Druva, the autonomous data security company, puts data security on autopilot with a 100% SaaS, fully managed platform to secure and recover data from all threats. The Druva Data Security Cloud ensures the availability, confidentiality, and fidelity of data - providing customers with autonomous protection, rapid incident response, and guaranteed data recovery. The company is trusted by its more than 6,000 customers, including 65 of the Fortune 500, to defend business data in today’s ever-connected world. Amidst a rapidly evolving security landscape, Druva offers a $10 million Data Resiliency Guarantee ensuring customer data is protected and secured against every cyber threat. Visit druva.com and follow us on LinkedIn, Twitter and Facebook.
The FedRAMP Compliance Director will lead Druva’s efforts to meet and exceed Federal Risk and Authorization Management Program (FedRAMP) compliance authorization standards across multiple product lines. As the strategic lead, the FedRAMP Director is responsible for driving cross-functional collaboration across internal and external teams, stakeholders, and partners. The ideal candidate will bring a strong background in information security, risk management, and compliance for cloud environments, as well as in-depth knowledge of federal security compliance and risk management frameworks
Responsibilities:
- Lead our FedRAMP Compliance Authorization efforts
- Maintain existing authorization process (Annual FedRAMP Audit, Oversight and internal audit of required FedRAMP Controls, Monthly ConMon with Agency Sponsor etc)
- Create FedRAMP SSPs, Define Authorization Boundary etc.
- Owning/driving FedRAMP significant change process to get new product features authorized
- Liaison with our FedRAMP Agency sponsor, FedRAMP PMO, 3PAO / Auditors and other Federal customers as needed
- Collaborate with Federal Sales team to help communicate our FedRAL compliance posture to prospects as needed
- Collaborate with internal software development, infrastructure and IT teams to define and solution security controls to meet and maintain required federal security standards
- Own and maintain other Government compliance certifications both in US and globally (StateRAMP, DESC, IRAP etc)
Qualifications:
- 10+ years of experience in information security, risk management, and compliance, particularly within the U.S. federal government sector.
- In-depth knowledge of federal security compliance and risk management frameworks, including NIST SP 800-53 Rev 5 and RMF controls.
- Proven experience in managing compliance for cloud, SaaS, and multi-tenant environments, preferably with a focus on AWS.
- Strong foundation in core security domains such as Vulnerability triage and remediation, Incident Response, Encryption, Host/Network Intrusion Detection, File Integrity Monitoring, Secure SDLC practices and more.
- Excellent communication skills, capable of engaging with both technical teams and executive-level stakeholders.
- Experience with DoD IL4/IL5, DFARS, CMMC, or working in a FedRAMP High environment is a plus
The pay range for this position is expected to be between $178,000 and $249,333/year; however, base pay offered may vary depending on multiple individualized, non-discriminatory factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other incentive compensation opportunities in the form of discretionary annual bonus or commissions, and equity. Additionally, full-time employees are eligible to participate in our comprehensive benefits program, including health and wellness benefits, 401(k) retirement plan, life and disability insurance coverages, and other benefits the Company may offer from time to time.