Security GRC Lead

About The Position

Requirements

• 3-5+ years, FedRAMP industry experience.
• Project/Program management experience for 3+ years at a software company.
• Experience working with Government Cloud environments such as AWS, Azure, GCP (SaaS, IaaS, PaaS etc)
• Relevant experience in corporate security management and security governance framework control assessment
• Broad experience with SOX, SOC2, ISO 27001, PCI DSS, HIPAA, and public sector certifications such as FedRAMP, UK Cyber Essentials, IRAP.
• Identify opportunities to reduce risk of the Informatica's security posture and escalate issues to management and where required.
• Experience with internal security and business groups to ensure compliance with Informatica's policies, internal and external regulatory requirements, government regulations and security best practices.
• Experience creating and generating status and metrics report that can provide meaningful context to guide informed decisions
• Experience working closely with R&D, Product, DevSecOps, and other technical teams.

Nice To Haves

• Desired certifications & Trainings: CISSP, CRISC, CISA, CISM, or related GIAC

Responsibilities

• Manage the relationships with external auditors (including our 3PAO), sponsoring agencies, and FedRAMP PMO.
• Maintain the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and the overall authorization package.
• Collaborate with a cross-functional team operating the FedRAMP controls, working to build strong relationships and internal processes that lead to shared positive outcomes
• Drive Continuous Monitoring efforts as part of FedRAMP and other standards.
• Provide subject-matter expertise on all public sector requirements (including FedRAMP) with R&D, sales & marketing, and customers.
• Conduct internal assessments to prepare partners for external audits, including creating and providing audit training and support.
• Ensure any risk/gap findings are documented and addressed with appropriate action following FedRAMP regulatory standards
• Lead the planning, scheduling and preliminary analysis for all annual 3PAO external audits.
• Work with product managers to migrate their cloud products onto the FedRAMP environment.
• Direct project and program management efforts working with cross functional teams, to drive to outcomes and iterative improvements.
• Work closely with other team leads and task owners including R&D, commercial legal, sales, product/enterprise teams, and privacy legal.
• Other responsibilities, as assigned.

Benefits

• time off programs
• medical
• dental
• vision
• mental health support
• paid parental leave
• life and disability insurance
• 401(k)
• employee stock purchasing program