Sr. Global Public Sector Compliance Analyst

Snowflake

  • McLean, VA
  • Permanent
  • Full-time
  • 22 days ago
Build the future of data. Join the Snowflake team.Senior Global Public Sector Security Compliance Analyst will work across functional teams including Snowflake Engineering, Security, IT, HR, Legal, and Internal Audit to ensure government product security control requirements are implemented and monitored to satisfy FedRAMP Mod/High, FedRAMP+ DoD IL4/5, ITAR, IRAP, ISMAP, Protected B, StateRAMP, TX-RAMP, CJIS, IRS 1075, as well as European, Asian, and other government compliance frameworks. The candidate will also interface with government customers and third-party assessment organizations (3PAOs) during assessments.The successful candidate will already have several years of technical experience working in a FedRAMP authorized cloud software company or with a 3PAO assessing CSPs at various impact levels/system categorizations. The candidate will have already seen and been a part of solutions to address the FedRAMP High, IL4, and IL5 control implementations.TASKS & RESPONSIBILITIES:
  • Review and determine applicability of requirements of government compliance frameworks and agencies
  • Collaborate with cross-functional teams to determine appropriate controls to meet the requirements
  • Support Governance, Risk, and Compliance continuous monitoring program surrounding FedRAMP, DoD, ISMAP, Protected B and IRAP controls
  • Assess and gather evidence to support adherence to compliance requirements as it relates to NIST 800-53 Rev. 5, FedRAMP Overlay, Protected B ITSG-33, ISMAP Control Criteria and the IRAP Information Security Manual (ISM).
  • Review and identify FedRAMP and IRAP controls to communicate control requirements to internal stakeholders
  • Support FedRAMP (Moderate, High, DoD IL4, DoD IL5) and Global Public Sector assessments to communicate Snowflake's security posture and ensure proper scoping
  • Assist in evidence gathering and control monitoring of government compliance audits
  • Validate on-going compliance of policies and procedures in support of requirements
  • Work with our Security Team to improve policy and procedure documentation
  • Follow up with internal stakeholders to ensure completion of security-related tasks and controls
  • Conduct monthly, quarterly and annual reviews of security controls including Plan of Actions & Milestones (POA&M) and vulnerability scanning.
  • Ensure relevant stakeholders within Engineering understand their responsibilities in support of the Policies
  • Ensure stakeholders have developed and are maintaining appropriate Procedure documentation to support the Policies
REQUIRED EXPERIENCE & SKILLS:Work Experience:
  • Must have exceptional, years-long relationship with FedRAMP PMO
  • Minimum of 7 years prior responsibility for managing security compliance audits of cloud environments (AWS, Azure, and GCP) or assessing cloud environments against FedRAMP Mod/High, DoD IL4/5, ITAR, ISMAP, Protected B, and IRAP controls.
  • Confidently assessed and communicated risk based on business objectives
  • Track record of successfully improving controls, policies, and procedures to meet security requirements
Technical and Interpersonal Skills:
  • Technical understanding of AWS GovCloud, Azure Government, or GCP cloud platforms, including how components and services are used and secured against FedRAMP Mod/High, DoD IL4/5, ITAR, ISMAP, Protected B, and IRAP controls.
  • Technical Audit of Government production systems
  • Comfortable with JIRA
  • Natural curiosity and interest in solving complex problems
  • Superior written and verbal communication skills - including presentation skills
  • Exceptionally organized
Preferred Experience & Skills:
  • Expertise in FedRAMP Mod/High, DoD IL4/5, ITAR, ISMAP, Protected B, and IRAP security control requirements (NIST 800-53 Rev. 5, etc.)
  • Service Delivery or Audit background (IT, Engineering, Security) with referenceable “customers”
Every Snowflake employee is expected to follow the company's confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company's data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.

Snowflake