[Remote] Sr. Public Sector Compliance Specialist
Note: The job is a remote job and is open to candidates in USA. SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. They are seeking a Sr. Public Sector Compliance Specialist to ensure the implementation and maintenance of security controls according to Federal guidelines and regulations.
Responsibilities
• Ensure the program’s security and operations are in support of SentinelOne, Public Sector cybersecurity, and FedRAMP program policy
• Assist in the maintenance and oversight of security controls to ensure compliance with FedRAMP and other relevant Public Sector security frameworks
• Conduct regular assessments and audits to verify the effectiveness of security controls
• Work with the teams to set and meet quality standards for vulnerability management deliverables
• Support the identification, assessment, and management of security risks associated with the information systems
• Works with other SentinelOne stakeholder organizations (engineering, site reliability engineering, and FedRAMP product management) to maintain and support our Public Sector environments in a compliant manner
• Create and maintain accurate and up-to-date security documentation, including security plans, risk assessments, Plan of Actions & Milestones (POA&M), and authorization packages
• Support the Change Control Board (CCB) by reviewing system changes for compliance implications
• Ensures quality of all Continuous Monitoring (ConMon) deliverables and timely submission to approved repositories for FedRAMP PMO and customer review
• Supports the execution and completion of FedRAMP annual assessments, including analysis and remediation of findings, support gathering/management of audit evidence, and finalization of Security Package documentation such as System Security Plan (SSP), Policies/Procedures, Security Assessment Plan (SAP), Risk Exposure Table (RET), and Security Assessment Report (SAR)
• Keeping abreast of changes performed on Federal systems and providing notice of changes to FedRAMP and customers via the Significant Change Request (SCR) process
• Maintains and executes compliance related activities for public sector offerings, including user onboarding/offboarding, customer eligibility validation, regulated package access requests, and performing internal compliance audits
• Support and foster collaboration among stakeholders
• Collaborate with system administrators, developers, engineers, product owners, and other stakeholders to integrate security measures into the system development life cycle
• Provide support during security incidents, including investigation, documentation, and reporting
• Identify areas of concern and provide recommendations for mitigations and/or remediation
• Stay on top of new technologies and how they can be used to help enhance the overall security posture of our offerings
• Stay current on industry best practices, emerging threats, and changes in security regulations
• Continually seek out new tools that could improve the way we work
Skills
• 5+ years of prior experience working as a GRC Analyst, Security Compliance Analyst/Manager, Compliance Specialist, or in an ISSO/ISSM-equivalent role in a similar industry
• Must have US government (i.e. FedRAMP, FISMA, CMMC, etc) or US Public Sector compliance experience
• Strong knowledge of information security principles, practices, and technologies, including risk management and control-based compliance
• Experience contributing to the delivery or oversight of complex compliance programs, products, or platforms, preferably in a cloud or hybrid environment
• Experience implementing, evaluating, and assessing cybersecurity and compliance controls, including frameworks such as FedRAMP, NIST SP 800-53, and DISA SRGs/STIGs
• Demonstrated ability to build and manage collaborative relationships with a diverse set of stakeholders across engineering, security, product, and compliance teams
• Must reside in the United States, be a U.S. Citizen, and have the ability to obtain a government clearance if required
• Experience supporting DoD and SLED environments is a plus
• Familiarity with modern cloud technologies and architectures (e.g., AWS, Azure, GCP, SaaS platforms)
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are a plus
Benefits
• Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
• Unlimited PTO
• Industry-leading gender-neutral parental leave
• Paid Company Holidays
• Paid Sick Time
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Cell phone reimbursement
• Numerous company-sponsored events, including regular happy hours and team-building events
Company Overview
• SentinelOne is an autonomous cybersecurity solution company. It was founded in 2013, and is headquartered in Mountain View, California, USA, with a workforce of 1001-5000 employees. Its website is http://www.sentinelone.com.
Apply tot his job
Apply To this Job
Responsibilities
• Ensure the program’s security and operations are in support of SentinelOne, Public Sector cybersecurity, and FedRAMP program policy
• Assist in the maintenance and oversight of security controls to ensure compliance with FedRAMP and other relevant Public Sector security frameworks
• Conduct regular assessments and audits to verify the effectiveness of security controls
• Work with the teams to set and meet quality standards for vulnerability management deliverables
• Support the identification, assessment, and management of security risks associated with the information systems
• Works with other SentinelOne stakeholder organizations (engineering, site reliability engineering, and FedRAMP product management) to maintain and support our Public Sector environments in a compliant manner
• Create and maintain accurate and up-to-date security documentation, including security plans, risk assessments, Plan of Actions & Milestones (POA&M), and authorization packages
• Support the Change Control Board (CCB) by reviewing system changes for compliance implications
• Ensures quality of all Continuous Monitoring (ConMon) deliverables and timely submission to approved repositories for FedRAMP PMO and customer review
• Supports the execution and completion of FedRAMP annual assessments, including analysis and remediation of findings, support gathering/management of audit evidence, and finalization of Security Package documentation such as System Security Plan (SSP), Policies/Procedures, Security Assessment Plan (SAP), Risk Exposure Table (RET), and Security Assessment Report (SAR)
• Keeping abreast of changes performed on Federal systems and providing notice of changes to FedRAMP and customers via the Significant Change Request (SCR) process
• Maintains and executes compliance related activities for public sector offerings, including user onboarding/offboarding, customer eligibility validation, regulated package access requests, and performing internal compliance audits
• Support and foster collaboration among stakeholders
• Collaborate with system administrators, developers, engineers, product owners, and other stakeholders to integrate security measures into the system development life cycle
• Provide support during security incidents, including investigation, documentation, and reporting
• Identify areas of concern and provide recommendations for mitigations and/or remediation
• Stay on top of new technologies and how they can be used to help enhance the overall security posture of our offerings
• Stay current on industry best practices, emerging threats, and changes in security regulations
• Continually seek out new tools that could improve the way we work
Skills
• 5+ years of prior experience working as a GRC Analyst, Security Compliance Analyst/Manager, Compliance Specialist, or in an ISSO/ISSM-equivalent role in a similar industry
• Must have US government (i.e. FedRAMP, FISMA, CMMC, etc) or US Public Sector compliance experience
• Strong knowledge of information security principles, practices, and technologies, including risk management and control-based compliance
• Experience contributing to the delivery or oversight of complex compliance programs, products, or platforms, preferably in a cloud or hybrid environment
• Experience implementing, evaluating, and assessing cybersecurity and compliance controls, including frameworks such as FedRAMP, NIST SP 800-53, and DISA SRGs/STIGs
• Demonstrated ability to build and manage collaborative relationships with a diverse set of stakeholders across engineering, security, product, and compliance teams
• Must reside in the United States, be a U.S. Citizen, and have the ability to obtain a government clearance if required
• Experience supporting DoD and SLED environments is a plus
• Familiarity with modern cloud technologies and architectures (e.g., AWS, Azure, GCP, SaaS platforms)
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are a plus
Benefits
• Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
• Unlimited PTO
• Industry-leading gender-neutral parental leave
• Paid Company Holidays
• Paid Sick Time
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Cell phone reimbursement
• Numerous company-sponsored events, including regular happy hours and team-building events
Company Overview
• SentinelOne is an autonomous cybersecurity solution company. It was founded in 2013, and is headquartered in Mountain View, California, USA, with a workforce of 1001-5000 employees. Its website is http://www.sentinelone.com.
Apply tot his job
Apply To this Job