Lead FedRamp Analyst

This role is for someone who is looking to positively impact Rapid7’s future with US public sector cybersecurity programs. Previous robust experience driving complex compliance programs as FedRamp would set up for success in this position. Your ability to successfully carry out cross-functional work will require strong communication skills, patience, and a solution-oriented attitude

In this role you will be part of an energized team that cares deeply about the success of these initiatives, and leadership that values work-life balance, an inclusive culture, and your ongoing career development.

About the Team

Rapid7’s Trust & Governance team functions within the Information Security group and plays a crucial role in supporting the organization’s mission. We ensure we meet our duty of care to our customers, employees, and shareholders by creating effective governance for upholding internal security policies, identifying and managing security risk, distributing foundational security expertise across every department to create an exceptional security culture, and bolstering customer and community trust by providing accessible and transparent information about our internal security program. This role partners closely with other InfoSec teams, Engineering, Platform, Legal, Procurement, and many other teams at Rapid7.

About the Role

We’re looking for a Lead FedRamp Analyst to own, drive and improve Rapid7’s FedRamp compliance program and shape the future of US public sector cybersecurity programs. 

In this role, you will:

• Upgrade Rapid7’s US Cybersecurity Compliance program to the next level

• Lead and orchestrate the management of the FedRamp compliance program ensuring regulatory requirements and security policies are followed

• Act as main point of contact for all FedRamp compliance activities coordinating and managing relationships with all stakeholders (Internal and external)

• Update and coordinate documentation changes in key documents, authorization packages and compliance reports 

• Ensure readiness for ATO assessments and ConMon reporting 

• Analyze Control Implementation Summaries (CIS) and Customer Responsibility Matrixes (CRMs) from Rapid7 vendors and analyze and define Rapid7’s CIS and CRM Strive for process improvement and proactive risk identification and mitigation

• Report and provide visibility of FedRamp status and other Public Sector related initiatives to senior management and wide variety of stakeholders

• Influence engineering team to ensure seamless adoptions of regulatory requirements

• Partner with sales and customer success management to simplify the customers experience understanding FedRamp compliance 

The skills you’ll bring include:

• 7+ years of experience in security compliance programs

• 5+ years of experience at FedRamp

• Certifications as CISSP, CISA, CRISC or CISA highly desirable

• Experience with GRC tools such as Diligent or OneTrust

• Strong knowledge of NIST 800-53 rev5 and foundational knowledge of NIST 800-171 and FIPS 199

• Foundational knowledge of CMMC, FISMA, StateRamp and the Federal acquisition process (FAR/DFAR)

• Experience with Secure Software Development Cycle and equivalent best practices as NIST 800-218, familiar with SBOMs (Software Bill of Materials)  and supply chain risk management

• Context on the Executive Order 14028 and other big regulatory developments in the US that will impact the present and future of cybersecurity

• Strong background leading and orchestrating Business Continuity Plans, Disaster Recovery Plans and Contingency plans and related activities 

• Experience interfacing with Federal Agencies (for security), 3PAOs and other applicable stakeholders

• Knowledge of AWS and other big SaaS players 

• Strong communication skills with the ability to translate complex technical concepts into business language

We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.

 

About Rapid7

Rapid7 (NASDAQ: RPD) helps organizations across the globe protect what matters most so innovation can thrive in an increasingly connected world. Our comprehensive technology, services, and community-focused research simplify the complex for security teams, helping them reduce vulnerabilities, monitor for malicious behavior, be in 10 places at once, and shut down attacks. We’re on a mission to make security solutions easier to use and access so we can bring safety and resilience to more people.  With more than 10,000 customers across 140+ countries, Rapid7 is a leader in cybersecurity that has earned numerous industry accolades and recognition for our technology and culture.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other status protected by applicable national, federal, state or local law.