Description
The Public Sector GRC Lead role is part of Informatica's Security and Compliance organization, sitting at the heart of our public sector growth. Our team works to maintain and expand the compliance authorizations that enable Informatica's cloud products to serve government customers at scale.
We are looking for a Public Sector GRC Lead with deep experience in FedRAMP, NIST 800-53, and related public sector security frameworks. In this role, you will serve as our Information System Security Officer (ISSO), maintaining our current authorizations, partnering with engineering and product teams to expand our compliance boundary, and helping shape the next generation of public sector certifications we pursue.
Responsibilities:
- Own and manage FedRAMP and related authorization programs end to end, including relationships with our Third-Party Assessment Organization (3PAO), sponsoring agencies, and the FedRAMP Program Management Office (PMO), as well as maintenance of the System Security Plan (SSP) and Plan of Action and Milestones (POA&M).
- Drive Continuous Monitoring efforts and lead annual external audits, including planning, scheduling, preliminary analysis, and providing audit training and support to cross-functional partners.
- Collaborate with engineering, product, sales, and legal teams to safely onboard new cloud products into the compliance boundary, identify opportunities to reduce risk, and document and address findings in accordance with FedRAMP regulatory standards.
- Provide subject-matter expertise on all public sector requirements to internal stakeholders and customers, and contribute to reporting and metrics that provide meaningful context for informed decision-making.
Required Qualifications:
- 5+ years of FedRAMP industry experience, including program and project management at a software company.
- Hands-on experience with government cloud environments such as AWS GovCloud, Azure Government, or Google Cloud (covering Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) models).
- Strong working knowledge of corporate security management, governance frameworks, and compliance standards including SOC 2, ISO 27001, PCI DSS, HIPAA, and CMMC.
- Clear communication skills with the ability to work directly with engineering, product, DevSecOps, and executive stakeholders and translate compliance requirements into actionable guidance.
Preferred Qualifications:
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or related Global Information Assurance Certification (GIAC).
- Experience with additional public sector frameworks such as TX-RAMP, UK Cyber Essentials, or IRAP.
- Familiarity with generating compliance status and metrics reports for senior leadership audiences.
*LI-Y
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
This candidate must be a U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship and agrees to complete a U.S. federal government Minimum Background Investigation (MBI) for a Moderate Public Trust position.
In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.