Full-Time
Director of FedRAMP Security and Outreach
Security, Compliance
Posted on 9/10/2025
Cyberark
1,001-5,000 employees
Privileged access security software provider
No salary listed
Newton, MA, USA
In Person
 Legal & Compliance (2) |
|---|
| , |
- 10+ years of experience in cloud security, cybersecurity compliance, or governance roles, with a strong focus on U.S. federal cybersecurity frameworks.
- Direct experience managing FedRAMP programs, including working with 3PAOs and federal agency authorizing officials.
- Deep understanding of NIST SP 800-53, FedRAMP baselines, and cloud-native security architectures (AWS, Azure, GCP).
- Strong documentation and program management skills, with experience leading compliance audits or assessments.
- Demonstrated ability to engage and communicate effectively with federal stakeholders, customers, and technical teams.
- Familiarity with security frameworks such as FISMA, TIC 3.0, and the Executive Order on Improving the Nation’s Cybersecurity.
- Excellent written and verbal communication skills, including executive-level briefings and public presentations.
- Lead and sustain CyberArk’s FedRAMP security posture, ensuring continuous compliance with federal cloud security requirements and evolving mandates.
- Manage all phases of the FedRAMP lifecycle, including initial authorization, periodic assessments, audits, and ongoing monitoring.
- Coordinate with internal security, DevOps, product, and engineering teams to embed and enforce FedRAMP controls and secure design principles across the SDLC.
- Own and maintain key FedRAMP documentation, including the System Security Plan (SSP), POA&M, security policies, and procedures.
- Monitor and interpret changes to federal cybersecurity guidance (e.g., NIST 800-53, OMB memos, CISA advisories), and proactively adjust compliance programs accordingly.
- Build and maintain trusted relationships across the federal cybersecurity community, including ISACs, federal CIO/CISO councils, and peer organizations.
- Support federal sales, marketing, and customer success teams with security outreach, briefings, education sessions, and responses to FedRAMP-related inquiries.
- Provide strategic insight and reporting to CyberArk’s senior leadership on the health of FedRAMP compliance and broader federal trust efforts.
- Strong network and reputation within the federal security and compliance community is a plus.
CyberArk specializes in privileged access security, providing software and services that protect data, infrastructure, and assets across enterprises, cloud environments, and DevOps pipelines. Its products manage and protect privileged credentials and secrets through solutions like privileged access management, endpoint privilege security, and application access management, enabling credential rotation, access controls, and activity monitoring. This approach helps stop attackers from abusing high-privilege accounts and meets regulatory requirements across industries. CyberArk differentiates itself with a broad, dedicated platform focused on privileged access, serving large enterprises, government agencies, and financial institutions, offering licenses, subscriptions, and professional services. The company aims to reduce risk from privileged credentials and secrets by securing the most critical assets and ensuring compliance in diverse environments.
Company Size
1,001-5,000
Company Stage
IPO
Headquarters
Petah Tikva, Israel
Founded
1999
Simplify's Take
What believers are saying
- Palo Alto Networks acquires CyberArk for $25 billion in 2026.
- Partner deals doubled, driving $99M net new ARR up 20% in 2025.
- Upsized $1.1B convertible notes fund growth, settling June 10, 2025.
What critics are saying
- FTC antitrust scrutiny kills Palo Alto deal in 6-12 months.
- Okta's Identity Cloud erodes endpoint security revenue in 6-12 months.
- StrongDM displaces DevOps share with cheaper access in 6-12 months.
What makes Cyberark unique
- CyberArk leads in privileged access management for enterprises and cloud.
- Privileged Access Security Solution provides session management and threat analytics.
- Identity Security Platform secures human and machine identities comprehensively.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Flexible Work Hours
Remote Work Options
Company News
Venice, an Israeli-American identity and access management startup, has emerged from stealth with $20 million in Series A funding led by IVP, with participation from Index Ventures. The 35-person company claims to be replacing incumbents like CyberArk and Okta at Fortune 500 companies. Founded by former Microsoft product manager Rotem Lurie, Venice tackles both cloud-based and on-premises environments, consolidating multiple identity tools into a single platform for humans and non-human entities. The company says it has reduced implementation time to one-and-a-half weeks from the typical six months to two years. Lurie, who previously worked at Unit 8200 and Axis Security, started Venice over two years ago. The company counts a publicly traded manufacturing giant and global music conglomerate among its customers, according to Lurie.
CyberArk has announced its 2025 Global Partner of the Year Award recipients, recognising partners who demonstrated excellence in identity security expertise and customer support. PwC received the Global Partner of the Year award, whilst Accenture, Deloitte, Amazon Web Services, HCLTech and DXC were honoured in specific categories. The awards reflect strong partner engagement that helped CyberArk add over 1,000 new customers in 2025 and achieve record net new Annual Recurring Revenue of $99 million, up 20% year over year. Partner-led deal registrations more than doubled year over year, accounting for over half of all new business. CyberArk's Partner Network comprises more than 2,400 global systems integrators, managed service providers and solution providers worldwide.
CyberArk Software reported a fourth-quarter loss of $17.1 million, or 34 cents per share. Adjusted earnings reached $1.33 per share, beating analyst expectations of $1.13 per share. The Petach-Tikva, Israel-based cybersecurity company posted revenue of $372.7 million for the quarter, surpassing forecasts of $355.9 million. CyberArk makes software that detects attacks on privileged accounts. For the full year, the company reported a loss of $146.9 million, or $2.93 per share, on revenue of $1.36 billion.
CyberArk Software, a US-listed Israeli privileged access management specialist, has secured approximately $20 million from a major institutional investor, representing 3% of the fund's assets under management. The investment was driven by confidence in CyberArk's recurring revenue model rather than market sentiment. The company reported 12-month gross recurring revenue of $130 million, up 15% year-on-year, with churn below 3%. Its price-to-sales ratio of 2.8x sits below the sector average of 5.6x for privileged-access management providers. Despite solid recurring revenue, CyberArk remains loss-making with trailing twelve-month net income of negative $10 million, reflecting continued investment in product development and sales expansion. The allocation signals investor conviction in CyberArk's leadership position in zero-trust security architectures and its potential for long-term capital appreciation.
CyberArk Software, an Israeli privileged-access management vendor, has secured a substantial investment from Prelude Capital, according to a regulatory filing. The transaction occurred with shares trading near $35, up 18% from the quarter's start, valuing the company based on strong recent performance. The capital will fund product development and geographic expansion, particularly in Asia-Pacific. CyberArk reported 12% year-on-year revenue growth, driven by subscription renewals, whilst maintaining a 73% gross margin. The company generated $15.2 million in positive free cash flow and remains debt-free. CyberArk's privileged-access management solutions serve highly regulated sectors including healthcare and financial services. The company faces competition from broader identity-management firms and must adapt to emerging zero-trust architectures whilst expanding DevSecOps integrations.