Federal Governance and Compliance Security Analyst
Remote
Full Time Entry-level / Junior USD 115K - 130K
Diligent Corporation
Diligent, a modern governance company, is the only comprehensive governance software provider featuring tools to improve and simplify modern day governance.About Us
Diligent is the global leader in modern governance, providing SaaS solutions across governance, risk, compliance, audit and ESG. Empowering more than 1 million users and 700,000 board members and leaders with a holistic view of their organization’s GRC practices so they can make better decisions, faster. No matter the challenge.
At Diligent, you are an agent of positive change. You are joining a team of passionate, smart, creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place. Be a part of a global community on a mission to make a real impact.
Learn more at diligent.com.
Position Overview:
We are seeking a Federal Governance & Compliance Analyst to join our team. The candidate will be responsible for managing the POAM (Plan of Actions and Milestones) process, working with DoD and Federal Civilian agencies, analyzing vulnerability, application, web, and database scans for multiple environments, and providing support for compliance with the FedRAMP program. The candidate should have experience in building and maintaining network architecture diagrams, data flow diagrams, System Security Plans, Ports, Protocols, and Services Management (PPSM) documentation. The role requires knowledge of NIST Risk Management Framework (RMF), FedRAMP High, Moderate, and DoD CC-SRG (IL-4,5,6) baselines. Familiarity with StateRAMP and TX-RAMP is also a plus. This is a full-time position in Diligent’s Cybersecurity organization reporting to the Director of Governance and Compliance. The candidate will work with experienced professionals in the field of compliance and security. If you have a passion for security, compliance, and problem-solving, we encourage you to apply for this exciting opportunity.
Key Responsibilities:
- Manage the POAM process, including creating, tracking, and reporting on POAM items
- Work with DoD and Federal Civilian agencies to address security concerns and ensure compliance with FedRAMP requirements
- Analyse vulnerability scans to identify security risks and recommend remediation actions
- Provide support for compliance with FedRAMP program requirements, including conducting security assessments and preparing security documentation
- Maintain and update a System Security Plan
- Collect and maintain artifacts used and needed for FedRAMP/IL-5 annual assessment
- Collaborate with third-party assessment organization (3PAO) for assessments
- Stay up-to-date on changes to regulations and standards related to federal compliance and security
- Work cross-functionally with engineering, product, advisory, legal, and sales teams to provide customer and stakeholder support
Required Experience/Skills:
- Bachelor’s degree in Computer Science, Information Security or related field or equivalent experience
- 2+ years experience in federal compliance and governance, including experience with FedRAMP, NIST, FISMA and other relevant regulations and standards
- Knowledge of how to maintain and update an SSP (System Security Plan)
- Foundational knowledge of DoD CC-SRG
- Familiarity with AWS GovCloud environment and its related services
- Experience in using scanning solutions to gather and review container, database, web application and other vulnerability scans.
- Project management skills, including experience with Jira and Service Now ticketing systems or similar
- Strong analytical and problem-solving skills
- Excellent verbal and written communication skills
- Ability to work collaboratively in a team environment
- Must be able to obtain and maintain a government background/suitability determination to work within an AWS GovCloud environment and with DoD and other federal agencies as required
Preferred Experience/Skills
- Experience within the Federal government as a compliance analyst, GRC analyst, Cloud Security Analyst, ISSO, IT Auditor or similar is preferred
- Relevant certifications in compliance, audit, cloud security, or related field (e.g. CISSP, CISM CISA, etc.)
- Experience with regulatory compliance and information security management frameworks (MITRE, NIST CSF, etc.)
FLSA Status: Exempt
U.S pay range $115,000—$130,000 USDWhat Diligent Offers You
- Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
- We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
- We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
- Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., Baltimore, London, Galway, Budapest, Vancouver, Bengaluru, Munich, and Sydney.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com.
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.
Tags: AWS C CISA CISM CISSP Cloud Compliance Computer Science DoD FedRAMP FISMA Governance Jira NIST Risk management RMF SaaS Security assessment System Security Plan Vulnerability scans
Perks/benefits: Career development Flex hours Flex vacation Health care Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open IT Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs