What we're looking for...
The Information System Security Officer (ISSO) is responsible for the success of the FedRAMP Authorization program at ScienceLogic. The ISSO will be responsible for ensuring execution of the initiatives within the FedRAMP roadmap and will work closely with Product Management, Engineering and SaaS Operations Leads to accomplish the required objectives.
What you'll be doing...
- Be the single point of contact for all things FedRAMP at ScienceLogic, owning the FedRAMP Authorization program.
- Own the relationships and act as the interface with the 3PAO, sponsoring agency, contract ATO solution vendor, as well as the FedRAMP PMO.
- Lead the planning, scheduling, and preliminary analysis for all development requirements, as well as internal and external audits.
- Properly identify, remediate, communicate, or escalate technical and program risks.
- Aid the stakeholders in managing technical and program changes.
- Gather and report both program and technical metrics.
- Partner with Product Management, Engineering and Operations managers on program contributors’ accountability, and priorities.
- Stakeholder management outside of product teams including Security, IT, Operations, Customer Support, Business Applications, Legal, Sales, HR, and Finance.
- Ability to assess, customize, and use current program and compliance technologies.
- Define, execute, and manage the FedRAMP Baseline (BL) and Impact Level (IL) development roadmap, including identifying, communicating, and escalating program risks.
- Partner with Engineering, IT, and other teams to develop a sustainable and scalable FedRAMP environment and program.
- Coordinate and facilitate the relationships with the 3PAO, sponsoring agency/JAB, and FedRAMP PMO.
- Manage security assessments, creation of the Plan of Action & Milestones (POA&M), and ongoing Continuous Monitoring (ConMon) requirements.
- Collaborate with process owners and subject matter experts to influence prioritization of projects and solutions to reduce risk and improve compliance.
- Establish, maintain, and influence program stakeholder relationships, expectations, and communications.
- Review new product features and designs and provide guidance on requirements and standards including NIST 800-53, NIST 800-171, DoD ILs, and FedRAMP BL requirements.
Qualities you possess...
- FedRAMP experience, including successful completion of products through FedRAMP certification.
- Soft skills including the ability to gain the trust of stakeholders and senior management and negotiate priorities with outside teams.
- Working knowledge of the software development life cycle (SDLC) for SaaS applications.
- Excellent verbal and written communication skills.
- Strong analytical and problem-solving skills.
- Inspired by bringing cross-functional teams together to accomplish program objectives.
- US Citizenship.
- Bachelor’s degree.
- Experience with with the FedRAMP Authorization program; experience must strong knowledge in all phases of preparing and reviewing complete ATO packages for FedRAMP authorization.
- Experience with FedRAMP, NIST 800-53, FISMA, DoD ILs, DISA Security Requirements Guide, etc.
- Experience with continuous monitoring, third-party assessments, and audit management.
- Experience with vulnerability management and helping prioritize security related work.
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance related concepts to a broad range of technical and non-technical staff.
- Excellent organizational and program management skills.
- Experience leading massive, cross-functional programs with the ability to influence priorities and deliver on commitments.
- Experience with program / project management tools and dashboards.
- CISA, CISSP, CCSP, CCSK or other related certifications preferred.
Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At ScienceLogic, we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.
About ScienceLogic
We empower intelligent and automated IT operations.The ScienceLogic SL1 platform enables companies to digitally transform themselves by removing the difficulty of managing complex, distributed IT services. We use patented discovery techniques to find everything in your IT environment, so you get visibility across all technologies and vendors running anywhere in your data centers or cloudswww.sciencelogic.comAll ScienceLogic employees have the responsibility to protect information assets, adhere to access controls, report suspicious activity, and comply with security and privacy policies.#LI-Remote