FedRAMP Technology Compliance Lead
- San Jose, CA
This position is for FedRAMP Technology Compliance Lead role for Adobe's Technology GRC (TechGRC) group. The role will be based out of Adobe San Jose, CA, Adobe Lehi, UT or Adobe's Washington, D.C. location. The person will lead the FedRamp efforts for Adobe including liaison with the AO (authorizing agencies) & Third-party Assessment Organizations (3PAO) & will report into TGRC Management at San Jose.
The FedRAMP Technology Compliance Lead is responsible for working with the internal stakeholders and product engineering teams to document implementation of control requirements and supporting the cloud security standards including technical security and operational controls for Adobe's SaaS environments.
- Work with internal stakeholder engineering teams to document the implementation of FedRAMP security compliance control implementations for technical, management, and operational requirements
- Collect and document technical architecture, operational processes and security policies from multiple internal engineering teams
- Reviewing, documenting, analyzing and evaluating business systems and user needs in areas of Authorization and Accreditation (A&A) and Plans of Action and Milestones (POA&Ms)
- Collect security control implementation review results, penetration testing results, and vulnerability scan results for POAM reporting to authorizing agencies
- Demonstrate subject matter expertise in FedRAMP (Federal Risk Authorization Management Program), NIST SP 800-53 Rev 4, NIST SP 800-37, FISMA (Federal Information Systems Management Act), NIST RMF (Risk Management Framework), supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies, NIST FIPS 199 & Data Classification.
- Bachelors / master's Degree with a focus in Information Technology / Computer Science or related field
- Hand on experience with AWS & Azure environments
- Experience on NIST SP 800 Series, FedRAMP and FISMA documents
- Experience in executing the continuous monitoring operations of a FISMA/FedRAMP authorized environment
- Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA)
- Experience developing, editing, and revising documentation technical documentation, including as-built documents, system security plans, system architectures, and policies and procedures.
- Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.
- Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, continuous monitoring, and POA&M management.
- Understanding of Third-party Assessment Organizations (3PAO)
- Experience with National Institute of Standards and Technology (NIST) standards, DISA Cloud Computing Security Requirements Guide (SRG), Experience and familiarity with cloud data security (FISMA/FedRAMP compliance) and working with public cloud solutions (AWS and Azure)
General requirements which will help you succeed in the role
- Good interpersonal, verbal and written communication skills. It is essential that the candidate is a team-player and possesses strong organizational and planning skills
- Ability to communicate with both business and technology staff including IT and Business management.
- Ability to multi-task, be detail-oriented, and solve problems analytically
- Knowledge of common IT systems (Operating Systems, network devices, applications)
- Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities
- Operational and deployment experience with various security tool platforms and systems
- Ability to work independently or as a member of a team on various tasks
- Skilled at organizing and translating information into clear written documentation, articulating complex concepts and processes in writing
- Proven ability to effectively research subject matter
- Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel
- Strong experience with Microsoft product suite, particularly Microsoft Word, PowerPoint and SharePoint
- Security clearance not required
- The candidate should be willing to travel for approximately 20 - 30% of time.
- Bachelor's degree in a relevant field (e.g., Computer Science, Information Security, etc.) and 5-7 years relevant experience or master's degree in a relevant field and 4 years relevant experience
- CISSP, CCSP, CISA or equivalent
- Strong understanding of Cloud Security concepts
At Adobe, you will be immersed in an exceptional work environment that is recognized throughout the world on Best Companies lists. You will also be surrounded by colleagues who are committed to helping each other grow through our unique Check-In approach where ongoing feedback flows freely.
If you're looking to make an impact, Adobe's the place for you. Discover what our employees are saying about their career experiences on the Adobe Life blog and explore the meaningful benefits we offer.
Adobe is an equal opportunity employer. We welcome and encourage diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability or veteran status.
Back to top