Introduction

A career in IBM Software means you’ll be part of a team that transforms our customer’s challenges into solutions. Seeking new possibilities and always staying curious, we are a team dedicated to creating the world’s leading AI-powered, cloud-native software solutions for our customers. Our renowned legacy creates endless global opportunities for our IBMers, so the door is always open for those who want to grow their career.

IBM’s product and technology landscape includes Research, Software, and Infrastructure. Entering this domain positions you at the heart of IBM, where growth and innovation thrive.

We are seeking a motivated and detail-oriented individual to join our team as a FedRAMP Security Risk and Compliance Analyst. The successful candidate will be responsible for supporting Risk and Compliance within our Government services and ensuring that cloud environments meet the required security standards.

You will serve as a point of contact within our Information Security Government Risk & Compliance team. You will be responsible for working with internal security, technology, legal, and business stakeholders as well as with third party auditors to communicate compliance mandates and maintain compliance against published standards. You will support the compliance program to reduce compliance load and streamline program activities.

Your role and responsibilities

· Partner cross-functionally across the organization to support the implementation of technical, management, and operational controls, with a focus on controls required to deliver and operate regulated environments.

· Partner with other team members to prepare and update government security artifacts.

· Collaborate with internal teams to collect and review evidence, track status and provide guidance on what good practices look like.

· Lead or contribute toward policy, procedure and documentation development

· Maintain a current understanding of relevant compliance standards and regulations.

· Support assessments and coordinate with internal and external stakeholders.

· Develop and maintain KPIs, KRIs, and dashboards for reporting on assigned compliance programs weekly, monthly, quarterly, and annually.

· Collaborate with team members to manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts

· Provide FedRAMP compliance consulting to our teams for both technical and non-technical audiences

Required technical and professional expertise

· 1+ years of experience working for federal government agencies in security roles.

· Ability to translate technical and security requirements into common language.

· Ability to deeply understand security controls and help improve its implementation.

· Demonstrated ability to work independently as a self-starter in a fast-paced environment.

· In depth technical knowledge of Cloud systems and their underlying technical operations.

· Experience with Amazon Web Services, Google Cloud, or Microsoft Azure.

Preferred technical and professional experience

· 1+ years of experience in IT security audit, compliance, or relevant Federal regulatory experience

· Experience leading a Cloud Service Provider through a FedRAMP (Moderate, High) ATO or other government related assessment

· Broad IT background with technical understanding of networks, protocols, security configurations, cryptography, identity and access management, and the systems development life cycle

· Familiarity with FISMA, NIST CSF, FedRAMP, DoD Cloud SRG and other security frameworks