FedRAMP Program Manager
Overview
The FedRAMP Program Manager will be responsible for FedRAMP customer-facing compliance activities of SailPoint’s FedRAMP authorized cloud services. The nature of this position requires inside contact with SailPoint employees, at all levels, as well as contact with outside client representatives, vendors, auditors and other business-related representatives. In addition, this role will have primary responsibility for project management of all activities requires to achieve an Authorization to Operate for the balance of SailPoint services.
Responsibilities:
- Facilitate and verify FedRAMP evidence and artifacts (monthly, quarterly, annually, etc.) per FedRAMP continuous monitoring requirements for each FedRAMP customer
- Contribute FedRAMP-specific input and assist with FedRAMP pre-audit and post-audit activities including the Security Assessment Plan, the 3PAO Rules of Engagement, and the 3PAO Security Assessment Report
- Contribute FedRAMP-specific input to the System Security Plan (SSP). Ensure SSP is updated to reflect changes as they arise and that the changes are reviewed and approved before incorporated in the SSP.
- Work with the SailPoint Information System Security Officer in developing FedRAMP Moderate POA&M, Compliance POA&M, Significant Change Request, Operational Requirement Requests, and any other documentation required by sponsoring agency or FedRAMP PMO.
- Support developers in ensuring IT security requirements for all applications comply with all laws and regulations and are appropriate and sufficient.
- Prepare audit defense presentation for SailPoint SaaS FedRAMP in response to the 3PAO SAR
- Assist in the various stages of an internal and external audit engagement, including planning, fieldwork, reporting and follow-up activities.
- Catalog evidentiary artifacts.
- Administer the audit testing schedule.
- Assist in the performance of special reviews at the request of management.
Requirements:
- 5-7 years of related professional services experience within Federal projects
- Experience supporting certification programs for the US public sector, specifically FedRAMP a must.
- Experience working for a Cloud Service Provider a plus
- Experience working with technical stakeholders to control risk
- Certifications: Project Management Professional (PMP) or Certified Information Systems Security Professional (CISSP) a plus
- Knowledge of ISO 27001, SOC 2.
- Working knowledge of FedRAMP controls a must.
- Technical background – Engineering/SDLC, IT, System Admin, etc a plus.
- Assessment and Authorization (A&A), Certification and Accreditation (C&A), NIST SP 800-53, RMF
- Outstanding record of project and program management success, including establishing schedules, tracking progress, mitigating risk, achieving results and use of professional, repeatable methodology
- Able to manage multiple concurrent projects and cross-functional team for compliance & audits
- Strong written, verbal communication and presentation skills. Ability to interface with customers including presentations to senior executives
- Able to work under their own initiative.
- Due to the nature of this role’s responsibilities, U.S. citizenship is a requirement
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.