FedRAMP Information Security Risk Analyst - Hybrid/Columbia MD
MD - Columbia - Headquarters
Full Time Mid-level / Intermediate USD 79K - 105K
Tenable
Tenable helps you find, prioritize & fix cyber risk, in the cloud and on-prem, using robust security, vulnerability management, and compliance tools.Who is Tenable?
Tenable® is the Exposure Management company. 44,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. Our global employees support 65 percent of the Fortune 500, 45 percent of the Global 2000, and large government agencies. Come be part of our journey!
What makes Tenable such a great place to work?
Ask a member of our team and they’ll answer, “Our people!” We work together to build and innovate best-in-class cybersecurity solutions for our customers; all while creating a culture of belonging, respect, and excellence where we can be our best selves. When you’re part of our #OneTenable team, you can expect to partner with some of the most talented and passionate people in the industry, and have the support and resources you need to do work that truly matters. We deliver results that exceed expectations and we win together!
Your Role:
Join our InfoSec team at Tenable as a hands-on (Mid) Risk and Compliance Analyst. Drive compliance and assurance efforts for our products and cloud services while assisting with external risk assessments, security assessments, and audits. Make a real impact on our organization's security and customer trust and come join us at Tenable!
Your Opportunity:
Serve as a company representative with prospects, customers, and partners for security questionnaires, assessments, and audits
Collaborate with Sales, Engineering, Information Security, IT, and Product Development teams to communicate compliance obligations and requirements
Complete Third-Party Risk Assessments (TPRM Program) for new and potential vendors/educate stakeholders on their responsibilities
Coordinate and participate in internal and external audit walkthroughs (ISO27k, SOC2, FedRAMP, Customer Audits, IRAP)
Help guide and perform remediation of issues identified during third-party assurance or internal reviews
Support special projects as needed, which may include:Assisting in the development and execution of the internal compliance program, involving preparation for audits, certifications, and risk assessments.
Assisting in the development, administration, and continuous monitoring of internal security controls.
What You'll Need :
US Citizenship
2+ years of experience in information security and vendor risk assessments based on industry standards.
2+ years of experience in responding to security assessments, SAQs, compliance requirements, etc
2+ years of experience with implementation, monitoring, and reporting of control processes, documentation, and remediation items
Experience working with the Federal Risk and Authorization Management Program (FedRAMP)
At least one relevant relevant security certifications (SSCP, Sec+, CISA, etc)
BS, BA in Information Technology, Computer Science, Information Security, or other related field
Be self-driven with the ability to work independently and comprehend all requirements
Strong communication skills and ability to collaborate effectively with all levels
Ability to adopt and utilize technology, with advanced proficiency in Excel, PowerPoint, and Vizio/Lucid.
And Ideally:
Knowledge of governance, risk and compliance frameworks (GRC)
Experience performing or undergoing internal and external audits
Analytical mindset with a rational, pragmatic, and realistic approach to security, risk, and compliance
Experience in a Big 4 or similar security consulting or risk assurance role
Experience as a FedRAMP assessor (3PAO) or advisor.
Experience with conducting audits, privacy, BC & DR Program Management
#LI-MM1
This is the base pay range for this position. Compensation for the role will depend on a number of factors, including the candidate's qualifications, skills, competencies, location and experience, and may fall outside of the range shown. Employees are also eligible for variable compensation in addition to base pay (commission for sales roles, bonus for non-sales roles), depending on company and individual performance. Tenable also offers a variety of comprehensive and competitive benefits which include: medical, dental, vision, disability and life insurance; 401(k) retirement savings with company match; an employee stock purchase plan; an employee referral program; flexible spending accounts; an Employee Assistance Program (EAP); education assistance; parental leave; paid time off (PTO); company-paid holidays; health and wellness events; and community programs.
US Pay Ranges$79,000—$105,000 USDIf you’ve reached this point, and you’re still not sure if you should apply…..Just do it! We’re human and we don’t fit a perfect mold. Having diverse backgrounds, experiences and perspectives, that’s a good thing! If you’re coming from outside of the cyber industry - great! If you’re looking to try something new - awesome! All we ask is you bring passion to all that you do, crave creativity and innovation, and embrace the hard work of gaining new skills and accepting big challenges.
We’re committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels. If you need a reasonable accommodation due to a disability during the application or recruiting process, please contact Recruiting@Tenable.com for further assistance.
Tenable Data Consent Statement
Tenable is committed to protecting the privacy and security of your personal data. This Notice describes how we collect and use your personal data during and after your working relationship with us, in accordance with the General Data Protection Regulation (“GDPR”). Please click here to review.
For California Residents: The California Consumer Privacy Act (CCPA) requires that Tenable advise you of certain rights related to the collection of your private information. Please click here to review.
Tags: Audits CCPA CISA Cloud Compliance Computer Science FedRAMP GDPR Governance ISO 27000 Monitoring Privacy Risk assessment Security assessment SOC 2 SSCP
Perks/benefits: 401(k) matching Career development Competitive pay Equity / stock options Flex hours Flex vacation Health care Insurance Medical leave Parental leave Salary bonus Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open Threat intelligence-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs