Atlassian
Atlassian's team collaboration software like Jira, Confluence and Trello help teams organize, discuss, and complete shared work.
Responsibilities
We are seeking an experienced Senior Compliance Program Manager to lead our Federal compliance initiatives. The ideal candidate will possess an in-depth understanding of FedRAMP, IRAP, ISMAP requirements and a proven track record of managing compliance programs. This role is crucial in ensuring that our cloud services meet all necessary standards and regulations for FedRAMP, IRAP authorization.
Key Responsibilities:
- FedRAMP Compliance Management:
Oversee and manage the entire FedRAMP compliance lifecycle, from initial assessment through continuous monitoring.
Develop and implement compliance strategies to meet FedRAMP requirements and maintain authorization. - Documentation and Reporting:
Prepare, maintain, and update all necessary documentation, including System Security Plans (SSPs), policies, procedures, and incident response plans.
Ensure timely and accurate reporting of compliance status, issues, and risks to senior management and stakeholders. - POAM Management:
Develop and manage Plans of Action and Milestones (POAMs) to address identified compliance gaps and vulnerabilities.
Track and monitor the progress of POAMs, ensuring timely resolution and reporting of status to stakeholders. - Audit and Assessment:
Coordinate and manage internal and external audits and assessments to ensure compliance with FedRAMP standards.
Act as the primary point of contact for third-party assessment organizations (3PAOs) and facilitate the audit process. - Risk Management and Mitigation:
Identify, evaluate, and mitigate risks associated with FedRAMP compliance.
Develop and implement risk management plans to address potential compliance gaps. - Stakeholder Engagement:
Collaborate with internal teams, including IT, security, legal, and operations, to ensure comprehensive compliance efforts.
Communicate effectively with stakeholders to ensure understanding and alignment on FedRAMP requirements and initiatives. - Continuous Monitoring and Improvement:
Establish and maintain a continuous monitoring program to ensure ongoing compliance with FedRAMP requirements.
Identify opportunities for process improvements and implement best practices to enhance compliance efficiency.
Qualifications
Bachelor's degree in Information Technology, Cybersecurity, or a related field. A Master's degree or relevant experience with certifications (e.g., CISSP, CISM, PMP) are preferred.
A minimum of 10 years of experience in compliance program management, with a focus on FedRAMP or similar regulatory frameworks.
In-depth knowledge of FedRAMP, IRAP, ISMAP requirements, processes, and documentation, including the authorization process and continuous monitoring.
Demonstrated experience in managing compliance audits and assessments, preferably with experience working with 3PAOs.
Strong understanding of cloud computing technologies and security practices, particularly in a government context.
Excellent project management skills, with the ability to manage multiple projects and priorities effectively.
Strong analytical and problem-solving skills, with a keen attention to detail.
Excellent communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels.