WalkMe™

Senior Compliance Analyst, FedRAMP

WalkMe™

full-time

Posted on:

Origin:  • 🇺🇸 United States • New York

Visit company website
AI Apply
Apply

Salary

💰 $100,000 - $130,000 per year

Job Level

Senior

Tech Stack

AWSAzureCloudERPGoogle Cloud PlatformKubernetesServiceNowSplunkTerraform

About the role

  • Own the FedRAMP RMF lifecycle, including defining/maintaining the authorization boundary, driving control implementation evidence, writing and reviewing the System Security Plan (SSP), and managing System Assessment Plan (SAP)/System Assessment Report (SAR), Plan of Action & Milestones (POA&M), and Continuous Monitoring submissions.
  • Author and maintain security and compliance policies, standards, and procedures, aligning with NIST 800-53r5 and organizational standards.
  • Drive vulnerability management, including vulnerability scanning, patching cadence enforcement, and tracking remediation.
  • Liaise with external FedRAMP advisors/3PAO and authorizing stakeholders, scheduling walkthroughs, coordinating requests, and resolving findings.
  • Serve as the U.S. citizenship compliance focal point for technical operations in the FedRAMP production environment.
  • Collaborate with Security (GRC/AppSec/IR), Cloud Engineering/SRE, and IT teams to operationalize NIST 800-53 Rev. 5 controls and ensure traceable evidence.
  • Influence engineering best practices by embedding security and compliance requirements into CI/CD pipelines, IaC, and operational processes.
  • Report program status, risks, and metrics to the GRC Lead/CISO, and prepare materials for audits, renewals, and leadership reviews.
  • Author clear policies, technical documentation, and reports; take ownership and drive complex initiatives to completion.

Requirements

  • Minimum 7 years of compliance experience in FedRAMP
  • Prior experience leading a FedRAMP Authorization to Operate (ATO) or renewal, including preparing for agency or JAB authorization
  • Prior, hands-on FedRAMP experience in documentation, RMF, POA&M management, Continuous Monitoring, and FIPS-validated cryptography (FIPS 140-3)
  • Strong working knowledge of NIST 800-53r5 and RMF (NIST 800-37), with the ability to map technical controls to evidence
  • Demonstrated ability to author policies, review SSPs and collaborate effectively with 3PAOs/advisors and engineering teams
  • Excellent documentation, communication, and stakeholder management skills
  • U.S. citizenship (required due to federal program requirements)
  • Strong English communication skills (oral and written)
  • Positive, can-do attitude with a collaborative approach