Director, Information Security - FedRAMP

Job Description: • Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the toughest security and compliance challenges in record time. • The company brings together identity governance (IGA), granular application access, cloud security, and privileged access (PAM) to secure the entire business ecosystem and provide a frictionless user experience. • The world’s largest brands trust Saviynt to accelerate digital transformation, empower distributed workforces, and meet continuous compliance. • The Director, Information Security, reports into Information Security leadership, and will lead various Technical and Governance, Risk and Compliance (GRC) efforts as they relate primarily to the FedRAMP Program. • The candidate will possess the ability to execute, scale, and continuously evolve the InfoSec and GRC functions to maximize the impact and oversight across the organization. • The candidate must be comfortable managing projects in an Agile environment. • The candidate should be familiar with policy and compliance requirements, including policy documentation and system requirements to successfully respond to potential audits. Requirements: • Bachelor's degree with a minimum of 10 years of experience • Knowledge of U.S. Federal Government security compliance, risk management processes and requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls • Experience with GRC tools and automation is a plus • Experience with common controls framework, unified control framework (UCF) is a plus • Knowledge of current trends/technologies (i.e., Zero Trust, AI/ML, PAM, etc.) is a plus • Experience with vulnerability scanning, remediation, and continuous monitoring (ConMon) • Experience managing Agile projects with a focus on duties related to Product Owner • Experience developing executive level presentations to support Governance and broader Information Security updates to appropriate audiences • Experience assessing project and technical documentation to ensure compliance with established policies, processes, and procedures. • Requires sufficient technical background to be able to interpret audit and compliance requirements, and be able to support basic evidence gathering needs in support of audits • Ability to provide excellent written and oral communications by email, presentations, and mobile communication platforms (including: experience facilitating discussions, briefing senior managers, and conducting project meetings). • Experience supervising or managing an Agile project team. • Work on multiple projects and tasks concurrently • Experience defining project scope and objectives, developing detailed work products (schedules, status reports, etc.), conducting project meetings, and owning responsibility for project tracking and analysis. • Experience with continuous monitoring and Plans of Actions and Milestones (POA&Ms) is a plus • Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy • Flexible and collaborative approach to enabling and supporting the business • Strong stakeholder and relationship management skills Benefits: • Complete security & privacy literacy and awareness training during onboarding and annually thereafter • Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):> Data Classification, Retention & Handling Policy> Incident Response Policy/Procedures> Business Continuity/Disaster Recovery Policy/Procedures> Mobile Device Policy> Account Management Policy> Access Control Policy> Personnel Security Policy> Privacy Policy Apply tot his job