Information Security Program Manager - Continuous Monitoring (FedRAMP)
Company: Rubrik
Location: Jackson
Posted on: January 23, 2023
|
|
Job Description:
**Information Security - Who We Are**Rubrik is seeking creative
problem solvers with a passion for cyber security. In this role you
will partner with all parts of the business to help grow the
business, secure the brand, and protect organization, company, and
customer environments. You will be responsible for building and
executing on security programs and delivering technologies and
improvements across security domains. The ideal candidate for this
role is someone who can thrive in a fast-paced, dynamic environment
that is sometimes like working at a startup. Your work will make a
difference here as we deliver strong cyberdefense capabilities that
enhance the posture, maturity, and value of Rubrik's information
security organization as a whole.**What you'll be
doing:**Information Security is looking for a success-driven,
US-based Program Manager to organize, plan, and execute on
continuous monitoring and compliance activities for Rubrik's new
government cloud service offering(s). This mission-critical
position will lead efforts to obtain and maintain associated
certifications and authorizations including FedRAMP, DoD Impact
Level, CJIS, CMMC, and StateRAMP.Rubrik's new cloud service
offering (CSO) is nearing its delivery date,, so your initial
assignments will involve controls implementation and authorization
package (System Security Plan, Policies and Procedures, etc.)
development to ensure Rubrik is across-the-board ready to undergo
security assessment for our Initial FedRAMP Authorization in 2023.
Other security frameworks will soon follow.This role represents
Rubrik externally with the FedRAMP PMO, our Government / Agency
Partner(s), and our third party assessment organization (3PAO).
Once Initial Authorization is achieved, the incumbent will help
Rubrik accelerate and assure the growth of our govcloud services
through diligent continuous monitoring, timely government
reporting, and security assessment & authorization activities for
each certification we obtain.Our ideal candidate is a subject
matter expert in FedRAMP, NIST SP800-53, NIST SP800-171, and
Department of Defense Impact Level security requirements, with
previous experience in leading and performing assessment,
authorization, and continuous monitoring activities for a Cloud
Service Provider. They will also need to bring personal
accountability for results and excellent leadership as well as
solid communication, decision-making, and teamwork
skills.**Responsibilities**Program / Development+ Implement and
serve as Lead / Control Owner for Rubrik's Continuous Monitoring
(ConMon) capability, covering requirements for FedRAMP, DoD Impact
Level, and similar frameworks. Others will perform scanning,
inventory, and flaw remediation; your role is to ensure ConMon and
related procedures are in place with ongoing compliance, and that
issues are appropriately documented, managed, and addressed on a
timely basis.+ Implement and serve as Control Owner for Rubrik's
FedRAMP Significant Change (SigChange) process, ensuring that all
information system changes for the new service have been assessed
for significant change applicability per FedRAMP requirements.+
Implement and serve as Control Owner for Rubrik's Security Impact
Analysis (SIA) process, ensuring that security impact has been
assessed for each proposed change before its presentation to the
change control review board.+ Ensure Rubrik's compliance with
FedRAMP Significant Change, POA&M, and monthly ConMon reporting
processes.+ Maintain the calendar of continuous monitoring
activities covering weekly, monthly, quarterly, and annual
compliance requirements for FedRAMP, DoD Impact Level, and similar
programs.+ Collaborate with a range of stakeholders from individual
contributors to senior leadership to external parties including
Agency Partners and/or Third Party Security Assessor (3PAO).+ Drive
activities related to the remediation of technical security and
compliance risks with cross-functional teams, including, but not
limited to, engaging third party services, leading meetings,
assigning and tracking work items, producing reports, and
escalating risks and issues.+ Serve as a subject matter expert and
an integral member of the government compliance team, cultivating
strong relationships across the company to aid in achieving
consensus, expectation setting, risk and vulnerability awareness,
and continual process improvement.Operations+ Develop, maintain,
and disseminate Rubrik's government Authorization Package(s) and
related artifacts, obtaining updates from Control Owners when
needed and ensuring each item is correct, complete, and current.+
Develop and maintain the Plan of Action and Milestones (POA&M)
workbook and use it to log and report vulnerability remediation
status for Rubrik's government cloud service offering(s).+ Perform
and document Security Impact Analyses on proposed changes, ensuring
consensus of our 3PAO on annual vs. off cycle security assessment
timing whenever possible.+ Identify and manage Significant Changes
as defined by FedRAMP, ensuring Agency Partner approval and 3PAO
concurrence prior to approving changes for release to production.+
Package and submit monthly ConMon reporting, and similar duties as
assigned for FedRAMP, StateRAMP, and Dept. of Defense
Authorizations.+ Ensure Agency Partner approval or concurrence for
monthly reporting, annual test plans and exercises including
Incident Response and Information System Contingency Plan testing,
and security assessments.+ Respond to Executive Orders, requests
from CISA and other entities that require reporting, and assist as
needed with incident response involving public sector
organizations.+ Participate in Change Control Board activities to
present security impact analyses and make recommendations as to
whether requested changes should be approved and
implemented.Technical+ Develop and manage activities using JIRA as
a primary project and work tracking tool.+ Drive automation where
opportunities exist for effectiveness, efficiency, and
scalability.+ Share expertise in cloud services (GCP, Azure, AWS)
and cloud security.+ Manage third party assessors and auditors
through control selection and assessments.**Ideal Background**+ 7+
years of related work experience in Information Security or
relevant Compliance roles in the tech / SaaS industry+ 4+ years of
experience in a U.S. public sector compliance role associated with
FedRAMP, DoD Impact Levels, Controlled Unclassified Information, or
Assurance & Authorization activity+ Experience in a dynamic, high
growth / start-up business environment+ Comfortable wearing many
hats in a small and agile team that stays upbeat and enjoys working
together to get things done+ Performed security impact assessments
for a SaaS Cloud Service Provider (CSP), from determining relevant
/ in-scope controls, to identifying significant changes that
warrant special handling, to following significant change processes
as defined by FedRAMP+ Advanced knowledge of government compliance
and cloud security risks, vulnerabilities, and threats, and can
take these issues through triage / risk treatment conversations+
Deep understanding of relevant information security frameworks,
including FedRAMP, NIST 800-53, NIST 800-171, and DoD Cloud
Security Requirements Guide+ Develops plans and roadmaps, and
implements cross-functional policy, process, and procedures to meet
planned objectives+ Hands-on experience with agile project
management tools (e.g., Jira, Confluence).+ Detail-oriented and
able to understand the bigger picture by using technical expertise
and problem solving abilities to prioritize efforts and work
through ambiguity and issues+ Ability to ramp up quickly and learn
new technologies with minimal lag time+ Familiarity with / interest
in use of OSCAL for automation is a plus+ Bachelor's degree or
equivalent in Security, Computer Science, Management Information
Systems, Business Administration or related field preferred+
Professional certifications in Information Security, Cloud
Security, or Systems Audit/Assessment (e.g., CISSP, CISA, CCSK)
preferred**Security and Privacy Responsibilities**This position
carries special Security and Privacy Responsibilities for
protecting the U.S. Federal Government's interests:+ Must be U.S.
Citizen located on U.S. Soil (within the lower 48 United States);+
Know, acknowledge, and follow system-specific security policies and
procedures;+ Protect data and individual privacy per requirements
and regulations;+ Perform ongoing activities in compliance with
service and contractual obligations;+ Participate in role-based
training, completing assignments on a timely basis;+ Report
security issues promptly, and aid investigation when needed;+
Support controlled changes and vulnerability remediation
activities; and+ Work collaboratively with Information Security in
designing, implementing, assessing or enhancing system-specific
security and privacy controls.**Position Risk Designation**This
position carries duties and responsibilities involving the U.S.
Federal Government's interests. The selected incumbent may be
subject to one or both of the additional background checks with
periodic re-screening as noted below:Position Risk Designation:
Non-Sensitive, Low Risk, Tier 1+ Incumbents without access to U.S.
Government data may be required to complete Standard Form 85 and
undergo a Tier 1 Investigation (T1) for non-sensitive positions of
Low Risk. (Baseline screening; formerly National Agency Check and
Inquiries (NACI)).Position Risk Designation: Non-Sensitive,
Moderate Risk, Tier 2 (Public Trust)+ Incumbents with access to
U.S. Government data may be required to complete Standard Form 85P
and undergo Tier 2 (T2) Investigation for non-sensitive positions
designated Moderate Risk.\#LI-JS1\#LI-RemoteThe minimum and maximum
base salaries for this role are posted below; additionally, the
role is eligible for bonus potential, equity and benefits. The
range displayed reflects the minimum and maximum target for new
hire salaries for the role based on U.S. location. Within the
range, the salary offered will be determined by work location and
additional factors, including job-related skills, experience, and
relevant education or training.US (SF Bay Area, DC Metro, NYC) Pay
Range$168,000-$252,000 USDThe minimum and maximum base salaries for
this role are posted below; additionally, the role is eligible for
bonus potential, equity and benefits. The range displayed reflects
the minimum and maximum target for new hire salaries for the role
based on U.S. location. Within the range, the salary offered will
be determined by work location and additional factors, including
job-related skills, experience, and relevant education or
training.US2 (all other US offices/remote) Pay
Range$151,000-$227,000 USD**About Rubrik:**Rubrik, the Zero Trust
Data Security Company---, delivers data security and operational
resilience for enterprises. Rubrik's big idea is to provide data
security and data protection on a single platform, including Zero
Trust Data Protection, Ransomware Investigation, Incident
Containment, Sensitive Data Discovery, and Orchestrated Application
Recovery. This means your data is ready so you can recover the data
you need, and avoid paying a ransom. Because when you secure your
data, you secure your applications, and you secure your business.We
are a leader in data security
(https://www.rubrik.com/lp/analyst-reports/gartner-mq) , have been
recognized as as a Forbes Cloud 100 Company, named as a LinkedIn
Top 10 Startup and are proud to have earned Great Place to Work -
Certification---. There has never been a more exciting time to join
Rubrik, and our future is even brighter. The work you do will help
propel our next chapter of growth as you do the best work of your
career.Linkedin
(https://www.linkedin.com/company/rubrik-inc/mycompany/verification/)
**- Twitter (https://twitter.com/rubrikinc) - Instagram
(https://www.instagram.com/rubrikinc/) -** **Rubrik.com**
**-****Diversity, Equity & Inclusion @ Rubrik:**At Rubrik we are
committed to building and sustaining a culture where people of all
backgrounds are valued, know they belong, and believe they can
succeed here.Rubrik's goal is to hire and promote the best person
for the job, no matter their background. In doing so, Rubrik is
committed to correcting systemic processes and cultural norms that
have prevented equal representation. This means we review our
current efforts with the intent to offer fair hiring, promotion,
and compensation opportunities to people from historically
underrepresented communities, and strive to create a company
culture where all employees feel they can bring their authentic
selves to work and be successful.Our DEI strategy focuses on three
core areas of our business and culture:+ Our Company: Build a
diverse company that provides equitable access to growth and
success for all employees globally.+ Our Culture: Create an
inclusive environment where authenticity thrives and people of all
backgrounds feel like they belong.+ Our Communities: Expand our
commitment to diversity, equity, & inclusion within and beyond our
company walls to invest in future generations of underrepresented
talent and bring innovation to our clients.**_Equal Opportunity
Employer/Veterans/Disabled: Rubrik is an Equal Opportunity
Employer. All qualified applicants will receive consideration for
employment without regard to race, color, religion, sex, sexual
orientation, gender identity, national origin, or protected veteran
status and will not be discriminated against on the basis of
disability._****_Rubrik provides equal employment opportunities
(EEO) to all employees and applicants for employment without regard
to race, color, religion, sex, national origin, age, disability or
genetics. In addition to federal law requirements, Rubrik complies
with applicable state and local laws governing nondiscrimination in
employment in every location in which the company has facilities.
This policy applies to all terms and conditions of employment,
including recruiting, hiring, placement, promotion, termination,
layoff, recall, transfer, leaves of absence, compensation and
training._****_Federal law requires employers to provide reasonable
accommodation to qualified individuals with disabilities. Please
contact us at hr@rubrik.com if you require a reasonable
accommodation to apply for a job or to perform your job. Examples
of reasonable accommodation include making a change to the
application process or work procedures, providing documents in an
alternate format, using a sign language interpreter, or using
specialized equipment._****_EEO IS THE LAW
(https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf)\_****_EEO
IS THE LAW - POSTER SUPPLEMENT_****_PAY TRANSPARENCY
NONDISCRIMINATION PROVISION
(https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp\_English\_unformattedESQA508c.pdf)\_****_NOTIFICATION
OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS_**
Keywords: Rubrik, Jackson , Information Security Program Manager - Continuous Monitoring (FedRAMP), Executive , Jackson, Mississippi
Click
here to apply!
|