Senior Security Compliance Analyst - FedRAMP

Who We Are; What We Do; Where We’re Going
Magnet Forensics is a global leader in the development of digital investigative software that acquires, analyzes, and shares evidence from computers, smartphones, tablets, and IoT-related devices. We are continually innovating so our customers can deploy advanced and effective tools to protect their companies, communities, and countries. Serving thousands of customers globally, our solutions are playing a crucial role in modernizing digital investigations, helping investigators fight crime, protect assets, and guard national security. With employees based around the world, Magnet Forensics has been expanding our global presence. As a part of Magnet Forensics, you can expect to make a difference in the world, no matter what role you play. You’ll be supported through learning and development, not to mention an incredible team with unbelievable talent and integrity.  If you think you would be the right person to join our team working towards this goal, we would love to hear from you! 
Role Summary:This role involves collaborating with teams across the organization to ensure ongoing compliance with various security and regulatory standards, including but not limited to the Federal Risk and Authorization Management (FedRAMP) program. The ideal candidate has experience supporting compliance programs and is familiar with government-centric compliance standards such as StateRAMP, CJIS, FISMA, and IRAP. The candidate must be adept at interacting with both technology and business leaders and third parties.

Role Responsibilities:

• Lead and support compliance programs to ensure adherence to security standards and regulatory requirements, including FedRAMP, StateRAMP, CJIS, FISMA, and IRAP.
• Create and submit compliance reports, including vulnerability scan results, POA&M, and executive summaries.
• Act as the liaison with external stakeholders, including 3PAO, Authorizing Agencies, and other regulatory bodies.
• Run the continuous monitoring (ConMon) program, including internal audit, internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
• Support assessment activities, including significant change requests, feature onboarding, annual assessments, and agency reviews.
• Assist in maturing the organization's GRC program through process improvement, assessing and implementing new regulatory and industry standards.
• Collaborate with internal stakeholders to support compliance initiatives through awareness, training, and risk management.
• Lead internal security audits to validate adherence to standards including FedRAMP, CJIS, FISMA, IRAP, NIST 800-53, SOC 2, ISO 27001, IT General Controls, and other standards.
• Prepare and present reports on compliance status, audit findings, and remediation plans to management.
• Collaborate with third parties for independent security audits, assessments, and testing.
• Provide mentorship and guidance on security compliance standards, frameworks, and best practices.
• Develop and update company security policies. 

Qualifications:

• Bachelor’s degree in computer science, Information Security, or a related field.
• 5+ years of experience working in cybersecurity and/or security compliance roles.
• 2+ years of experience with FedRAMP
• In-depth understanding of the NIST 800-53 guidelines and FedRAMP requirements.
• Thorough knowledge of security best practices, standards, and frameworks such as NIST, CJIS, FISMA, and IRAP.
• Must be a U.S. citizen, residing in and with legal authorization to work in the U.S.
• May be required to travel 

Preferred Qualifications:

• Master's degree (or currently pursuing a higher degree).
• Experience in managing compliance programs within a Software as a Service (SaaS) company.
• Previous experience in a compliance assessment, having participated either as an assessor or as a Cloud Service Provider (CSP) throughout the entire audit process, from initiation to completion.
• Experience with SaaS security and monitoring, risk management, and GRC tools.
• Thorough knowledge of security best practices, standards, and frameworks such as ISO 27001, SOC 2, SOX, PCI-DSS, GDPR, and cloud security frameworks like CSA STAR, CIS Controls, and AWS Well-Architected Framework, in addition to FedRAMP, NIST, CJIS, FISMA, and IRAP.
• Professional certifications in cybersecurity, audit, risk, and compliance such as CISM, CISA, CISSP, CRISK, CGRC, etc.

The Most Important Thing

• We’re looking for candidates that can provide examples of how they demonstrated Magnet CODE in their previous experiences.

CARE -We care about each other and our mission to make a difference in the world.OWN -We are accountable for or results – while never forgetting to act with integrity, empathy, and respect.DEDICATE -We put our heart and soul into meeting the needs of our customers and helping them serve the people they protect.EVOLVE -We are constantly innovating and exploring new ways to work together to make an impact with our work.

Compensation & Benefits

• The Compensation Range is for the primary location for which the job is posted. Please note that the actual compensation may vary depending on location and job-related factors such as qualifications, experience, knowledge and skills. If you are applying for this role outside of the primary location and you are selected for an interview, the Talent Acquisition Partner can share more information with you. If the compensation structure for the role includes an incentive component (ie. most Sales roles) the range below represents total target compensation (TTC) (base salary + variable).


• Compensation Range:


• MIN: $112,700 - MID: $161,000 - MAX: $193,200 Currency: USD


• Magnet is proud to offer benefits such as:
• Generous time off policies
• Competitive compensation
• Volunteer opportunities
• Reward and recognition programs 
• Employee committees & resource groups
• Healthcare and retirement benefits 

Here at Magnet Forensics, we are committed to continuous learning and are focused on building a diverse and inclusive workforce. This commitment will be reflected in our hiring processes and embedded in our values and how we treat one another. If you’re interested in this role, but do not meet all of the qualifications listed above, we encourage you to apply anyways.  Magnet Forensics is an Equal Opportunity Employer and considers applicants for employment without regard to race, colour, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, provincial, or local law. We are committed to providing an inclusive, accessible recruitment process and work environment. Accommodation is available to all applicants upon request throughout the hiring process. Please contact aoda@magnetforensics.com should you require any accommodations.
All offers of employment at Magnet are contingent upon satisfactory completion of a background check. All background checks will be conducted in accordance with all applicable laws. Magnet will consider each position’s job duties, among other factors, in determining what constitutes satisfactory completion of the background check. Refusal to consent to a background check may be grounds for revoking an offer of employment.
US Applicants: Magnet Forensics participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.