FedRAMP Technical Services Specialist

A career in IBM Software means you’ll be part of a team that transforms our customer’s challenges into solutions.

Seeking new possibilities and always staying curious we are a team dedicated to creating the world’s leading AI-powered cloud-native software solutions for our customers. Our renowned legacy creates endless global opportunities for our IBMers so the door is always open for those who want to grow their career.

IBM’s product and technology landscape includes Research Software and Infrastructure. Entering this domain positions you at the heart of IBM where growth and innovation thrive.

IBM's FedRAMP Technical Services Department is looking for a skilled and experienced FedRAMP Technical Services Specialist to join our team. Reporting directly to the FedRAMP Program Director this individual will play a pivotal role in overseeing technical change management processes across multiple FedRAMP-authorized services and boundaries.

In this role you will ensure that all changes are rigorously assessed for risk align with NIST 800-53 security controls and maintain the highest standards of compliance within IBM's FedRAMP environment. You will be responsible for the management of significant change processes and will serve as the organization's Subject Matter Expert (SME) for significant change process management.

Responsibilities:

• Risk Assessment for Proposed Changes: Conduct comprehensive evaluations of proposed technical changes to identify potential risks associated with FedRAMP-compliant environments ensuring alignment with NIST 800-53 security controls and FedRAMP's stringent requirements.
• Impact Analysis on NIST 800-53 Controls: Identify and analyze how proposed technical changes might affect relevant NIST 800-53 security controls maintaining a  thorough understanding of the interdependencies within IBM's FedRAMP systems.
• Change Authorization Board (CAB) Participation: Actively engage in CAB meetings providing insights on the technical feasibility and risk implications of proposed changes to facilitate informed decision-making processes regarding change approvals.
• Cross-Functional Collaboration: Work closely with various cross-functional teams including IT security development operations and vulnerability management to ensure seamless integration of technical changes while adhering to FedRAMP standards.
• Vulnerability Management Collaboration: Partner with the vulnerability management team to identify high-risk elements within IBM's systems offering technical review for vulnerability remediation strategies that align with FedRAMP requirements around vendor dependencies and risk adjustment validation and verification.
• Documentation & Reporting: Maintain detailed records of change assessments associated risks and mitigation strategies generating regular reports for internal audits management oversight and stakeholder communication purposes.
• Subject Matter Expertise for Significant Change Process: Serve as the organization's Subject Matter Expert (SME) for significant change process management ensuring adherence to relevant FedRAMP controls and internal policies.
• Stakeholder Communication: Effectively communicate complex technical changes their inherent risks and implemented risk mitigations to diverse audiences including senior leadership project teams and external authorities where necessary ensuring transparency and compliance understanding.
• Continuous Improvement & Compliance Monitoring: Stay abreast of evolving FedRAMP requirements and industry best practices driving continuous improvement in change management processes while upholding rigorous compliance standards across multiple services and FedRAMP boundaries.
• Mentoring & Training: Provide guidance and training to junior staff members on effective technical change management practices within a FedRAMP context fostering a culture of robust security and operational excellence.

• Strong knowledge of FedRAMP NIST 800-53 and other relevant federal security standards.
• 5+ years of experience in an IT/cybersecurity environment with a focus on FedRAMP/NIST800-53.
• 4+ years of proven experience in IT or cybersecurity implementing technical changes within a regulated environment.
• Strong understanding of risk assessment methodologies and techniques.
• Ability to maintain confidentiality and handle sensitive information with discretion
• Self-motivated detail-oriented and able to work independently or collaboratively in a fast-paced environment.

• Familiarity with Agile/Scrum methodologies.
• Relevant AWS certifications (AWS Solutions Architect AWS Security Specialty AWS Advanced Networking).
• Relevant cybersecurity certifications (CC CISSPCCSP CEH).