Remote Distinguished Security Engineer – FedRAMP

Description:

• The Distinguished Security Engineer will report to Information Security leadership and lead various Technical and Governance, Risk and Compliance (GRC) efforts related to the FedRAMP Program.
• The candidate will execute, scale, and continuously evolve the InfoSec and GRC functions to maximize impact and oversight across the organization.
• The role requires managing projects in an Agile environment and familiarity with policy and compliance requirements, including policy documentation and system requirements for audits.
• Responsibilities include leading Saviynt’s FedRAMP Info Sec and Compliance activities, taking the company through FedRAMP certification and re-certification, and developing System Security Plans (SSP).
• The engineer will drive FedRAMP audit work, lead monthly ConMon discussions, and review security documentation such as audit reports and gap analysis reports.
• The position involves serving as the Governance point of contact, identifying governance or compliance requirements, assessing risks, and reviewing required forms.
• The engineer will collaborate with cross-functional teams to establish InfoSec requirements and expectations, ensuring compliance checks provide assurance for implemented controls.
• The role includes executing various compliance assessments, drafting and updating key security documentation, automating GRC inefficiencies, and performing vulnerability scanning.
• The candidate will support customer requests related to compliance queries and develop and update policies, standards, and procedures.
• Responsibilities also include establishing risk management activities, maintaining metrics for GRC posture, and conducting risk assessments.

Requirements:

• Applicants must be U.S. citizens and possess a Bachelor's degree or equivalent experience with a minimum of 15 years in the field.
• Knowledge of U.S. Federal Government security compliance, risk management processes, and requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls, is required.
• Experience with GRC tools and automation, common controls framework, and current trends/technologies such as Zero Trust and AI/ML is a plus.
• The candidate should have experience with vulnerability scanning, remediation, and continuous monitoring, as well as managing Agile projects.
• Strong written and oral communication skills are necessary, along with experience in developing executive-level presentations and assessing project documentation for compliance.
• The candidate must have a sufficient technical background to interpret audit and compliance requirements and support evidence gathering for audits.
• Experience supervising or managing an Agile project team, working on multiple projects concurrently, and defining project scope and objectives is essential.
• Knowledge of local legal and regulatory security requirements, including HIPAA, FedRAMP, and GDPR/privacy, is required.
• The candidate must be flexible, collaborative, and possess strong stakeholder and relationship management skills.

Benefits:

• Saviynt offers a high-growth, dynamic work environment focused on Identity Authority, providing tremendous growth and learning opportunities.
• Employees will experience challenging yet rewarding work that directly impacts customers within a welcoming and positive work environment.
• The company is committed to equal opportunity employment, welcoming all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.