Manage and develop staff members under Product Compliance and fulfill people manager responsibilities
Direct Continuous Monitoring (ConMon) processes and ensure successful monthly reviews with ExtraHop and agency stakeholders in order to maintain FedRAMP authorization
Oversee and contribute to the vulnerability management lifecycle: triage, reporting, coordination with system owners, and remediation tracking
Manage the review of vulnerability findings and provide formal written responses for internal and external stakeholders, including customers
Assess and serve as a subject matter expert for regulatory and compliance requirements and best practices for various standards (e.g., CSA STAR, ISO 27001, FISMA, DORA, FINRA, DoDIN APL, NIAP, FIPS, CMMC, IL4/IL5)
Lead gap assessments and facilitate or support audits (including coordinating evidence collection and submission)
Develop and manage a product security compliance roadmap, incorporating input, feedback and data-driven requirements from Sales, Customer Success, Product Management, and R&D organizations; validate the roadmap with executive leadership; coordinate key activities across the organization to achieve roadmap milestones
Collaborate with Product Security and R&D staff to provide responses to customer and pre-sales inquiries about product security and related items
Collaborate with Product Security team members to develop and improve standards, policies, procedures, documentation, and training
Participate in security incident response activities, representing Product Security and R&D leadership in directing the execution of the IR Plan
Other duties as assigned

Requirements

12+ years of experience in cybersecurity, with a focus on compliance frameworks like FedRAMP, NIST SP800-53, SOC 2 and ISO 27001
5+ years of which should be hands-on experience specifically managing compliance programs, security assessments, or cloud security initiatives
Bachelor's degree in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical or management discipline
Direct experience with the FedRAMP compliance framework, including security control requirements, documentation and assessment methodologies
Technical knowledge of web application security and cloud security, including best practices and controls for cloud-based environments
Proficient with security tools, including vulnerability scanners, ticketing systems (e.g., Jira), compliance reporting platforms, and SIEM tools
Exceptional analytical skills to effectively manage and resolve security and compliance issues
Proven ability to communicate complex security concepts to technical and non-technical audiences
Strong project management skills with the ability to balance compliance initiatives and security operations
Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum.
Work cooperatively with others within the organization and other cross-functional stakeholders.
Work well in fast-paced, high-stress environments.
Has predictable, reliable attendance.

Benefits

Health, Dental, and Vision Benefits
Flexible PTO, Sick Time Prorated Based on Date of Hire, and All Federal Holidays (US Only) + 3 Days of Paid Volunteer Time
Non-Commissioned Positions may be eligible to participate in the Annual Discretionary Bonus Plan
FSA and Dependent Care Accounts + EAP, where applicable
Educational Reimbursement
401k with Employer Match or Pension where applicable
Pet Insurance (US Only)
Parental Leave (US Only)
Hybrid and Remote Work Model

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecuritycompliance frameworksvulnerability managementweb application securitycloud securitysecurity assessmentsproject managementanalytical skillssecurity control requirementsdocumentation methodologies

Soft Skills

communicationcollaborationleadershipproblem-solvingorganizational skillsadaptabilityteamworkattention to detailtime managementcustomer focus

Certifications

FedRAMPISO 27001NIST SP800-53SOC 2CMMCFISMADORANIAPFIPSIL4/IL5