Facebook pixel

Director – Fedramp Program
Posted on 9/23/2022
Remote • Everett, MA, USA
Experience Level
Desired Skills
  • Have proven experience managing prescriptive regulatory and compliance related certifications in fast moving technology focused companies
  • Have significant experience leading disperse and diversified technical teams across many organizations in a cohesive regulatory program
  • Are extremely confident, driven, versatile, and dedicated to productivity and can make fast decisions and take ownership and drive for results
  • Have experience planning and organizing strategic initiatives and programs
  • Care about the details, and can achieve success in your areas of focus
  • Appreciate a fast moving, energetic, and collaborative environment
  • Are based in the US and are eligible for Federal clearance
  • Have achieved FedRAMP compliance in your past in an agile development based, SaaS product company and are confident that you can do it again
  • Lead and manage Snyk's Fedramp program from the beginning to ATO. This includes detailing the boundary, data flow, 3rd parties in use, defining controls, driving the implementation of FIPS, writing documentation in OSCAL format all leading to the creation of the ATO packet including the System Security plan. Once the ATO is achieved this team will be responsible for the continuous monitoring requirements as well as defining the future FedRAMP strategy as the federal requirements continue to grow
  • Be a FedRAMP subject matter expert (SME) and provide input to Engineering, IT and various business teams with regard to how FedRAMP compliance may impact product updates, processes, business and data flows
  • Leverage technical and program management skills to plan, track, collaborate and report on FedRAMP program deliverables, including scheduling and leading meetings, assigning and tracking action items, and developing status reports. Stakeholder management and excellent communication skills should be part of your core skill set
  • Oversee and support compliance audit and assessment efforts to include external third-party auditors with evidence identification and collection, auditor interview support, and auditor walk-throughs of policies, procedures, and related compliance and security documentation
  • Define the ways we perform and manage security impact analyses, review access management controls, create relevant training that can be easily deployed to all users, and map technical implementation to the identified NIST 800-53 controls
  • Work with the Engineering team to execute on continuous monitoring, including tracking and updating Snyk's Plan of Action and Milestones and ensuring the required reporting to our Agency partners
  • Manage and verify that required FedRAMP artifacts and evidence available for FedRAMP continuous monitoring (ConMon)
  • Assess the impact of new features and architectural changes to the Fedramp boundary, update the System Security Plan on the required cadence, and guide technical teams on relevant NIST requirements and documentation
  • Talking with customers and prospects, to understand their needs, hear feedback, and collaborate with them to help them understand Snyk's compliance portfolio
Code vulnerability detection