Sorry. This page is not yet translated.
Medallia

Offers customer experience management software.

Risk and Compliance Senior Analyst
San Mateo, CA, US
Job Description / Skills Required

Medallia is the global leader in Customer Experience Management. Our mission is to create a world where companies are loved by their customers; where organizations see you as a person and not just their next sale. We do this by building a bridge between hundreds of companies and billions of customers, around the world, enabling access to your eyes, ears, and hearts, so they may design and deliver extraordinary experiences, every single day.

Responsibilities:

Develop Information Security and Compliance policies and standards in collaboration with various internal teams
Develop documentation to support FedRAMP Security Controls, System Security Plan, Contingency Plan & POA&M
Develop Security Assessment Report / Audit
Identify, track and assist with mitigation strategies for report security findings related to FedRAMP
Coordinate with 3rd Party Assessment Organizations to maintain ATO
Provide direction, design and implementation support of solutions, meeting FedRAMP requirements
Work with internal stakeholders to validate security strategies and roadmaps with respect to FedRAMP
Interface with internal and Government resources to assure compliance with federal government security requirements
Perform periodic assessments and audits of compliance with the established controls
Perform periodic tests of design and effectiveness of the established controls
Build and enhance the controls matrix, in alignment with multiple compliance frameworks
Assist with the security review component of vendor governance
Develop employee facing technical documentation, internal wiki pages, periodic security oriented communication to spread awareness about Information Security policies and standards
Skills:

5+ years of relevant information technology experience with at least 5 years of security architecture and design experience
Deep knowledge of FedRAMP and NIST requirements
In-depth understanding of NIST SP 800-53 control requirements
Ability to create and manage documentation necessary to complete and maintain the A&A process.
Ability to conduct self-assessments and perform formal risk analysis
Current/prior experience with a full cycle effort to complete an A&A package for a Federal information system