Sr. Public Sector Compliance Specialist

About The Position

Requirements

• 5+ years of prior experience working as a GRC Analyst, Security Compliance Analyst/Manager, Compliance Specialist, or in an ISSO/ISSM-equivalent role in a similar industry.
• Must have US government (i.e. FedRAMP, FISMA, CMMC, etc) or US Public Sector compliance experience; experience supporting DoD and SLED environments is a plus.
• Strong knowledge of information security principles, practices, and technologies, including risk management and control-based compliance.
• Experience contributing to the delivery or oversight of complex compliance programs, products, or platforms, preferably in a cloud or hybrid environment.
• Experience implementing, evaluating, and assessing cybersecurity and compliance controls, including frameworks such as FedRAMP, NIST SP 800-53, and DISA SRGs/STIGs.
• Demonstrated ability to build and manage collaborative relationships with a diverse set of stakeholders across engineering, security, product, and compliance teams.
• Familiarity with modern cloud technologies and architectures (e.g., AWS, Azure, GCP, SaaS platforms).
• Must reside in the United States, be a U.S. Citizen, and have the ability to obtain a government clearance if required.

Nice To Haves

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are a plus

Responsibilities

• Ensure the program’s security and operations are in support of SentinelOne, Public Sector cybersecurity, and FedRAMP program policy.
• Assist in the maintenance and oversight of security controls to ensure compliance with FedRAMP and other relevant Public Sector security frameworks.
• Conduct regular assessments and audits to verify the effectiveness of security controls.
• Work with the teams to set and meet quality standards for vulnerability management deliverables.
• Support the identification, assessment, and management of security risks associated with the information systems.
• Works with other SentinelOne stakeholder organizations (engineering, site reliability engineering, and FedRAMP product management) to maintain and support our Public Sector environments in a compliant manner.
• Create and maintain accurate and up-to-date security documentation, including security plans, risk assessments, Plan of Actions & Milestones (POA&M), and authorization packages.
• Support the Change Control Board (CCB) by reviewing system changes for compliance implications.
• Ensures quality of all Continuous Monitoring (ConMon) deliverables and timely submission to approved repositories for FedRAMP PMO and customer review.
• Supports the execution and completion of FedRAMP annual assessments, including analysis and remediation of findings, support gathering/management of audit evidence, and finalization of Security Package documentation such as System Security Plan (SSP), Policies/Procedures, Security Assessment Plan (SAP), Risk Exposure Table (RET), and Security Assessment Report (SAR).
• Keeping abreast of changes performed on Federal systems and providing notice of changes to FedRAMP and customers via the Significant Change Request (SCR) process.
• Maintains and executes compliance related activities for public sector offerings, including user onboarding/offboarding, customer eligibility validation, regulated package access requests, and performing internal compliance audits.
• Support and foster collaboration among stakeholders Collaborate with system administrators, developers, engineers, product owners, and other stakeholders to integrate security measures into the system development life cycle.
• Provide support during security incidents, including investigation, documentation, and reporting.
• Identify areas of concern and provide recommendations for mitigations and/or remediation.
• Continuous learning and growth Stay on top of new technologies and how they can be used to help enhance the overall security posture of our offerings.
• Stay current on industry best practices, emerging threats, and changes in security regulations.
• Continually seek out new tools that could improve the way we work.

Benefits

• Medical
• Vision
• Dental
• 401(k)
• Commuter
• Health and Dependent FSA
• Unlimited PTO
• Industry-leading gender-neutral parental leave
• Paid Company Holidays
• Paid Sick Time
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Cell phone reimbursement
• Numerous company-sponsored events, including regular happy hours and team-building events