Senior Trust Assurance Specialist

Who we are

We're a leading, global security authority that's disrupting our own category.  Our encryption is trusted by the major ecommerce brands, the world's largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers.  We help companies put trust - an abstract idea - to work. That's digital trust for the real world.

Job summary

We are seeking a Senior Trust Assurance Specialist to join the Trust Office team at DigiCert. The successful candidate will have at least 10 years of experience in compliance, risk management, or internal audit, with a strong background in FedRAMP or FISMA ATOs and other relevant cybersecurity standards. This role requires a US citizen with a strong knowledge of regulatory frameworks, exceptional analytical and organizational skills and the ability to effectively communicate and collaborate with internal and external stakeholders. The role will report to DigiCert’s Head of Compliance and will be part of the Trust Office team.

What you will do

• FedRAMP Expertise at the Moderate or High impact level: Lead the company’s FedRAMP authorization and continuous monitoring efforts, including security documentation, control implementation, and coordination with external auditors.
• Regulatory Compliance: Ensure compliance with FedRAMP Mod, WebTrust for CAs, NIST 800-53 r5, NIST 800-63, FISMA, and other regulatory and industry frameworks.
• Audit and Assessment Management: Prepare for and support internal and external audits, including FedRAMP, SOC 2, WebTrust, and other compliance reviews.
• Risk Management: Provide input into DigiCert’s risk management program.
• Policy Development: Provide input and review for relevant DigiCert internal policies and procedures. Ensure appropriate controls are designed and implemented throughout the environment to comply with security policies and procedures.
• ATO Management: Maintain a positive relationship with our authorizing agencies as the point-of-contact for regular meetings and POA&M management. Ensure DigiCert’s SSP is current and reflects the current state of the authorized system.
• Stakeholder Collaboration: Work closely with Security, IT, Legal, and Operations teams to ensure compliance objectives are met.
• Stay informed of emerging regulatory trends and changes, advising senior management on potential impacts and necessary adjustments to the compliance program.
• Serve as a liaison with relevant regulatory bodies, agencies, and external auditors, managing communications and coordinating inspections or investigations.
• Collaborate with Legal, Finance, HR and other departments to ensure cohesive compliance strategies and responses to regulatory issues.
• Help foster a culture of compliance and security throughout the organization.
• Any other similar related activities as assigned.

What you will have

• Minimum bachelor’s degree in law, compliance, computer science or related field.
• Minimum 10 years of experience in compliance, risk management, or internal audit, preferably in a cybersecurity, PKI, or cloud environment.
• Proven experience with FedRAMP (Authorization, Continuous Monitoring, Compliance Management).
• Strong knowledge of PKI, digital certificates, and cryptographic security principles.
• Experience with standards such as WebTrust for CAs, SOC 2, ISO 27001, FIPS 140-2/3, and NIST frameworks (800-53 r5, 800-63).
• Experience engaging with regulatory bodies, auditors, and external auditors.
• Experience writing and evaluating control design.
• Certifications such as CISSP, CISM, CISA or CRISC are highly desirable.
• Excellent analytical, organizational and communication skills.
• Experience with compliance and risk management software and the ability to leverage technology for efficient compliance monitoring and reporting.
• Prior experience as an ISSO or ISSM is a plus.
• Prior experience with FPKI is a plus.

Benefits

DigiCert offers a competitive benefits package for all of our full-time employees. 

DigiCert is an Equal Opportunity employer and is committed to diversity in its workforce.  In compliance with applicable federal and state laws, DigiCert prohibits discrimination on the basis of race or ethnicity, religion, color, national origin, sex, age, sexual orientation, gender identity/expression, veteran’s status, status as a qualified person with a disability, or genetic information.  Individuals from historically underrepresented groups, such as minorities, women, qualified person with disabilities, and protected veterans are strongly encouraged to apply.

#LI-RR1