable certifications, regulations, standards, and risk management practices.
In addition, you will support and advise internal R&D groups on the evaluation and development of effective compliance internal controls, monitoring, testing, issues management, program governance, and process improvements.
The ideal candidate will have in-depth knowledge of FedRAMP security policies, standards, guidelines, and industry best practices as well as a good understanding of the government certification and accreditation processes.
- Conduct gap analysis and risk assessments and ensure that gap analysis findings are addressed.
- Ensure compliance program is effective and efficient in identifying, preventing, and correcting non-compliance of internal policies with Federal regulatory requirements.
- Develop, implement, and track technical risk control/mitigation plans with Dev teams, IT groups and infrastructure teams.
- Compose and assist in writing compliance policies and procedures.
- Perform on-going internal & external, hands-on technical and procedural security audits (“ConMon”).
- Create and execute effective action plans in response to audit findings and compliance violations.
- Monitor Federal controls’ implementation throughout the organization.
- Oversee third-party examinations and audits, help in developing periodic reporting as part of the POA&M.
- Respond to Federal compliance related inquiries, RFP questions and risk assessments inquiries in a business-driven approach and a prompt response time.
- Drive Federal compliance controls’ efficiency improvements.
- Provide guidance on Federal compliance matters including the development and oversight of compliance training programs.
- Remain up to date on Federal and State certification updates, regulatory developments, policies and relevant laws that may be relevant to the business.
- Comprehensive experience of FedRAMP, NIST base controls, internal control processes, as well as experience overseeing internal and external audits.
- 3+ years of experience in Federal security compliance governance, with many years’ experience in the software industry.
- Significant hands-on experience with developing, implementing and maintaining written policies and procedures, testing and risk assessment programs.
- Familiar with security vulnerabilities, mitigation planning, trends, tools and practices.
- Ability to understand complex security requirements, technical documents and compliance policies and translate them into actionable items.
- Experience in working with customers and 3rd parties such as consultants and assessors.
- Experience with cloud security compliance and risks.
- Experience working in a dynamic, global company.
Background and experience with infrastructure and Application security (R&D an advantage).
- Federal Assessors or Auditors Consulting firm experience is nice to have
- Ability to multi-task and change direction/priorities quickly.
- Ability to motivate and work in a matrix management structure.
A true team player and easy to collaborate with.
- Excellent communications skills, with emphasis on written communication.
- A true proactive and “can do” approach.
- High ethical standards and moral code.
- Bachelor’s degree in law, Engineering, business management or a related field.
- Professional certifications(s) such as Certified Regulatory Compliance Manager (CRCM), Certified Risk Professional (CRP) and PMP (Project Management Professional) are a plus.
- Professional designation in IT Security or compliance such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or Certified Information Security Professional (CISSP) – can also contribute.
- Willingness to travel Post Pandemic
CyberArk is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.
Recruiting agencies or vendors without a valid agreement between the parties are not authorized to (a) send CyberArk unsolicited resumes or candidate data or (b) contact CyberArk employees for the purposes of presenting candidates for employment. CyberArk will only work with recruiting agencies who have a valid agreement with CyberArk and that are specifically invited by CyberArk’s recruiting team to assist with searching for and submitting candidates for a specific position. Any unsolicited resumes or other candidate data submitted to CyberArk will not be accepted and shall be considered CyberArk’s property. CyberArk will not pay any placement or other fees of any kind for any unsolicited resumes or candidate data that is submitted in violation of this policy. CyberArk does not accept liability under any legal theory such as course of conduct, oral agreements, implied contracts, or otherwise based on negotiations with a candidate identified from an unsolicited resume or data in violation of this policy.
COVID-19 vaccination is a condition of employment at CyberArk, subject to reasonable accommodation where required by law.