Information System Security Specialist

Description

Position Overview

We are looking for a highly motivated and driven Information System Security Specialist. This position will be supporting Checkmarx’s Federal Risk and Authorization Management Program (FedRAMP) and the compliance of other regulations. The Information System Security Specialist will be responsible for the maintenance and upkeep of the FedRAMP System Security Plan package, for supporting Checkmarx’s Continuous Monitoring (ConMon) activities and for verifying compliance with FedRAMP controls.

This person should have experience in compliance programs, including FedRAMP.

The Information System Security Specialist will report to the GRC Manager and will collaborate closely on compliance initiatives with system administrators, engineers, and leadership to assess security risks, manage security incidents, and maintain regulatory and policy compliance.

Key Responsibilities:

FedRAMP Compliance

·      Work with various stakeholders across the company in communicating the FedRAMP requirements and maintaining FedRAMP compliant policies and procedures.

·      Maintain the Continuous Monitoring Plan.

·      Conduct security and privacy reviews of proposed changes to the system

General Compliance

·      Support the GRC Manager in maintaining a variety of compliance regimes within Checkmarx.

·      Drive the organization towards implementing and updating policies and procedures which meet multiple compliance requirements.

·      Support the management of Checkmarx’s Governance, Risk, and Compliance (GRC) platform.

·      Work with auditors and assessors to demonstrate security compliance and resolve findings.

·      Collaborate with system owners, developers, and other stakeholders to ensure security is integrated into system development and operations.

·      Support the GRC Manager in providing security training and awareness programs for end users.

Documentation Support

·      Support multiple teams as they prepare the necessary documentation for the system and processes.

·      Provide teams with clear guidance on requirements, and review/approve their products based on meeting the FedRAMP requirements.

·      Maintain and implement the taskings for the required documentation.

·      Support the GRC Manager in reviewing and updating processes in compliance with the approved FedRAMP controls.

·      Create and maintain security documentation, risk assessments, and incident response plans.

·      Develop and enforce policies, guidelines, and procedures to ensure compliance with regulatory requirements.

Risk Management

·      Create and maintain the Plan of Actions and Milestones (POA&M).

·      Work with key stakeholders to implement the necessary remediation actions.

·      Track to closure all remediation efforts.

·      Ensure that leadership maintains an accurate understanding of the current risks being tracked.

·      Ensure security controls are properly designed and function as intended.

·      Conduct risk assessments and security audits to evaluate system compliance.

Security Monitoring & Incident Response

·      Provide support to the incident response team to ensure that the system has been restored into compliant configuration.

·      Lead effort to identify the risks associated with incidents and to work with the appropriate stakeholders to implement the necessary remediation activities.

·      Monitor security systems and conduct continuous monitoring to detect potential vulnerabilities or incidents.

Citizenship Requirement

Due to the nature of the work and associated security requirements, only U.S. citizens are eligible to apply.

Requirements

Qualifications

·      2-5 years of experience with security compliance frameworks (e.g., NIST 800-53, FISMA, FedRAMP, ISO 27001).

·      Demonstrated ability to adapt to changing regulatory environments and emerging security threats, ensuring compliance and effective risk management.

·      Excellent communication and interpersonal skills for collaboration with technical and non-technical stakeholders.

·      Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or an equivalent experience.

Preferred Qualifications

·      Previous experience in compliance regulations and security frameworks.

·      Certified Information System Security Professional (CISSP) or equivalent certification

Skills & Competencies

·      Strong understanding of information security principles and practices.

·      Strong knowledge of system engineering.

·      Experience with security risk management, vulnerability management, and incident response.

·      Knowledge of security frameworks and security documentation

·      Familiarity with federal security policies and standards (e.g., NIST, FISMA, FedRAMP) is highly desirable.

What we have to offer

• Competitive Salary
• Medical, dental, vision, 401(K) and additional incentives
• Culture of community and opportunity to work in a growing organization
• Room for career growth and professional development
• Training and education opportunities

Checkmarx offers a great work environment, professional development, challenging careers, competitive compensation, great work-life balance, as well as great benefits and perks throughout the year. Checkmarx is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status, or other characteristics protected by law. Checkmarx will only employ those who are legally authorized to work in the United States for this opening.