Sr FedRAMP Compliance Strategist
Location:Offsite, Seattle, Washington, US
Area of InterestSecurity
In today's dynamic digital environment, security is everyone's job. At Cisco, the Security and Trust Organization is at the core of making infrastructure more secure. Your involvement in this strategic and ambitious team will allow you to be part of one of Cisco's major objectives - to be the Number 1 Trusted Business partner to our customers. The Security and Trust Organization reports to Cisco's Chief Security and Trust Officer and is responsible for owning the innovation, training, and implementation of security and trust features and processes across all of Cisco's products. The Global Cloud Compliance (GCC) group within the Security and Trust Organization is responsible to drive all Compliance certifications across Cisco. This team is responsible for enabling and protecting Cloud sales for our Commercial customers, US Government and Federal agencies, as well as many international standards bodies. This team works with Sales and Business Unit partners to ensure the correct security and trust features and functionality are included in new offer releases
The Senior FedRAMP GCC Compliance Strategiest will be located in US and will report directly to the Manager of the FedRAMP GCC Compliance Strategy. This role will work in close partnership with the rest of GCC Strategy, Execution and GCC-India team towards the uber compliance goals. This role will join compliance strategists providing support to various Cisco Cloud teams in FedRAMP certification efforts. This role requires an in-depth understanding of various security certification frameworks like AICPA SOC, ISO27001, NIST, CMMC, CIS and others. US Citizenship required.
What You'll do:
The role will work along side a team of FedRAMP compliance strategists who will be responsible for:
· working with the internal stakeholders and business engineering teams to document implementation of FedRAMP security compliance control implementations for technical, management, and operational requirements for Cisco SaaS offers
· Collect and document technical architecture, operational processes and security policies from multiple internal engineering teams
· Reviewing, analyzing and evaluating business systems and user needs in areas of Authorization and Accreditation (A&A;) and Plans of Action and Milestones (POA&Ms;)
· Demonstrate subject matter expertise in FedRAMP (Federal Risk Authorization Management Program), NIST SP 800-53 Rev 4, NIST SP 800-37, FISMA (Federal Information Systems Management Act), NIST RMF (Risk Management Framework),
· Supporting Systems Security Assessment and Authorization (SA&A;) for Federal Agencies, NIST FIPS 199 & Data Classification.
· provide guidance on the multiple ATO paths,
· providing the SMEs to the BU on compliance and process,
· lead the boundary definition and internal GAP assessments,
· ad-hoc advisory support to control implementations,
· drive the creation of the SSP and all attachments,
· provide audit training and support,
· Sponsoring agency and FedRAMP PMO discussions,
· FedRAMP and DISA related architectural considerations
· Bachelors / master’s Degree with a focus in Information Technology / Computer Science or related field
· Hand on experience with AWS, GCP & Azure environments
· Experience on NIST SP 800 Series, FedRAMP and FISMA documents
· Experience in executing the continuous monitoring operations of a FISMA/FedRAMP authorized environment
· Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA)
· Experience developing, editing, and revising technical documentation, including as-built documents, system security plans, system architectures, and policies and procedures.
· Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.
· Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, continuous monitoring, and POA&M; management.
· Understanding of Third-party Assessment Organizations (3PAO)
· Experience with National Institute of Standards and Technology (NIST) standards, DISA Cloud Computing Security Requirements Guide (SRG)
· Experience and familiarity with cloud data security (FISMA/FedRAMP compliance) and working with public cloud solutions (AWS and Azure)
· 7 - 10 years of relevant experience
#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all.
We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (36 years strong) and only about hardware, but we’re also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!
But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)
Day to day, we focus on the give and take. We give our best, give our egos a break, and give of ourselves (because giving back is built into our DNA.) We take accountability, bold steps, and take difference to heart. Because without diversity of thought and a dedication to equality for all, there is no moving forward.
So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us!