Director, Information Security - FedRAMP

Job not on LinkedIn

April 30

Apply Now

Receive Emails with Similar Jobs

Saviynt

WebsiteLinkedInAll Job Openings

SaaS • Cybersecurity • Enterprise

Saviynt is a leading provider of cloud-based identity and access management (IAM) solutions. Their platform, known as the Identity Cloud, offers comprehensive identity governance, administration, and application access governance. Saviynt's solutions focus on secure identity management, ensuring compliance, modernizing legacy systems, and supporting multi-cloud environments. They serve a wide range of industries including healthcare, financial services, and government sectors. Leveraging AI/ML, Saviynt provides in-depth insights and analytics for enhanced identity security. They are recognized for their robust capabilities in identity governance and administration, helping organizations to efficiently manage and protect employee, contractor, partner, and machine identities.

501 - 1000 employees

Founded 2010

☁️ SaaS

🔒 Cybersecurity

🏢 Enterprise

💰 $130M Private Equity Round on 2021-09

📋 Description

• Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. • The company brings together identity governance (IGA), granular application access, cloud security, and privileged access (PAM) to secure the entire business ecosystem and provide a frictionless user experience. • The world’s largest brands trust Saviynt to accelerate digital transformation, empower distributed workforces, and meet continuous compliance. • The Director, Information Security, reports into Information Security leadership, and will lead various Technical and Governance, Risk and Compliance (GRC) efforts as they relate primarily to the FedRAMP Program. • The candidate will possess the ability to execute, scale, and continuously evolve the InfoSec and GRC functions to maximize the impact and oversight across the organization. • The candidate must be comfortable managing projects in an Agile environment. • The candidate should be familiar with policy and compliance requirements, including policy documentation and system requirements to successfully respond to potential audits.

🎯 Requirements

• Bachelor's degree with a minimum of 10 years of experience • Knowledge of U.S. Federal Government security compliance, risk management processes and requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls • Experience with GRC tools and automation is a plus • Experience with common controls framework, unified control framework (UCF) is a plus • Knowledge of current trends/technologies (i.e., Zero Trust, AI/ML, PAM, etc.) is a plus • Experience with vulnerability scanning, remediation, and continuous monitoring (ConMon) • Experience managing Agile projects with a focus on duties related to Product Owner • Experience developing executive level presentations to support Governance and broader Information Security updates to appropriate audiences • Experience assessing project and technical documentation to ensure compliance with established policies, processes, and procedures. • Requires sufficient technical background to be able to interpret audit and compliance requirements, and be able to support basic evidence gathering needs in support of audits • Ability to provide excellent written and oral communications by email, presentations, and mobile communication platforms (including: experience facilitating discussions, briefing senior managers, and conducting project meetings). • Experience supervising or managing an Agile project team. • Work on multiple projects and tasks concurrently • Experience defining project scope and objectives, developing detailed work products (schedules, status reports, etc.), conducting project meetings, and owning responsibility for project tracking and analysis. • Experience with continuous monitoring and Plans of Actions and Milestones (POA&Ms) is a plus • Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy • Flexible and collaborative approach to enabling and supporting the business • Strong stakeholder and relationship management skills

🏖️ Benefits

• Complete security & privacy literacy and awareness training during onboarding and annually thereafter • Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to): • > Data Classification, Retention & Handling Policy • > Incident Response Policy/Procedures • > Business Continuity/Disaster Recovery Policy/Procedures • > Mobile Device Policy • > Account Management Policy • > Access Control Policy • > Personnel Security Policy • > Privacy Policy