FedRAMP Continuous Monitoring Analyst (Remote US) :
Say hello to possibilities.
It’s not everyday that you consider starting a new career challenge.
We’re RingCentral, a global leader in cloud-based communications and collaboration software. We are fundamentally changing the nature of human interaction giving people the freedom to connect powerfully and personally from anywhere, at any time, on any device.
We’re a $2.4 billion company that’s growing at 10+% annually and we’re expanding our Security & Compliance team to make sure we stay ahead of the competition.
About this role :
As the FedRAMP Continuous Monitoring Professional at RingCentral, your primary responsibilities are to complete activities required to maintain and update FedRAMP Continuous Monitoring documentation for the RingCentral FedRAMP program.
Coordinate with departments at multiple levels as required to ensure business objectives within FedRAMP Continuous Monitoring are achieved.
Track solution efforts and advise leadership as required on status and blockers. This role can be 100% remote, or a hybrid role based at one of our offices in Denver CO, Dallas TX, or Belmont CA.
Responsibilities :
- Collaborate with team members to help manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts
- Interface with stakeholders at all levels of the organization and agency, FedRAMP PMO, consultants, and the 3PAO assessment team as required to maintain certification.
- Join the recurring agency ConMon meetings; including the review and submission of required artifacts
- Assist with the annual 3PAO security assessment from initiation to project closure
- Generate or facilitate deviation requests as required
- Perform functions as assigned in support of the Continuous Monitoring efforts.
- Conduct continuous monitoring activities to assess the effectiveness of security controls and identify potential vulnerabilities or non-compliance issues.
- Maintain and update the organization's System Security Plan (SSP) and other documentation required for FedRAMP compliance.
- Monitor security alerts and incidents, investigate and analyze security events, and coordinate appropriate response actions.
- Develop and implement procedures for security incident detection, response, and reporting, in accordance with FedRAMP requirements.
- Conduct periodic risk assessments and vulnerability scans to identify emerging threats and ensure timely mitigation.
- Prepare and present regular reports on the status of FedRAMP compliance activities to management and relevant stakeholders.
- Coordinate efforts to obtain and maintain FedRAMP certification
- Edit / update POAM documentation
Required Skills :
- Proven experience in FedRAMP Continuous Monitoring activities.
- Knowledge and experience in large, hybrid FedRAMP programs
- Familiarity with vulnerability management concepts, such as CVE and CVSS.
- Ability to quickly change priorities and handle simultaneous tasks.
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal skills.
- Ability to work independently and as part of a team.
Education / Prerequisites :
- Bachelor's Degree in Security or Information Security field.
- To comply with U.S. federal government requirements, U.S. citizenship is required for this position.
- Understanding of FedRAMP requirements, NIST Standards, and federal cybersecurity regulations
- Experience in identification, management, and reporting of risks and POA&Ms
- Experience performing FedRAMP assessments, authorization, and continuous monitoring (ConMon) of cloud service offerings
- Good communication and interpersonal skills
- SEC+ or related security certifications required
- Experience with SCR and related processes is a plus.