Senior Compliance & Privacy Analyst - FedRAMP
United States (Remote)
Join us in bringing joy to customer experience. Five9 is a leading provider of cloud contact center software, bringing the power of cloud innovation to customers worldwide.
Living our values everyday results in our team-first culture and enables us to innovate, grow, and thrive while enjoying the journey together. We celebrate diversity and foster an inclusive environment, empowering our employees to be their authentic selves.
This role requires a strong understanding of vulnerability management, FedRAMP requirements, and the authorization process. The successful candidate will partner with internal and external stakeholders, including vendors and third-party assessment organizations (3PAOs), to ensure remediation is completed, controls are implemented and documented in accordance with FedRAMP compliance standards, and SLAs are met. The primary responsibilities are to complete activities required to maintain and update FedRAMP Continuous Monitoring documentation for the Five9 FedRAMP program. This role will be coordinating with departments at multiple levels as required to ensure the business objectives within FedRAMP program are achieved.
Responsibilities
- Perform comprehensive assessments of systems, infrastructure, and processes to identify vulnerabilities and gaps in meeting FedRAMP compliance
- Analyze infrastructure, data flows, access controls, encryption methods, and security frameworks to ensure alignment with the FedRAMP Moderate baseline
- Maintain documentation and perform continuous monitoring of compliance with FedRAMP standards
- Assist with authorization packages, System Security Plans, and preparing for FedRAMP P-ATO assessments
- Collaborate with engineering teams to provide guidance on building FedRAMP compliant cloud architecture
- Collaborate with team members to help manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
- Conduct continuous monitoring activities to assess the effectiveness of security controls and identify potential vulnerabilities or non-compliance issues.
- Generate or facilitate deviation requests as required.
- Coordinate with internal stakeholder engineering teams to document security compliance control implementations for technical, management, and operational requirements.
- Assist in tracking of metrics and measurements through Plans of Action and Milestones (POA&Ms) and prepare Annual Authorization reports to support continuous monitoring
- Cultivate strong working relations with industry regulators, accreditation bodies, and authorized auditing firms
Qualifications:
- Strong governance, risk and compliance experience and familiarity with cloud data security (NIST SP 800 Series, FedRAMP and FISMA)
- Proven experience in FedRAMP Continuous Monitoring activities and understanding of SaaS SDLC and agile processes.
- Familiarity with vulnerability management concepts, such as CVE and CVSS.
- Ability to quickly change priorities and handle simultaneous tasks.
- Strong analytical and problem-solving skills, excellent communication and interpersonal skills, and ability to work independently and as part of a team.
- Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
- Experience with technical documentation related to FIPS 199, NIST SP 800-53 REV 5, continuous monitoring, and POA&M management
- Bachelor’s degree and 5+ years of experience or an additional 4 years of experience in lieu of a degree.
- Clearance: To comply with U.S. federal government security requirements, U.S. citizenship is required, and your employment will be conditioned upon obtaining the Public Trust Verification.
Preferred Skills:
- Prior experience with Nessus Tenable, Wiz, or Sunbird
- Knowledge of other industry security standards (for example PCI, SOC 2, ISO 27000, etc.)
- Working knowledge of HIPAA and privacy
- Certification in relevant areas such as CISSP, CISM, CISA, PMP
Work Location: This role is fully remote for candidates who reside outside the 50 mile radius of our San Ramon office. For candidates who reside within 50 miles of our San Ramon location, this role is Hybrid and would require 3 days a week (M, W, TH) in our San Ramon office.
As part of our continued commitment to diversity, equity, and inclusion, Five9 supports pay transparency during the entire recruitment process. Actual compensation packages are based on several factors that are unique to each candidate including, but not limited to: skill set, depth of experience, certifications, and specific work location. The range displayed reflects the minimum and maximum target for new hire salaries for the job across the United States. Your recruiter can share more about the specific compensation package during your hiring process.
Additionally, the total compensation package for this position may also include an annual performance bonus, stock, and/or other applicable incentive compensation plans.
Our total reward package also includes:
- Health, dental, and vision coverage, beginning on the first day of employment. Five9 covers 100% of the employee portion of the health, dental and vision coverage and shares a high portion of the dependent cost. We also offer Short & Long-Term Disability, Basic Life Insurance, and a 401k saving plan with employer matching.
- Access to an innovative mental health support platform that offers personalized care and resources in areas such as: therapy, coaching and self-guided mindfulness exercises for all covered employees and their covered dependents.
- Generous employee stock purchase plan.
- Paid Time Off, Company paid holidays, paid volunteer hours and 12 weeks paid parental leave.
All compensation and benefits are subject to the requirements and restrictions set forth in the applicable plan documents and any written agreements between the parties.
The US base salary range for this role is below. $77,800—$145,500 USDFive9 embraces diversity and is committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better we are. Five9 is an equal opportunity employer.
Our headquarters are located in the San Francisco Bay Area with global hubs in the United Kingdom, Germany, Philippines, Portugal, and Australia.
View our privacy policy, including our privacy notice to California residents here: https://www.five9.com/pt-pt/legal.
Note: Five9 will never request that an applicant send money as a prerequisite for commencing employment with Five9.
Tags: Agile Audits CISA CISM CISSP Clearance Cloud Compliance CVSS Encryption FedRAMP FISMA Governance HIPAA ISO 27000 Monitoring Nessus NIST NIST 800-53 POA&M Privacy SaaS SDLC SLAs SOC SOC 2 System Security Plan Vulnerabilities Vulnerability management
Perks/benefits: 401(k) matching Equity / stock options Flex vacation Health care Insurance Parental leave Salary bonus Team events Transparency
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.