Back to all jobs

Senior Information Systems Security Officer, FedRamp

Tanium Inc.

Jul 12

The Basics:

As the Senior ISSO, you will be the focal point for all FedRAMP internal and external parties, drive high-level process related to continuous improvement of FedRAMP requirements and anything else that bolsters or support the compliance aspects of Tanium’s FedRAMP program.

The ideal candidate must demonstrate in-depth knowledge and experience in cloud security controls implementation, compliance auditing, accreditation/certification (especially FedRAMP) and creation of risk management frameworks involved therein in order to define needs and goals, and guide continual improvement approaches. They should demonstrate command of or acute familiarity with the CSAs Cloud Controls Matrix, with NIST 800-53 / 800-171, with the ISO 27000 series and with FedRAMP pursuit. The Senior ISSO will be accountable for ensuring that business operations are effectively and consistently in compliance with Tanium’s information and cloud security practices.

What you'll do:

  • FedRAMP Security Audit Management:
    • Manage the relationships and execution of all processes related to internal and external audit
    • Act as a key initiative driver and SME in in Tanium’s pursuit of FedRAMP Authorization
    • Assess and review new vendors for optimal controls implementation and compliance
  • FedRAMP Information Risk Reporting:
    • Play the lead role in ongoing reporting requirements
    • Communicate results of findings
    • Make recommendations for improvement through concise, high quality reports
  • FedRAMP Security Assurance Program Development:
    • Integrate the tracking of the FedRAMP Compliance Framework with the requirements of emerging Customer-Facing Cloud Infrastructure Frameworks at Tanium
    • Write and revise Tanium’s System Security Plans (SSP), Plan of Actions & Milestones (POA&Ms), policies, standards, procedures, guidelines and other documentation based on Tanium’s business needs
    • Seek opportunities for continuous improvement of risk assessment and compliance practices to drive efficiency
  • Act as a consultant to the business. Develop and maintain expertise, acting as a Subject Matter Expert (SME) in the fields of risk and audit management.

We’re looking for someone with:

  • Education
    • Bachelor's Degree in Computer Science, Engineering, IT, InfoSec or other relevant degree or equivalent work experience
  • Experience
    • 5-7 years business/technical/information security/risk compliance experience
    • Experience in information security risk analysis, auditing, compliance, policies, and overall governance and communication
    • Knowledge of hybrid IT systems, networking, and cloud environments (AWS, Google, etc.)
    • Demonstrated success implementing and Information Security control frameworks and standards such as ITIL, CIS Top 20, SOC 2, GDPR, NIST CSF / 800-53, FISMA, and FedRAMP
    • Strong knowledge of audit and risk management methodologies, such as COBIT, NIST 800-37/800-30, FAIR
    • Experience with GRC, IAM, and risk management tools and solution
    • Experience with information security tools and solutions.
  • Certifications
    • CISA, CRISC, GIAC, CISM, or CISSP certifications

About Tanium 

Tanium offers an endpoint management and security platform built for the world’s most demanding IT environments. Many of the world’s largest and most sophisticated organizations —  including nearly half of the Fortune 100, top retailers and financial institutions, and multiple branches of the U.S. Armed Forces — rely on Tanium to make confident decisions, operate efficiently, and remain resilient against disruption. Tanium has been named to the Forbes Cloud 100 list of “Top 100 Private Companies in Cloud Computing” for five consecutive years and ranks 4th on FORTUNE’s list of the “Best Workplaces in Technology 2020.” 

On a mission. Together. 

At Tanium, we are stewards of a culture that emphasizes the importance of collaboration, respect, and diversity. In our pursuit of revolutionizing the way some of the largest enterprises and governments in the world solve their most difficult IT challenges, we are strengthened by our unique perspectives and by our collective actions.   

We are an organization with stakeholders around the world and it’s imperative that the diversity of our customers and communities is reflected internally in our team members. We strive to create a diverse and inclusive environment where everyone feels they have opportunities to succeed and grow because we know that only together can we do great things. 

Taking care of our team members 

Each of our team members has 5 days set aside as volunteer time off (VTO) to contribute to the communities they live in and give back to the causes they care about most.