Sr. Global Public Sector Compliance Analyst
Snowflake
- McLean, VA
- Permanent
- Full-time
- Review and determine applicability of requirements of government compliance frameworks and agencies
- Collaborate with cross-functional teams to determine appropriate controls to meet the requirements
- Support Governance, Risk, and Compliance continuous monitoring program surrounding FedRAMP, DoD, ISMAP, Protected B and IRAP controls
- Assess and gather evidence to support adherence to compliance requirements as it relates to NIST 800-53 Rev. 5, FedRAMP Overlay, Protected B ITSG-33, ISMAP Control Criteria and the IRAP Information Security Manual (ISM).
- Review and identify FedRAMP and IRAP controls to communicate control requirements to internal stakeholders
- Support FedRAMP (Moderate, High, DoD IL4, DoD IL5) and Global Public Sector assessments to communicate Snowflake's security posture and ensure proper scoping
- Assist in evidence gathering and control monitoring of government compliance audits
- Validate on-going compliance of policies and procedures in support of requirements
- Work with our Security Team to improve policy and procedure documentation
- Follow up with internal stakeholders to ensure completion of security-related tasks and controls
- Conduct monthly, quarterly and annual reviews of security controls including Plan of Actions & Milestones (POA&M) and vulnerability scanning.
- Ensure relevant stakeholders within Engineering understand their responsibilities in support of the Policies
- Ensure stakeholders have developed and are maintaining appropriate Procedure documentation to support the Policies
- Must have exceptional, years-long relationship with FedRAMP PMO
- Minimum of 7 years prior responsibility for managing security compliance audits of cloud environments (AWS, Azure, and GCP) or assessing cloud environments against FedRAMP Mod/High, DoD IL4/5, ITAR, ISMAP, Protected B, and IRAP controls.
- Confidently assessed and communicated risk based on business objectives
- Track record of successfully improving controls, policies, and procedures to meet security requirements
- Technical understanding of AWS GovCloud, Azure Government, or GCP cloud platforms, including how components and services are used and secured against FedRAMP Mod/High, DoD IL4/5, ITAR, ISMAP, Protected B, and IRAP controls.
- Technical Audit of Government production systems
- Comfortable with JIRA
- Natural curiosity and interest in solving complex problems
- Superior written and verbal communication skills - including presentation skills
- Exceptionally organized
- Expertise in FedRAMP Mod/High, DoD IL4/5, ITAR, ISMAP, Protected B, and IRAP security control requirements (NIST 800-53 Rev. 5, etc.)
- Service Delivery or Audit background (IT, Engineering, Security) with referenceable “customers”