Job Description:
• Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time.
• The company brings together identity governance (IGA), granular application access, cloud security, and privileged access (PAM) to secure the entire business ecosystem and provide a frictionless user experience.
• The world’s largest brands trust Saviynt to accelerate digital transformation, empower distributed workforces, and meet continuous compliance.
• The Director, Information Security, reports into Information Security leadership, and will lead various Technical and Governance, Risk and Compliance (GRC) efforts as they relate primarily to the FedRAMP Program.
• The candidate will possess the ability to execute, scale, and continuously evolve the InfoSec and GRC functions to maximize the impact and oversight across the organization.
• The candidate must be comfortable managing projects in an Agile environment.
• The candidate should be familiar with policy and compliance requirements, including policy documentation and system requirements to successfully respond to potential audits.
Requirements:
• Bachelor's degree with a minimum of 10 years of experience
• Knowledge of U.S. Federal Government security compliance, risk management processes and requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls
• Experience with GRC tools and automation is a plus
• Experience with common controls framework, unified control framework (UCF) is a plus
• Knowledge of current trends/technologies (i.e., Zero Trust, AI/ML, PAM, etc.) is a plus
• Experience with vulnerability scanning, remediation, and continuous monitoring (ConMon)
• Experience managing Agile projects with a focus on duties related to Product Owner
• Experience developing executive level presentations to support Governance and broader Information Security updates to appropriate audiences
• Experience assessing project and technical documentation to ensure compliance with established policies, processes, and procedures.
• Requires sufficient technical background to be able to interpret audit and compliance requirements, and be able to support basic evidence gathering needs in support of audits
• Ability to provide excellent written and oral communications by email, presentations, and mobile communication platforms (including: experience facilitating discussions, briefing senior managers, and conducting project meetings).
• Experience supervising or managing an Agile project team.
• Work on multiple projects and tasks concurrently
• Experience defining project scope and objectives, developing detailed work products (schedules, status reports, etc.), conducting project meetings, and owning responsibility for project tracking and analysis.
• Experience with continuous monitoring and Plans of Actions and Milestones (POA&Ms) is a plus
• Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy
• Flexible and collaborative approach to enabling and supporting the business
• Strong stakeholder and relationship management skills
Benefits:
• Complete security & privacy literacy and awareness training during onboarding and annually thereafter
• Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):> Data Classification, Retention & Handling Policy> Incident Response Policy/Procedures> Business Continuity/Disaster Recovery Policy/Procedures> Mobile Device Policy> Account Management Policy> Access Control Policy> Personnel Security Policy> Privacy Policy
Apply Now
Apply Now