Principal Manager, Public Sector Risk & Compliance at Apptio in Remote
Job Description Overview You:
You are a FedRAMP expert with extensive experience providing certified Cloud SaaS services to a demanding set of US Federal government and other world government agencies. You are proficient with other Public Sector certifications such as US DoD IL2/IL4 and Australia IRAP. The Manager, Public Sector Risk & Compliance position is responsible for achieving, maintaining, and expanding Apptio's Public Sector certifications to meet ever-increasing regulatory requirements in support of our aggressive growth and market expansion goals. This is an opportunity to leverage your technical and business skills to have a global impact in the dynamic and competitive Technology Business Management market which Apptio has established, and for which it is the undisputed leader. This position will report to the Director, Global Security & Governance. You will work closely with product and engineering teams, data center operations personnel, external consultants and assessors, and most importantly work with prospective and existing government agency customers in defining the appropriate policies, architectures, technologies, and practices to provide protection for our clients' information assets. This role provides a unique opportunity to interact directly broadly with Apptio teams and outside organizations to support business critical sales initiatives and to ensure ongoing customer satisfaction. Us:
Our team has broad responsibility for security and compliance across Apptio services and business units worldwide. We are highly motivated and dynamic individuals woven into a collaborative team where teamwork and flexibility are critical to our success. As an organization, Apptio has a very strong culture; it is open, transparent, and very customer focused. Leaders in the organization consistently showcase the following key attributes and look to build teams that embrace these qualities every day:
Growth Mindset Dealing with ambiguity and change Take ownership and has accountability Customer-focused Foster an inclusive environment Responsibilities What we want you to do:
Apptio is seeking a manager to drive the planning, implementation, governance, and maintenance of our FedRAMP and related programs such as IRAP. This individual will provide hands-on team and program leadership and be instrumental in all aspects of the certification lifecycle, acting as the primary point of contact for all things Public Sector related. As Manager, Public Sector Risk & Compliance, you will work closely with product management, development, and operations teams, to ensure that plans and required documentation are in place, appropriate resources are assigned, and provide insight into program status. This role requires you to work cross-functionally and you will be instrumental in all aspects of the FedRAMP lifecycle from the inception to the ongoing Continuous Monitoring of our FedRAMP compliance. You should understand the required SSP and related documents necessary to submit for pursuit of ATO, understand the role of 3PAO agency/auditors, and have previously been involved in the submission of a request for either a JAB P-ATO or Agency ATO. You should understand the difference in the FedRAMP and DOD/DISA impact levels, including Moderate/High and IL-2/IL-4. We are seeking a candidate who is self-motivated and enjoys problem-solving. Additional responsibilities include:
Maintain and grow an established team of risk & compliance specialists, provide guidance and coaching to ensure the highest standards continue to be met Provide guidance to senior leadership on compliance and certification investments needed to maintain Apptio's competitive edge and meet customers' ever-increasing needs Contribute to the design, implementation, and operations of procedural and technical security controls Determine audit scope, design testing strategies, test, evaluate, and document controls, identify control gaps and report audit issues based on significance, risk, and impact. Collect, review, analyze and verify the performance of internal controls, adherence to internal policy & procedures and client security expectations. Conduct staff interviews and walkthroughs; perform analysis to identify key business risks and controls. Engage with prospective and existing agency customers to understand their security expectations, communicate written and verbal technical, policy, and procedural security information, and participate in customer calls in support of sales initiatives Drive the Continuous Monitoring program, manage follow-up on open audit issues and facilitate agreement with business process owners to ensure timely closure of action plans. Research, standardize, compose, edit, and approve documented policies and procedures/process for compliance and in accordance with accepted industry standards. Keep abreast of current and emerging technologies and recommend changes to audit programs, as necessary. Qualifications Basic Qualifications:
Minimum 5 years' experience with achieving, maintaining, and expanding a comprehensive portfolio of Public Sector certifications to demonstrate the appropriate Cloud SaaS security posture to agency customers and prospects Industry experience working with government standard certification and compliance processes including FedRAMP and NIST, DoD, and preferably IRAP Strong understanding of the DOD Impact levels, you must have an understanding of the cybersecurity policies and procedures for DoD information systems Proficiency with risk assessment programs and methodologies The ability to audit, assess and identify compliance gaps in security controls Perform information assurance technical assessments and assist systems administrators with performing system audits and assists with resolving findings Strong organizational skills ranging from effectively engaging with individual contributors as well as executive leadership across all organizations in the enterprise Excellent interpersonal skills for building and establishing strong relationships with customers and key stakeholders, including senior staff, the security team, and the broader organization A proven track record of building and leading high capability teams
Qualifications:
Collaborative work style; effective communication; cross-functional teamwork. Ability to independently plan, organize and prioritize tasks. Strong general business skills and an aptitude for critical thinking and intellectual curiosity. Great attitude, self-motivating and independent, takes ownership of tasks from start to end. Highly organized and comfortable working in a rapidly changing and ambitious environment. Strong knowledge of desktop, server, application, and network security principles for conducting comprehensive business impact analysis and risk identification. Experience and/or knowledge of information security tools/systems:
SIEM, DLP, IDS/IPS, etc.
Salary Range:
$100K -- $150K
Minimum Qualification
Auditing & Compliance, Risk & Quantitative AnalysisEstimated Salary: $20 to $28 per hour based on qualifications.
You are a FedRAMP expert with extensive experience providing certified Cloud SaaS services to a demanding set of US Federal government and other world government agencies. You are proficient with other Public Sector certifications such as US DoD IL2/IL4 and Australia IRAP. The Manager, Public Sector Risk & Compliance position is responsible for achieving, maintaining, and expanding Apptio's Public Sector certifications to meet ever-increasing regulatory requirements in support of our aggressive growth and market expansion goals. This is an opportunity to leverage your technical and business skills to have a global impact in the dynamic and competitive Technology Business Management market which Apptio has established, and for which it is the undisputed leader. This position will report to the Director, Global Security & Governance. You will work closely with product and engineering teams, data center operations personnel, external consultants and assessors, and most importantly work with prospective and existing government agency customers in defining the appropriate policies, architectures, technologies, and practices to provide protection for our clients' information assets. This role provides a unique opportunity to interact directly broadly with Apptio teams and outside organizations to support business critical sales initiatives and to ensure ongoing customer satisfaction. Us:
Our team has broad responsibility for security and compliance across Apptio services and business units worldwide. We are highly motivated and dynamic individuals woven into a collaborative team where teamwork and flexibility are critical to our success. As an organization, Apptio has a very strong culture; it is open, transparent, and very customer focused. Leaders in the organization consistently showcase the following key attributes and look to build teams that embrace these qualities every day:
Growth Mindset Dealing with ambiguity and change Take ownership and has accountability Customer-focused Foster an inclusive environment Responsibilities What we want you to do:
Apptio is seeking a manager to drive the planning, implementation, governance, and maintenance of our FedRAMP and related programs such as IRAP. This individual will provide hands-on team and program leadership and be instrumental in all aspects of the certification lifecycle, acting as the primary point of contact for all things Public Sector related. As Manager, Public Sector Risk & Compliance, you will work closely with product management, development, and operations teams, to ensure that plans and required documentation are in place, appropriate resources are assigned, and provide insight into program status. This role requires you to work cross-functionally and you will be instrumental in all aspects of the FedRAMP lifecycle from the inception to the ongoing Continuous Monitoring of our FedRAMP compliance. You should understand the required SSP and related documents necessary to submit for pursuit of ATO, understand the role of 3PAO agency/auditors, and have previously been involved in the submission of a request for either a JAB P-ATO or Agency ATO. You should understand the difference in the FedRAMP and DOD/DISA impact levels, including Moderate/High and IL-2/IL-4. We are seeking a candidate who is self-motivated and enjoys problem-solving. Additional responsibilities include:
Maintain and grow an established team of risk & compliance specialists, provide guidance and coaching to ensure the highest standards continue to be met Provide guidance to senior leadership on compliance and certification investments needed to maintain Apptio's competitive edge and meet customers' ever-increasing needs Contribute to the design, implementation, and operations of procedural and technical security controls Determine audit scope, design testing strategies, test, evaluate, and document controls, identify control gaps and report audit issues based on significance, risk, and impact. Collect, review, analyze and verify the performance of internal controls, adherence to internal policy & procedures and client security expectations. Conduct staff interviews and walkthroughs; perform analysis to identify key business risks and controls. Engage with prospective and existing agency customers to understand their security expectations, communicate written and verbal technical, policy, and procedural security information, and participate in customer calls in support of sales initiatives Drive the Continuous Monitoring program, manage follow-up on open audit issues and facilitate agreement with business process owners to ensure timely closure of action plans. Research, standardize, compose, edit, and approve documented policies and procedures/process for compliance and in accordance with accepted industry standards. Keep abreast of current and emerging technologies and recommend changes to audit programs, as necessary. Qualifications Basic Qualifications:
Minimum 5 years' experience with achieving, maintaining, and expanding a comprehensive portfolio of Public Sector certifications to demonstrate the appropriate Cloud SaaS security posture to agency customers and prospects Industry experience working with government standard certification and compliance processes including FedRAMP and NIST, DoD, and preferably IRAP Strong understanding of the DOD Impact levels, you must have an understanding of the cybersecurity policies and procedures for DoD information systems Proficiency with risk assessment programs and methodologies The ability to audit, assess and identify compliance gaps in security controls Perform information assurance technical assessments and assist systems administrators with performing system audits and assists with resolving findings Strong organizational skills ranging from effectively engaging with individual contributors as well as executive leadership across all organizations in the enterprise Excellent interpersonal skills for building and establishing strong relationships with customers and key stakeholders, including senior staff, the security team, and the broader organization A proven track record of building and leading high capability teams
Qualifications:
Collaborative work style; effective communication; cross-functional teamwork. Ability to independently plan, organize and prioritize tasks. Strong general business skills and an aptitude for critical thinking and intellectual curiosity. Great attitude, self-motivating and independent, takes ownership of tasks from start to end. Highly organized and comfortable working in a rapidly changing and ambitious environment. Strong knowledge of desktop, server, application, and network security principles for conducting comprehensive business impact analysis and risk identification. Experience and/or knowledge of information security tools/systems:
SIEM, DLP, IDS/IPS, etc.
Salary Range:
$100K -- $150K
Minimum Qualification
Auditing & Compliance, Risk & Quantitative AnalysisEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
