Security Compliance ConMon Specialist

PagerDuty is seeking a Security Compliance ConMon Specialist to join our diverse customer-focused team! As a Security Compliance ConMon Specialist you will report to the Senior Manager of Customer Trust & GRC partnering across the business to play a crucial role in ensuring ongoing compliance with the Federal Risk and Authorization Management (FedRAMP) and SOC 2 programs for PagerDuty. You will be responsible for monitoring assessing and reporting on the security posture of our cloud services ensuring adherence to established security controls and regulations. This is an exciting opportunity to support the development of our FedRAMP program and will play a key role in Customer Trust and Security Compliance. The ideal candidate will be a true team player demonstrate expertise with security compliance programs such as SOC 2 FedRAMP NIST etc. know how to establish security compliance best practices and possess great written and verbal communication skills.

KEY RESPONSIBILITIES

• Establish and operate a FedRAMP Vulnerability Management program including objectives goals and metrics.

• Serve as the primary author for updating maintaining and submitting the monthly FedRAMP Continuous Monitoring Package: Plan of Actions and Milestones (POA&M) Deviation Request Forms inventory workbook and supporting evidence for POA&M closures.

• Perform continuous monitoring activities in accordance with FedRAMP requirements to ensure ongoing compliance with 800-53 r5 security controls.

• Lead the development and improvement and scalability of processes procedures and documentation related to FedRAMP and SOC 2 compliance.

• Debrief external stakeholders on the monthly Continuous Monitoring Package including but not limited to Third-Party Assessment Organizations (3PAO) Federal Agencies and the FedRAMP Program Management Office.

• Participate and support FedRAMP assessment activities including Significant Change Requests (SCR) feature onboarding annual assessments and agency Authority to Operate (ATO) Reviews.

• Support customer trust programs including the Third-Party Risk Program and play to role of SME in external audits

• Supports information security risk assessments and compliance audits; directing the development and operational effectiveness of IT security controls.

• Review information security risk findings and non-compliance with business leaders and propose solutions to mitigate risks.

• Actively drives automation and the continuous improvement of team processes to ensure minimal SLAs for each process.

BASIC QUALIFICATIONS

• 3+ years of FedRAMP experience; 6 years of Security & Compliance experience in a tech/security environment leading at least one compliance program such as SOC 2 HITECH or similar.

• Experience establishing creating and managing audit workflows across multiple teams.

• Strong analytical and organizational skills with the ability to successfully manage multiple priorities and deadlines.

• Metrics driven with a strong bias towards action and getting stuff done.

• A focus on process improvement (automation single pane of glass continuous improvement).

PREFERRED QUALIFICATIONS

Deep understanding of relevant information security frameworks including FedRAMP NIST 800-53 Cybersecurity Maturity Model Certification (CMMC) and DoD Cloud Security Requirements Guide (SRG).

• Experience in managing a FedRAMP continuous monitoring program within a Software as a Service (SaaS) company.

Past experience in a FedRAMP assessment having participated either as an assessor or as a Cloud Service Provider (CSP) throughout the entire audit process from initiation to completion.

• Knowledgeable with FedRAMP requirements processes templates and guidance.

• Familiar with SaaS security tools (such as Sumo Logic Datadog Crowdstrike Wiz Snyk and Qualys). Familiarity with contemporary risk and issue management tools (such as JIRA Lucidchart UpGuard and Hyperproof).

• Proficient in utilizing Excel or Google Sheets to manipulate analyze and visualize vulnerability report data.

• Familiarity with Cloud Native and SaaS constructs including architectures DevOps CI/CD SecOps disciplines.

The base salary range for this position is 99000 - 160000 USD. This role may also be eligible for bonus commission equity and/or benefits.

Our base salary ranges are determined by role level and location. The range which is subject to change based on primary work location reflects the minimum and maximum base salary we expect to pay newly hired employees for the position. Within the range we determine pay for an individual based on a number of factors including market location job-related knowledge skills/competencies and experience.

Your recruiter can share more about the specific offerings for this role as well as the salary range for your primary work location during the hiring process.