FedRAMP Governance Risk Compliance Analyst

Vasion is looking for a Governance, Risk, and Compliance Analyst that exemplifies our core values and wants to be part of our growing team. We are committed to making digital transformation attainable to everyone by building an affordable, integrated SaaS solution that simplifies business processes. Vasion offers a flexible working environment for our 300+ employees worldwide, including at our global headquarters in St. George, Utah, or in one of our other offices in the UK, Germany, and Lehi, Utah.

POSITION SUMMARY

As a Governance, Risk, and Compliance Analyst with a specialization in FedRAMP (Federal Risk and Authorization Management Program), you will play a critical role in ensuring the security and compliance of our organization's information systems and cloud services, particularly when dealing with federal government clients. You will be responsible for implementing, maintaining, and enhancing security measures and controls to meet and exceed FedRAMP requirements. Your expertise in FedRAMP will be instrumental in safeguarding sensitive data, ensuring confidentiality, integrity, and availability, and facilitating the successful authorization of cloud services for federal government use.

KEY RESPONSIBILITIES

• Lead efforts to achieve and maintain FedRAMP compliance for the organization's cloud services. This includes conducting security assessments, documenting security controls, and ensuring adherence to FedRAMP standards throughout the system's lifecycle.
• Participate in comprehensive security assessments and audits to identify vulnerabilities, threats, and risks within the organization's information systems. Develop and execute test plans, assess security controls, and provide remediation recommendations to the Product and Engineering teams. .
• Collaborate with cross-functional teams to design and implement secure architecture solutions for cloud-based systems that align with FedRAMP requirements and industry best practices.
• Continuously monitor and evaluate security risks, both internal and external, and develop strategies to mitigate them. This includes conducting risk assessments, threat modeling, and vulnerability management.
• Prepare detailed security documentation required for FedRAMP authorization, including Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Continuous Monitoring Plans (CMPs). Maintain accurate records and reports related to security assessments.
• Develop and implement incident response plans and procedures, ensuring a swift and effective response to security incidents or breaches. Coordinate incident investigations, containment, and recovery efforts as needed.
• Educate and train employees, contractors, and stakeholders on security best practices and FedRAMP compliance requirements. Foster a culture of security awareness and accountability.
• Evaluate and assess the security posture of third-party vendors and cloud service providers to ensure they meet FedRAMP standards and align with organizational security policies.
• Stay updated on emerging security technologies, tools, and trends. Recommend and implement security solutions that enhance the organization's security posture.
• Prepare for and participate in external audits and assessments related to FedRAMP compliance. Address audit findings and ensure timely resolution.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification is a plus.
• Experience (2-4 years) in information security, with a focus on compliance and regulatory requirements, particularly FedRAMP.
• Demonstrable expertise with FedRAMP requirements, guidelines, and the authorization process
• Proven experience in cloud security, risk management, and conducting security assessments
• Strong communication skills with the ability to effectively liaise with both technical and non-technical stakeholders
• Proven experience in delivering effective training sessions on complex security subjects to a diverse audience
• In-depth knowledge of incident response protocols and remediation techniques
• Ability to think strategically and act decisively in high-pressure situations
• Must live in the United States
• Prior experience working as an ISSO in a similar industry
• Familiarity with advanced cloud technologies and architectures
• Ability to manage multiple high-priority tasks simultaneously
• Proven leadership and team-building skills

Benefits

• Flexible work environment
• Discretionary Vacation bonus
• Flexible paid time off
• Paid parental leave
• Competitive pay
• A full suite of traditional benefits
• Training/Advancement opportunities
• 401k with company-match
• Mental Health Wellness Support
• Financial wellness education
• Company-contributed HSA
• Headquarter perks include gym, pickleball, snacks & drinks, arcade, theater room, monthly All Hands lunch, etc.
• Lehi, Utah office perks include gym access, snacks & drinks, monthly All Hands lunch

Our Core Values

• Vasion looks for people who will exemplify its core values and are driven to become:
• Action Owners (Extreme Ownership by Jocko Willink and Leif Babin)
• Candor Seekers (Radical Candor by Kim Scott)
• Relationship Builders (Leadership and Self-deception by The Arbinger Institute)
• Storytelling (Building a StoryBrand: Clarify Your Message So Customers Will Listen by Donald Miller)

More About Vasion

Visit https://www.vasion.com and https://vasion.com/careers/

Additional Information

Vasion is an equal opportunity employer. We evaluate qualified applicants without regard to race, age, color, religion, sex, national origin, disability, veteran status, gender identity, sexual orientation, and other legally protected characteristics.