Security GRC Lead
Salesforce · Herndon, VA · Today
Hybrid$149k–$224k/yrFull-time
About the role
The Public Sector GRC Lead role is part of Informatica's Security and Compliance organization, sitting at the heart of our public sector growth. Our team works to maintain and expand the compliance authorizations that enable Informatica's cloud products to serve government customers at scale. We are looking for a Public Sector GRC Lead with deep experience in FedRAMP, NIST 800-53, and related public sector security frameworks.
Responsibilities
- Own and manage FedRAMP and related authorization programs end to end, including relationships with our Third-Party Assessment Organization (3PAO), sponsoring agencies, and the FedRAMP Program Management Office (PMO), as well as maintenance of the System Security Plan (SSP) and Plan of Action and Milestones (POA&M).
- Drive Continuous Monitoring efforts and lead annual external audits, including planning, scheduling, preliminary analysis, and providing audit training and support to cross-functional partners.
- Collaborate with engineering, product, sales, and legal teams to safely onboard new cloud products into the compliance boundary, identify opportunities to reduce risk, and document and address findings in accordance with FedRAMP regulatory standards.
- Provide subject-matter expertise on all public sector requirements to internal stakeholders and customers, and contribute to reporting and metrics that provide meaningful context for informed decision-making.
Requirements
- 5+ years of FedRAMP industry experience, including program and project management at a software company.
- Hands-on experience with government cloud environments such as AWS GovCloud, Azure Government, or Google Cloud (covering Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) models).
- Strong working knowledge of corporate security management, governance frameworks, and compliance standards including SOC 2, ISO 27001, PCI DSS, HIPAA, and CMMC.
- Clear communication skills with the ability to work directly with engineering, product, DevSecOps, and executive stakeholders and translate compliance requirements into actionable guidance.
Preferred Qualifications
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or related Global Information Assurance Certification (GIAC).
- Experience with additional public sector frameworks such as TX-RAMP, UK Cyber Essentials, or IRAP.
- Familiarity with generating compliance status and metrics reports for senior leadership audiences.