Arctic Wolf · 11 hours ago

Lead Governance, Risk and Compliance Analyst (Security Certifications)

United States

Full-time

Remote

Senior Level, Lead/Staff

5+ years exp

Maximize your interview chances

Cyber SecurityInformation Technology

Growth Opportunities

Insider Connection @Arctic Wolf

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Plan, execute, and report on various types of Security/Privacy GRC reviews, including post-remediation validations

Conduct ongoing risk assessments and assist in developing and executing a dynamic risk assurance plan to address high-risk areas

Lead improvements and design of innovative industry-wide compliance and controls across the Organization

Lead compliance related change management initiatives within the Team and across the Organization

Lead handling complex issues with internal auditors and/or external regulators

Craft and communicate effective data-driven reporting and updates to influence decisions and outcomes internally

Develop and maintain tight coordination with various AW cross-functional teams

Develops and implements an effective new certifications program that leverages National Institute of Standards and Technology (NIST), CMMC, Federal & State Risk and Authorization Management Program (FedRAMP/StateRAMP), and other applicable regulatory/industry standards, policies and regulations (e.g., NIST 800-137, NIST 800-53, 800-37 and 800-39)

Works closely with internal AW teams to ensure timely delivery of controls, periodic compliance artifacts and assisting various teams with meeting required compliance requirements, milestones and objectives in support of obtaining and ongoing maintenance of the certifications/attestations.

Develops reports and briefings for leadership as it relates to identified and in-progress certifications.

Analyzes and validates the information collection and reporting process required by each certifying body and provides recommendations to integrate and automate continuous monitoring efforts and the corresponding reports.

Trains and formally hands off maintenance of each certification program to internal compliance team and facilitates the maintenance of common controls that can be used to satisfy multiple certification requirements.

Facilitates and executes all certification related internal and external assessment/audit efforts.

Acts as the subject matter expert for AW on various security certifications and provides advisory services to various AW teams as needed.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

CMMCFedRAMPPCI DSSNISTISOSOC2Risk ManagementCompliance ProgramsProject ManagementCross-Group CollaborationTeam Management

Required

Must have demonstrable experience in both building and operating CMMC, FedRAMP/StateRamp certification programs.

Impeccable analytical capacity and experience adding structure in a complex, ambiguous environment

Effective project management skills, as well as excellent verbal and written communication skills

Strong cross-group collaboration and team player, dealing with complex problems, resolving conflicts, and experience influencing cross-functionally, and with executive-level audiences

Ability to quickly adapt to shifting priorities, demands and timelines through both analytical and problem-solving capabilities

Ability to analyze fragmented inputs (critical thinking), synthesize key attributes and recommend/deliver effective, balanced recommendations and outcomes

Deep understanding of security, privacy, regulatory requirements that may impact the tech industry

5 + years of experience in managing compliance programs – must show demonstrable experience leading, building and running programs that led to security certifications for the organization

Bachelors degree or equivalent work experience