Sr. Information Security And Compliance Engineer - Federal
Please Note:
“This position requires the Public Trust Position (PTP) Tier 2 Level suitability adjudication. If offered employment, you must be willing to complete and successfully pass the adjudication process. Any employment is contingent upon obtaining the required adjudication.”
Company
Work matters. It’s where we spend a third of our lives, and fortunately, the workplace of the future is going to be a great place. We’re dedicated to bringing that to life for people everywhere. That’s why we put people at the heart of everything we do.
People matter. Our people have a passion for learning, building, and innovating. Whether you’re an engineer, a sales professional, a finance professional, or anything in-between, our roles aim to provide each person with meaningful impact and plenty of space to grow.
Role
We’re looking for a highly motivated, collaborative and technically experienced Security and Compliance Engineer with the ability to understand cloud operations and technology to proactively monitor and identify risk, effectively communicate those risks and drive remediation/changes within the Global Cloud Service organization. The successful candidate must be reliable, resourceful and have a “can-do” attitude and demonstrate the ability to analyze difficult problems, think out-of-box and provide pragmatic solutions and recommendations.
You will be responsible for the design and execution of control monitor tests (manual and automated) to ensure controls are designed and operating effectively in the environment to address ServiceNow compliance requirements. To do this you will be required to demonstrate ability to analyze difficult problems, think out-of-box and provide pragmatic solutions and recommendations.
In this role you will work with internal stakeholders to understand compliance testing needs in order to design test cases, execute test cases and support remediation and/or mitigation efforts and validate remediation. Additionally, you will work collaboratively across operations in support of building and executing a world-class Global Cloud Service compliance program while utilizing the ServiceNow platform. This role will report to the Sr. Director of Global Cloud Service Operations Compliance.
What you get to do in this role:
Work with engineering teams on new process, system and datacenter deployments, addressing compliance requirements as part of initial design and deployment. Design and execute test cases as part of compliance scheduled and impromptu control monitoring. Drive remediation and mitigation activities to ensure solution address the risk and meet the intent of the control. Evangelize GCS compliance to drive control owner awareness and education to ensure controls are implemented, maintained and compliant. Develop and lead new domain/certification ingestion process for new standards, regulations and/or other requirement sets presented to address regulated markets, risk mitigation and/or company forward thinking. Drive efficiency in the compliance process through automation and rationalizing configuration / code-based compliance controls over manual process and controls.
Responsibilities:
- Execute and continually improve to ensure a best in class compliance monitoring process for Global Cloud Services platform and infrastructure levels.
- Design and execute compliance test plans leveraging the ServiceNow GRC application and automation.
- Perform gap assessment of GCS operations against the ServiceNow Common Control Framework (CCF), Continuous Control Monitoring (CCM) programs and any future compliance frameworks to address current domains (i.e. Security, Privacy, Quality, Sustainability and Accessibility) and third party attestations/certification (i.e. SOX, FedRAMP, DOD IL4 & DOD IL5, PCI, ISO 27001, ISO 27701, SOC 1 & 2, Singapore MTCS, Australia IRAP, German C5 and more).
- Communicate findings with control owners, support remediation/mitigation discussions, to ensure solutions address the finding, and validate remediation/mitigation when completed.
- Drive GCS compliance onboarding and significant change request process for updated or new product applications, features, deployments, and functionality to ensure control alignment at onset of change.
- Review and provide feedback for compliance control implementation/narrative documentation.
- Support the evangelization of compliance controls to drive control owner awareness and education to ensure GCS compliance controls are implemented, maintained and compliant.
- Participates in external certification and customer audit events, including preparation, sample delivery, onsite facilitation and management response activities.
- Be a point of contact for internal audit and risk teams in the identification, tracking, and resolution of GCS risk items.
In order to be successful in this role, we need someone who has:
- 7+ years working in the field of security, compliance or audit
- Demonstrated ability to understand the intent of compliance requirements to provide effective and meaningful analysis, test case design and remediation recommendations
- Strong technical experience with system configuration and architecture review
- Demonstrated ability to interface successfully with engineering teams in critical and challenging conversations.
- Strong understanding of federal and commercial compliance certifications and attestations such as PCI, SOX, FedRAMP, DOD SRG, Australia ISMS, Singapore MTCS, German C5, France HDS and S. Korea K-ISMS
- Excellent verbal and written communication skills
- Self-motivated, self-directed, and able to thrive in a fast-paced environment with a passion to make an impact
- Prior experience at a SaaS, PaaS or IaaS Cloud company.
- Willing to travel up to 25% is required.
ServiceNow is an Equal Employment Opportunity Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at (408) 501-8550, or [email protected] for assistance
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at [email protected] for assistance.