Senior Compliance AnalystBellevue, WA
Nintex changes how work gets done through process management and automation. Since 2006, we have helped customers and partners worldwide accelerate business results by digitally transforming workflows – thereby improving productivity.
You will join the Nintex Security Practice Team working with several globally located departments to coordinate and manage our FedRAMP and Compliance Program initiatives. This role will span strategic, operational, and tactical responsibilities, with an initial focus on FedRAMP and building the Nintex Compliance Program. You will also have the opportunity to define the requirements for adhering to a compliance framework, preparing teams for becoming audit ready, manage the monitoring requirements for maintaining a successful compliance standing, and working with auditors to manage all audit activities.
The role demands excellent project management experience as well as a comprehensive understanding of the FISMA law. You will enjoy the diversity of projects and enjoy managing multiple project initiatives happening simultaneously.
In this role, you work well with ambiguity and have creative solutions to complex problems. This position is an Individual Contributor and reports to the Director of Security and Compliance.
Your contribution will be:
- Lead the compliance lifecycle of the FedRAMP Authorization initiative
- Communicate FedRAMP requirements, deliverables and project status to stakeholders, leaders and external partners
- Advise geographically separated departments (Engineering, Corp IT, Product, Sales, Human Resources and Legal departments) on how to meet FedRAMP controls and maintain testing of those controls
- Drive cross-functional execution and validation of FedRAMP deliverables and work with federal agencies and government audit entities
- Operationalize and maintain continuous monitoring functions and FedRAMP documentation deliverables such as the SSP, SAP, SAR, POA&M and associated documents
- Coordinate compliance gap analysis, remediation plans, audits, documentation, self-assessment testing, and audit activities
- Manage and expand the Nintex Compliance Program. This includes preparing the company for new compliance frameworks.
- Train new and existing staff in compliance initiatives and also audit interview techniques
- Initiate the security reviews and risk assessment processes for new projects and technologies to ensure compliance, and recommend improvements
- Assist the Nintex Governance, Risk and Compliance team (GRC) in the writing, editing, and reviewing of the information security policies and guidelines
- Assist with compliance integration activities for company acquisitions
- Facilitate audits and manage test creation and evidence gathering for audits
- Help triage to mitigation vulnerabilities associated with vulnerability management, scanning tools and remediation
To be successful we think you need:
- 3+ years’ experience in:
- NIST SP 800 Series, FedRAMP, FIPS 199 and FISMA frameworks
- Working with subject matter experts and developing, editing, and revising documentation including standard operating procedures, system security plans (SSP), and policies and procedures.
- Continuous monitoring requirements and POA&M management and communication.
- Working with Third-party Assessment Organizations (3PAOs)
- Project management experience, ability to manage multiple projects simultaneously across global teams and departments
- Exceptional organizational and time management skills
- Strong verbal and written communication skills
- Strong understanding of vulnerability management, scanning tools and remediation
- Strong analytic and critical thinking abilities
- Excellent verbal and written communication skills
- Possess the knowledge of and the ability to apply ever-changing regulatory standards in an IT cloud setting
We are especially drawn to:
- USA Federal security clearance such as confidential, secret, or top secret
- Direct experience in managing other compliance initiatives from gap analysis to audit readiness such as SOC 2, ISO 27001, SOX, HIPAA, or PCI
- Degree in Information Systems, Computer Science, Information Security, or related
- CCEP, CISA, CISSP, or related certification
- Strong understanding of security controls and compliance frameworks
How we operate:
Everyone who works at Nintex follow three core tenets to ensure we operate a highly successful and collaborative business:
- We deliver on our commitments. We focus on a few key priorities and ensure we deliver with quality every time…..on time.
- We don’t wait. If we see an issue, we fix it. If we see an opportunity to accelerate our success, we take it.
- We operate with respect and consideration. We will move fast and deliver…and, we will do it the right way.
At Nintex, we thrive on helping our customers and partners succeed as they leverage the industry’s best process management and automation capabilities to digitally transform a wide range of business processes. Every employee that joins Nintex is presented with a massive market opportunity to help improve the way people worldwide work as every organization needs what we provide. We have a highly collaborative culture where we focus on success through team efforts.
Unleash your potential. Apply today.
Nintex participates in E-Verify for work authorization. We are an Equal Employment Opportunity Organization.