Salary Range: 110000 to 140000 (Currency: USD) (Pay period: per-year-salary)
The Company
Serving the People Who Serve the People
Granicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and its constituents together. We are on a mission to support our customers with meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn.
Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers power an unmatched Subscriber Network that use our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe.
Want to know more? See more of what we do here.
Granicus needs a Senior Security Analyst for our growing FedRAMP & GRC compliance program. This is a pivotal role that will act as a leader and SME for FedRAMP, NIST RMF, and related compliance programs. You will manage the monthly ConMon process and submissions, including POA&Ms and DRs. You will also manage annual and SCR-based audits.
To be successful in this position you will need to be an expert in FedRAMP, NIST, and compliance, able to work with internal technical and non-technical teams, auditors, and the FedRAMP JAB. It is crucial that you have experience with FedRAMP, including the authoring and maintenance of FedRAMP-related CSP-based deliverables, and the security and their compliance of SaaS solutions ideally in the role of cloud service provider.
What your impact will look like here
- Primarily, this role will work alongside GRC leadership to support and delivery Granicus’ existing and successful FedRAMP program (JAB Authorization), which includes, but is not limited, to the following
- Lead, either individually or in partnership with GRC leadership, annual compliance audit components, including interaction with 3PAO.
- Take ownership and curate, as necessary, System Security Plan and any other documentation and policies.
- Stay apprised of any potential or upcoming changes to FedRAMP elements (e.g., NIST rev5) and ensure any work needed to comply is included in roadmap planning.
- Lead elements of Continuous Monitoring (ConMon) process, including governance of POA&Ms, preparation of communication and evidence for the JAB, and all follow-up JAB interaction.
- Act as point of contact with Joint Authorization Board as necessary, including any informal or ad-hoc engagement (e.g., discuss potential technology changes). This role act as a trusted partner to JAB personnel, building on the positive, multi-year relationship Granicus has cultivated with the JAB.
- Work with technical teams to structure Significant Change Requests
- As a senior member of the team, this role will also have the opportunity and will be called upon to support other GRC related efforts, which may include –
- Assisting with other certifications that Granicus maintains (e.g., ISO 27001)
- Policy rationalization and optimization to accommodate global operating model and varied compliance and regulatory obligations.
- Supporting Enterprise Risk Management Program
- Helping to integrate newly acquired companies into Granicus processes
You will love this job if you have
- 3+ years of experience meaningfully supporting and leading elements of a FedRAMP program, including ongoing maintenance of all required processes, policies, or other documentation
- Deep familiarity with cyber security control frameworks, particularly NIST CSF and NIST 800-53
- 10+ years of Cyber Security experience, with 5+ of these years being in the Governance, Risk, and Compliance space.
- Bachelors and/or master’s degree in Computer Science, Cyber Security, Information Technology, Risk Management, or related field.
- Proven problem solving and analytical abilities, and can intake, assess and normalize, and present large amounts of complicated data.
- Ability to communicate in a clear, concise, and comprehensive manner, with internal and external stakeholders, including Granicus senior leaders and external compliance/regulatory personnel.
- Collaborative mindset, acting as an enabler of the business’ compliance/security goals and partner to technology teams to aid with risk reduction efforts, rather than an auditor-like approach to simply identify and track deficiencies.
- Strong, cross-discipline technical, security, and compliance background, with ability to have moderately deep conversations with technology teams.
Security and Privacy Requirements
1. Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company’s information security program.
2. Responsible for ensuring the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies.
Don’t have all the skills/experience mentioned above? At Granicus, we are trying to build diverse, inclusive teams. We do not have degree requirements for most of our roles. If you don’t meet every requirement above but are excited to learn more, we encourage you to apply. We might just be able to find another role that could be a perfect fit!
The Team
- We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.
The Culture
- At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be
a part of our journey.
- A few culture highlights include – Employee Resource Groups to encourage diverse voices
- Coffee with Mark sessions – Our employees get to interact with our CEO on very important and
sometimes difficult issues ranging from mental health to work-life balance and current affairs.
- Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more.-=- - We bring in special guests from time to time to discuss issues that impact our employee
population
The Impact
- We are proud to serve dynamic organizations around the globe that use our digital solutions to make the world a better place — quite literally. We have so many powerful success stories that illustrate how our solutions are impacting the world. See more of our impact here.
The Benefits
At Granicus, we offer a competitive benefits package that allows employees to tailor benefits to their needs. Benefits listed below are for employees based in the U.S.
- Flexible Time Off
- Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance
- 401(k) plan with matching contribution
- Paid Parental Leave
- Employer-paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance
- Group legal coverage
- And more!
Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status with regard to public assistance, familial status, military or veteran status or any other status protected by applicable law.
