Senior Security Risk Engineer | 21969
Senior Security Risk Engineer
Location(s) Santa Clara CA, San Diego CA, Vienna VA
This position reports to: Risk and Remediation Manager
ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.
We’re disruptive. We work hard but try not to take ourselves too seriously. We are highly adaptable and constantly evolving. We are passionate about our product, and we live for our customers. We have high expectations and a career at ServiceNow means challenging yourself to always be better.
What you get to do in this role:
We’re looking for a highly motivated, collaborative and technically experienced Sr. Information System Engineer with the ability to understand cloud operational and security processes, effectively communicate ServiceNow’s risks, and drive remediation/changes within and throughout the organization. The successful candidate should be reliable, resourceful and has a “can-do” attitude.
You will be a key member of our team and play an important role in defining the Security and Compliance framework for a leading cloud company. In this role, you will be required to demonstrate ability to analyze difficult problems, think out-of-box and provide pragmatic solutions and recommendations. ServiceNow current cloud compliance initiatives are focused on, but not limited to ISO 27001, ISO 27018, FISMA, FedRAMP, PCI, SSAE 16, SOC 2, HIPAA, 21 CFR Part 11 and NERC CIP. The Senior Information System Engineer will be involved in driving and measuring risk assessments for the Federal business systems, control area, process, and product for company compliance initiatives for the Federal business.
- Lead or assist with successful completion of risk assessment activities for ServiceNow US Federal offering
- Successfully project manage and drive remediation activities across various teams within the organization
- Drive integration of remediation efforts with the risk management process
- Contribute by enhancing and maturing the existing Federal frameworks, processes
- Create/Report POAM to the FedRAMP Joint Advisory Board (JAB) and DISA
- Perform activities to remediate POAM findings
- Create and track deviation requests
- Create and track Significant Change Requests
- Facilitate FedRAMP JAB and DISA weekly meetings
- Facilitate meeting with the Third Party Assessment Organizations (3PAO)
- Facilitate customer request and information gathering for audit activities.
- Help our customers understand ServiceNow’s security and compliance control environment
- Contribute in enhancing our Governance, Risk and Compliance (GRC)tool to meet compliance business needs
- Develop/Enhance dashboard for management level reporting
In order to be successful in this role, we need someone who has:
- 7+ years working in the field of compliance or security
- Prior experience of working in the Security and Compliance group on a Federal contract or within the Federal business
- Experience in reporting to the FedRAMP JAB or DISA
- Experience working with 3PAO to remediate/mitigate findings for Significant Change Requests (SCR) and audit activities
- Direct and recent working experience with at least two of the following compliance program: ISO 27001, and FISMA/FedRAMP, DOD 8500.2
- Relevant professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, PMP
- Ability to manage security and compliance projects
- Strong technical experience with configuration management
- Strong technical experience with inventory reporting and architecture review
- Prior experience with GRC systems
- Ability to understand the intent of compliance requirements to provide effective and meaningful analysis
- Excellent report writing skills, ability to prepare compliance reports and associated metrics
- Excellent verbal and written communication skills
We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or firstname.lastname@example.org for assistance.