Time zones: EST (UTC -5), CST (UTC -6), MST (UTC -7), PST (UTC -8), AKST (UTC -9), HST (UTC -10)
WordPress VIP (WPVIP), the enterprise division of Automattic, is the world’s main content material administration platform. Leveraging our FedRAMP certification, WPVIP is increasing its attain into the general public sector, and rising momentum in extremely regulated use circumstances. WordPress, the Open Supply CMS, powers 40% of the net, and our massive and rising ecosystem of applied sciences, companies, and integrations is designed to convey that freedom and energy to our prospects, which embrace a number of federal authorities companies, in addition to Meta, The New York Instances, Salesforce, and a whole lot extra.
Our authorities sector enterprise is quickly increasing as we capitalize on the US Federal Authorities’s “Cloud Good” mandate, and we’re correspondingly rising our funding in our GRC capabilities. Consequently, we’re searching for an skilled chief to information our investments, and to make an impression by establishing an enterprise-grade, world-class Compliance operate.
With deep experience with the FedRAMP certification course of in addition to Compliance extra typically, you’ll drive towards attaining compliance requirements together with FedRAMP, ISO27K, SOC, and CSA Star; contribute to evolving our method to GRC; and assist our enterprise seize a wholesome share of the federal government sector complete addressable market. It will entail being accustomed to compliance requirements comparable to NIST 800-53, and likewise with the ability to information the group on implementation approaches that stability safety and compliance necessities with enterprise and cultural realities. Your method can be sensible and embrace a willingness to roll up your sleeves and help implementation in numerous methods, together with project-managing important efforts.
Duties:
- Guarantee attainment of FedRAMP Reasonable ATO and lead and execute ongoing processes comparable to ConMon, Annual Assessments, and SCR (Important Change Request) actions.
- Collaborate with stakeholders to outline a quarterly roadmap for the Compliance operate to assist deal with two key areas: (1) output actions to make sure certifications (comparable to FedRAMP) and buyer commitments are assured and (2) foundational actions to enhance Compliance associated operations with measurable impression.
- Develop and keep documentation for all Compliance-related actions.
- Work throughout product, engineering, programs, and authorized groups to establish and handle privateness, knowledge safety dangers, and compliance necessities to assist meet enterprise wants.
- Choose and implement applicable programs and reporting protocols to help a number of units of certifications, documentation necessities, management households on one aspect, and to help provision of applicable documentation to auditors, sponsoring companies, prospects, and many others. on the opposite aspect.
- Have interaction and seek the advice of with govt and senior leaders to align Compliance and Safety applications with enterprise objectives.
- Take part in buyer stakeholder calls to grasp new buyer necessities and to information these interactions to assist stability commitments to potential to ship.
- Construct, scale, and handle our compliance staff to help our wants as an enterprise-focused, distributed firm.
- Promote a tradition of compliance all through the group.
- Triage and handle all compliance-related priorities together with help for RFPs.
Necessities:
- Area experience in public sector associated compliance, possessing deep understanding of federal rules and frameworks comparable to FedRAMP, NIST, and FISMA.
- Deep expertise with FedRAMP processes for AR, OR, and SCR; and when to leverage every.
- Expertise in efficiently acquiring and/or sustaining FedRAMP Reasonable (or larger) certifications for IaaS, PaaS, or SaaS options or expertise working at an accredited 3PAO and having structured and carried out assessments for a number of CSPs inside the previous three years.
- A number of related certifications comparable to CISSP, CISA, or CRISC.
- Expertise working with gross sales groups to answer RFPs, VSQs, and different questionnaires from prospects and prospects.
- Expertise main and motivating cross-functional, interdisciplinary groups and scaling compliance-related operations.
- Expertise participating with Compliance and Information Safety groups at Enterprise prospects to grasp necessities and to co-develop options.
- Expertise with Cloud computing and containerization instruments (eg. Kubernetes).
- Understanding of worldwide, federal, state, and native legal guidelines regarding knowledge acquisition, safety, and transmission.
- Should be a resident of the contiguous United States.
Further Credit score:
- Direct expertise with FedRAMP Excessive inside the previous 3 years.
- Confirmed and efficient relationships inside the FedRAMP PMO.
- Fingers-on expertise implementing compliance automation instruments comparable to Drata, Vanta, HyperProof, and many others.