58 applicants

Company

MongoDB · 4 hours ago

Compliance Analyst, Public Sector

United States

Full-time

Remote

Mid Level

$76K/yr - $149K/yr

Maximize your interview chances

Cloud ComputingDatabase

Growth Opportunities

No H1B

U.S. Citizen Only

Insider Connection @MongoDB

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Assist with ongoing public sector compliance maintenance for a leading Database as a Service (DBaaS) compliance team

Support assessment activities as required by potential sponsors, 3PAO, or the PMO to maintain compliance certifications

Monitor internal compliance against information security governance frameworks by participating in third party assessments, internal control reviews, and gap assessments

Identify and communicate control gaps, evaluate action plans and milestones, and provide ongoing monitoring through remediation

Develop, review, and maintain policies, processes, and procedures for MongoDB’s Governance, Risk, and Compliance Program

Develop, review, and maintain customer facing documentation (e.g. CIS, CRM)

Support continuous monitoring activities to maintain compliance certifications (e.g. annual assessments, significant changes, vulnerability management, and incident reporting)

Work cross-functionally with organizational stakeholders to provide guidance on the effectiveness of security controls

Support audit readiness by engaging with internal stakeholders, providing guidance on compliance requirements, and preparing them for assessment interviews

Assist with building reports, dashboards, and presentations for various audiences (e.g. executive level, business unit level, department level, and customers)

Communicate recommendations for optimizing business operations to meet internal and external compliance goals

Leverage ticketing systems to document and track assignments to completion

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

ISO27001HIPAAPCISOC2Cloud SecurityRisk ManagementInformation Security PrinciplesVulnerability ManagementMicrosoft OfficeGoogle WorkspaceCCSPCISACGRCTechnical AssessmentsCompliance Requirements

Required

Be a US Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee)

Bachelor's degree in a technical field or equivalent professional experience

Experience conducting major security and compliance audits including ISO27001, HIPAA, PCI, and SOC2

Hands-on experience assessing, implementing, and documenting security controls in cloud environments

Strong understanding of cloud security, compliance, risk management, and information security principles

Exceptional skills in analysis, diagnostics, and critical thinking

Proven ability to collaborate proactively with internal teams and external customers

Strong verbal, written, and interpersonal communication skills for both technical and non-technical audiences

Effective communication of progress, concerns, and escalations to managers and stakeholders in a timely manner

Demonstrated ability to work independently and take ownership of tasks with minimal supervision

Resourcefulness in utilizing publicly available and internal resources to complete assignments

Proficiency in Microsoft Office (Word, Excel, PowerPoint) and Google Workspace (Docs, Sheets, Slides)

Preferred

Specific knowledge of compliance requirements and technical assessments for FedRAMP, NIST 800-53, and NIST 800-171 or other highly regulated security standards

Basic understanding of vulnerability management practices and continuous monitoring documentation (e.g. POA&M, Inventory Workbook, Deviation Request Form)

Experience reviewing and editing SSPs, IRPs, ISCPs, and other FedRAMP related documentation

CCSP, CISA, CGRC, and similar certifications are a plus