FedRamp Program Manager
The Job
Data loss can be devastating. Whether it’s caused by human error, bad code, rogue integrations, or malicious intent, all companies are at risk. OwnBackup is the #1 data backup, archiving, and sandbox seeding app on the Salesforce AppExchange. With over 3,000 customers, we are ranked #25 on Financial Times’ list of America’s fastest growing companies, and have raised $267.5 million in funding from Salesforce Ventures and others.
OwnBackup is seeking a talented and passionate FedRamp Program Manager to join our rapidly growing company. As part of the Chief Information Security Officer (CISO) organization, this role will be responsible for driving the development and delivery of federal customer program requirements. This effort includes creating processes where needed to attain and maintain FedRAMP certification, leading related communications and enablement, and managing overall program governance and documentation. You should be self-motivated with high attention to detail and possess the ability to prioritize and drive issues to resolution across multiple workstreams. Previous experience leading cross-functional projects/programs for government-related services is highly beneficial.
Additionally, as a rapidly growing company, this individual must be willing to assist and support other team members with our compliance and security needs as they arise.
Your Day-to-Day Role
- Act as FedRAMP subject matter expert, staying up to date with latest FedRAMP guidance. Prioritize needs and allocate resources, share regular updates with OwnBackup leadership on progress and timeline, and be the single point of contact for all teams throughout the complete program cycle
- Own the relationships with 3PAO, federal government liaisons, public sector account teams, and internal stakeholders.
- Contribute FedRAMP-specific input to the System Security Plan (SSP). Ensure SSP is updated to reflect changes as they arise and that the changes are reviewed and approved before incorporated in the SSP
- Work with the internal stakeholders in developing FedRAMP Moderate POA&M, Compliance POA&M, Significant Change Request, Operational Requirement Requests, and any other documentation required by sponsoring agency or FedRAMP PMO
- Manage strict remediation timelines for internal technical teams (security, product, engineering, and DevOps) and third-party deliverables
- Provide input to IT, R&D, and business teams about implementation of FedRAMP compliance and how it impacts product updates or team processes
- Coordinate external audits and assessments for OwnBackup's authority to operate (ATO)
- Responsible for oversight and collaboration of the continuous monitoring efforts including rigorous tracking of POAMs, significant change requests, and monthly submission of documentation to government stakeholders
- Assist Sales and Pre-Sales teams with responding to questions from Federal customers or presenting GovCloud architecture and FedRAMP/FISMA Compliance to customers
- Leverage technical and program management skills to plan, track, collaborate, and report on FedRAMP program deliverables, including scheduling and leading meetings, assigning and tracking action items, and developing status reports
- Collect security control implementation review results, penetration testing results, and vulnerability scan results for reporting to authorizing agencies
- Track and drive remediation of control deficiencies and gaps identified internally and externally
- Oversee budget and expenses related to FedRAMP program
- Partnership with other compliance & security teams as needs arise or expertise on topics can assist other team members or company efforts
Your Work Experience
- 8+ years of progressive experience in security, compliance, and program management leadership preferred
- 5+ years of direct experience leading FedRAMP compliance initiatives at the Moderate or High baseline level, ideally at a Third Party Assessment Organization (3PAO) or at a FedRAMP Certified Cloud Service Provider (CSP.)
- Familiar with SOC, ISO-27001, and PCI compliance programs
- Deep knowledge of overall FedRAMP and DOD Impact Level process and how security controls are implemented to meet compliance requirements
- Experienced and versed in the Assessment and Authorization (A&A), Certification and Accreditation (C&A), and NIST SP 800-53 controls.
- Technical background – Engineering/SDLC, IT, System Admin, etc a plus
- Experience with MARS-E a plus
- Experience with cloud computing, especially the security aspects of SaaS environments
- Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
- Experience with network security and networking technologies and with system, security, and network monitoring tools
- Strong understanding of the latest security principles, techniques, and protocols
- Familiarity with web-related technologies (Web applications, Web Services) and network/web related protocols
- Knowledge of cloud-based services and how the shared responsibility model applies across compliance frameworks
- Exceptional communication skills with the ability to convey complex compliance requirements to stakeholders with differing levels of expertise
Important Details
This is a full-time position. The ideal candidate will work out of our New Jersey office to maximize interaction with business.
Here at OwnBackup, culture is as important as results, and a key part of our culture is our differences. As we scale to help all types of companies protect precious data, our team must reflect the diversity we serve. OwnBackup is an Equal Opportunity Employer and we believe that every employee in the company brings a unique perspective that they can and should contribute in order to make an impact every day. We strive to be one team, one culture, and one family that builds trust through transparency. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, protected veteran status or disability status. OwnBackup will consider qualified applicants with criminal histories in a manner consistent with applicable law.
A Bit About Us
Have a look at our market opportunity and read through the AppExchange reviews to get to know OwnBackup a little better. Founded in 2015, OwnBackup is backed by top-tier venture capital firms and Salesforce Ventures. The company has experienced 100% y/y growth, establishing early market dominance in a big addressable market. To put it in perspective OwnBackup has 2k customers and nearly all of Salesforce 150k customers are a potential fit to use our products. Given the company’s vision to be the leading Cloud Data Protection Platform, there are also plans to expand into other SaaS ecosystems in the company year.