FedRAMP Information Security Risk Analyst | Tenable, Inc. | Remote (United States)

FedRAMP Information Security Risk Analyst | Tenable, Inc. | Remote (United States)

Remote US
Application ends: September 2, 2024
Apply Now

Job Description

Your Role:

Join our InfoSec team at Tenable as a hands-on (Mid) Risk and Compliance Analyst. Drive compliance and assurance efforts for our products and cloud services while assisting with external risk assessments, security assessments, and audits. Make a real impact on our organization’s security and customer trust and come join us at Tenable!

Your Opportunity:

  • Serve as a company representative with prospects, customers, and partners for security questionnaires, assessments, and audits
  • Collaborate with Sales, Engineering, Information Security, IT, and Product Development teams to communicate compliance obligations and requirements
  • Complete Third-Party Risk Assessments (TPRM Program) for new and potential vendors/educate stakeholders on their responsibilities
  • Coordinate and participate in internal and external audit walkthroughs (ISO27k, SOC2, FedRAMP, Customer Audits, IRAP)
  • Help guide and perform remediation of issues identified during third-party assurance or internal reviews
  • Support special projects as needed, which may include:Assisting in the development and execution of the internal compliance program, involving preparation for audits, certifications, and risk assessments.
  • Assisting in the development, administration, and continuous monitoring of internal security controls.

What You’ll Need :

  • US Citizenship
  • 2+ years of experience in information security and vendor risk assessments based on industry standards.
  • 2+ years of experience in responding to security assessments, SAQs, compliance requirements, etc
  • 2+ years of experience with implementation, monitoring, and reporting of control processes, documentation, and remediation items
  • Experience working with the Federal Risk and Authorization Management Program (FedRAMP)
  • At least one relevant relevant security certifications (SSCP, Sec+, CISA, etc)
  • BS, BA in Information Technology, Computer Science, Information Security, or other related field
  • Be self-driven with the ability to work independently and comprehend all requirements
  • Strong communication skills and ability to collaborate effectively with all levels
  • Ability to adopt and utilize technology, with advanced proficiency in Excel, PowerPoint, and Vizio/Lucid.

And Ideally:

  • Knowledge of governance, risk and compliance frameworks (GRC)
  • Experience performing or undergoing internal and external audits
  • Analytical mindset with a rational, pragmatic, and realistic approach to security, risk, and compliance
  • Experience in a Big 4 or similar security consulting or risk assurance role
  • Experience as a FedRAMP assessor (3PAO) or advisor.
  • Experience with conducting audits, privacy, BC & DR Program Management