Distant Director of Compliance at Automattic

Our authorities sector enterprise is quickly increasing as we capitalize on the US Federal Authorities’s “Cloud Good” mandate, and we’re correspondingly rising our funding in our GRC capabilities. Consequently, we’re searching for an skilled chief to information our investments, and to make an impression by establishing an enterprise-grade, world-class Compliance operate. 

Duties: 

• Guarantee attainment of FedRAMP Reasonable ATO and lead and execute ongoing processes comparable to ConMon, Annual Assessments, and SCR (Important Change Request) actions.
• Collaborate with stakeholders to outline a quarterly roadmap for the Compliance operate to assist deal with two key areas: (1) output actions to make sure certifications (comparable to FedRAMP) and buyer commitments are assured and (2) foundational actions to enhance Compliance associated operations with measurable impression.
• Develop and keep documentation for all Compliance-related actions. 
• Work throughout product, engineering, programs, and authorized groups to establish and handle privateness, knowledge safety dangers, and compliance necessities to assist meet enterprise wants.
• Choose and implement applicable programs and reporting protocols to help a number of units of certifications, documentation necessities, management households on one aspect, and to help provision of applicable documentation to auditors, sponsoring companies, prospects, and many others. on the opposite aspect.
• Have interaction and seek the advice of with govt and senior leaders to align Compliance and Safety applications with enterprise objectives.
• Take part in buyer stakeholder calls to grasp new buyer necessities and to information these interactions to assist stability commitments to potential to ship.
• Construct, scale, and handle our compliance staff to help our wants as an enterprise-focused, distributed firm.
• Promote a tradition of compliance all through the group.
• Triage and handle all compliance-related priorities together with help for RFPs.

Necessities: 

• Area experience in public sector associated compliance, possessing deep understanding of federal rules and frameworks comparable to FedRAMP, NIST, and FISMA. 
• Deep expertise with FedRAMP processes for AR, OR, and SCR; and when to leverage every.
• Expertise in efficiently acquiring and/or sustaining FedRAMP Reasonable (or larger) certifications for IaaS, PaaS, or SaaS options or expertise working at an accredited 3PAO and having structured and carried out assessments for a number of CSPs inside the previous three years.
• A number of related certifications comparable to CISSP, CISA, or CRISC.
• Expertise working with gross sales groups to answer RFPs, VSQs, and different questionnaires from prospects and prospects.
• Expertise main and motivating cross-functional, interdisciplinary groups and scaling compliance-related operations.
• Expertise participating with Compliance and Information Safety groups at Enterprise prospects to grasp necessities and to co-develop options.
• Expertise with Cloud computing and containerization instruments (eg. Kubernetes).
• Understanding of worldwide, federal, state, and native legal guidelines regarding knowledge acquisition, safety, and transmission.
• Should be a resident of the contiguous United States.

Further Credit score:

• Direct expertise with FedRAMP Excessive inside the previous 3 years.
• Confirmed and efficient relationships inside the FedRAMP PMO.
• Fingers-on expertise implementing compliance automation instruments comparable to Drata, Vanta, HyperProof, and many others.