Senior Technical Writer (InfoSec and Compliance)

We are looking for an experienced Technical Writer with proven experience creating and maintaining documentation to support an information security & compliance program for an organization that provides both cloud software and services. You will report to the Senior Manager, Information Security Programs. You will need strong written and verbal communication, and a strong working knowledge of FedRAMP and ISO 27001 documentation requirements. You will also work with teams on other policies, procedures, standards, or other audit related documentation to support SOC 2, PCI, HIPAA, FISMA, CJIS and Cyber Essentials. You will work collaboratively with the security team as well as with cross-functional teams, including technical and non-technical roles. This role will also work independently to manage the document lifecycles. 

What your impact will look like here

• Refresh company security policies and procedures, including mapping to corresponding framework controls, including NIST 800-53 (for FedRAMP), ISO 27001:2022, Cyber Essentials, PCI, HIPAA, and SOC 2. 
• Collaborate with cross-functional teams to map all audited policies and procedures and support review. 
• Update and maintain the FedRAMP, StateRAMP, and TxRAMP System Security Plans and all attachments. This will include working with the control owners to review and update control implementation summaries. 
• Document the FedRAMP Deviation Requests (DR) and Significant Change Request (SCR) and support the DR and SCR processes. You will leverage FedRAMP templates and guidelines. You will work with the technical owners to assess the requests and ensure sufficient detail is provided in the DR and SCR submissions, and that they are documented for technical and non-technical reviewers. 
• Create and improve runbook documentation for internal security team processes related to audited controls, SCRs, DRs, POA&Ms and ConMon.
• Create and maintain documentation for StateRAMP, TxRAMP, or other compliance frameworks. 
• Create new information security policies and procedures, as necessary. 
• Update and maintain SSP System Description, ISO Scope statement, and SOC 2 Type II Section III System Description content. 
• Own the versioning and document management process for the document lifecycle, including centralized document repository and version control. 

You will love this job if you have

• 7+ years in technical writing for information security or compliance  
• Direct experience documenting for FedRAMP, StateRAMP, and/or TxRAMP, which may include SSPs, DRs, SCRs, ConMon, POA&Ms, or the dash-one “-1” controls
• Experience documenting company security policies and procedures
• Knowledge of common security frameworks, such as NIST 800-53, ISO 27001, PCI, HIPAA, SOC 2, CJIS and/or Cyber Essentials
• Ability to work with very technical teams and non-technical teams
• Ability to work independently
• Familiarity with AWS, Azure, and/or GCP
• Familiarity with common cloud security controls and tools 
• Knowledge of FedRAMP OSCAL resources

The TeamWe area globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand. The CultureAt Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be a part of our journey. A few culture highlights include – -        Employee Resource Groups to encourage diverse voices-        Coffee with Mark sessions – Our employees get to interact with our CEO on very important and sometimes difficult issues ranging from mental health to work life balance and current affairs. -        Embracing diversity & fostering a culture of ideation, collaboration & meritocracy-        We bring in special guests from time to time to discuss issues that impact our employee population  The CompanyServing the People Who Serve the PeopleGranicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and its constituents together. We are on a mission to support our customers with meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn. Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers power an unmatched Subscriber Network that use our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe.Want to know more? See more of what we do here.  The ImpactWe are proud to serve dynamic organizations around the globe that use our digital solutions to make the world a better place — quite literally. We have so many powerful success stories that illustrate how our solutions are impacting the world. See more of our impact here. The Process -        Assessment – Take a quick assessment.-        Phone screen – Speak to one of our talented recruiters to ensure this could be a fit.-        Hiring Manager/Panel interview – Talk to the hiring manager so they can learn more about you and you about Granicus. Meet more members on the team! Learn more and share more.-        Reference checks – Provide 2 references so we can hear about your awesomeness.-        Verbal offer – Let’s talk numbers, benefits, culture and answer any questions.-        Written offer – Sign a formal letter and get excited because we sure are! Benefits at Granicus IndiaAlong with the challenges of the job, Granicus offers employees an attractive benefits package which includes – -        Hospitalization Insurance Policy covering employees and their family members including parents-        All employees are covered under Personal Accident Insurance & Term Life Insurance policy-        All employees can avail annual health check facility  -        Eligible for reimbursement of telephone and internet expenses -        Wellness Allowance to avail health club memberships and/or access to physical fitness centres-        Wellbeing Wednesdays which includes 1x global Unplug Day and 2x No Meeting Days every quarter-        Memberships for ‘meditation and mindfulness apps including on-demand mental health support 24/7 -        Access to learning management system Say., LinkedIn Learning Premium account membership & many more-        Access to Rewards & recognition portal and quarterly recognition program Security and Privacy Requirements-        Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program.-        Responsible for ensuring the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies.   Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status regarding public assistance, familial status, military or veteran status or any other status protected by applicable law.