The Distinguished Security Engineer will report to Information Security leadership and lead various Technical and Governance, Risk and Compliance (GRC) efforts related to the FedRAMP Program.
The candidate will execute, scale, and continuously evolve the InfoSec and GRC functions to maximize impact and oversight across the organization.
The role requires managing projects in an Agile environment and familiarity with policy and compliance requirements, including policy documentation and system requirements for audits.
Responsibilities include leading Saviynt’s FedRAMP Info Sec and Compliance activities, taking the company through FedRAMP certification and re-certification, and developing System Security Plans (SSP).
The engineer will drive FedRAMP audit work, lead monthly ConMon discussions, and review security documentation such as audit reports and gap analysis reports.
The position involves serving as the Governance point of contact, identifying governance or compliance requirements, assessing risks, and reviewing required forms.
The engineer will collaborate with cross-functional teams to establish InfoSec requirements and expectations, ensuring compliance checks provide assurance for implemented controls.
The role includes executing various compliance assessments, drafting and updating key security documentation, automating GRC inefficiencies, and performing vulnerability scanning.
The candidate will support customer requests related to compliance queries and develop and update policies, standards, and procedures.
Responsibilities also include establishing risk management activities, maintaining metrics for GRC posture, and conducting risk assessments.
Requirements:
Applicants must be U.S. citizens and possess a Bachelor's degree or equivalent experience with a minimum of 15 years in the field.
Knowledge of U.S. Federal Government security compliance, risk management processes, and requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls, is required.
Experience with GRC tools and automation, common controls framework, and current trends/technologies such as Zero Trust and AI/ML is a plus.
The candidate should have experience with vulnerability scanning, remediation, and continuous monitoring, as well as managing Agile projects.
Strong written and oral communication skills are necessary, along with experience in developing executive-level presentations and assessing project documentation for compliance.
The candidate must have a sufficient technical background to interpret audit and compliance requirements and support evidence gathering for audits.
Experience supervising or managing an Agile project team, working on multiple projects concurrently, and defining project scope and objectives is essential.
Knowledge of local legal and regulatory security requirements, including HIPAA, FedRAMP, and GDPR/privacy, is required.
The candidate must be flexible, collaborative, and possess strong stakeholder and relationship management skills.
Benefits:
Saviynt offers a high-growth, dynamic work environment focused on Identity Authority, providing tremendous growth and learning opportunities.
Employees will experience challenging yet rewarding work that directly impacts customers within a welcoming and positive work environment.
The company is committed to equal opportunity employment, welcoming all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
