Fedramp Compliance Director

Druva enables cyber, data and operational resilience for every organization with the Data Resiliency Cloud, the industry’s first and only at scale SaaS solution. Customers can radically simplify data protection, streamline data governance, and gain data visibility and insights as they accelerate cloud adoption. Druva pioneered a SaaS-based approach to eliminate complex infrastructure and related management costs, and deliver data resilience via a single platform spanning multiple geographies and clouds. Druva is trusted by thousands of enterprises, including 60 of Fortune 500, to make data more resilient and accelerate their journey to the cloud. Visit druva.com and follow us on LinkedIn, Twitter and Facebook.

The FedRAMP Compliance Director will lead Druva’s efforts to meet and exceed Federal Risk and Authorization Management Program (FedRAMP) compliance authorization standards across multiple product lines. As the strategic lead, the FedRAMP Director is responsible for driving cross-functional collaboration across internal and external teams, stakeholders, and partners. The ideal candidate will bring a strong background in information security, risk management, and compliance for cloud environments, as well as in-depth knowledge of federal security compliance and risk management frameworks

Responsibilities:

• Lead our FedRAMP Compliance Authorization efforts 
• Maintain existing authorization process (Annual FedRAMP Audit, Oversight and internal audit of required FedRAMP Controls, Monthly ConMon with Agency Sponsor etc)
• Create FedRAMP SSPs, Define Authorization Boundary etc. 
• Owning/driving FedRAMP significant change process to get new product features authorized
• Liaison with our FedRAMP Agency sponsor, FedRAMP PMO, 3PAO / Auditors and other Federal customers as needed
• Collaborate with Federal Sales team to help communicate our FedRAL compliance posture to prospects as needed 
• Collaborate with internal  software development, infrastructure and IT teams to define and solution security controls to meet and maintain required federal security standards
• Own and maintain other Government compliance certifications both in US and globally (StateRAMP, DESC, IRAP etc)

Qualifications:

• 10+ years of experience in information security, risk management, and compliance, particularly within the U.S. federal government sector.
• In-depth knowledge of federal security compliance and risk management frameworks, including NIST SP 800-53 Rev 5 and RMF controls.
• Proven experience in managing compliance for cloud, SaaS, and multi-tenant environments, preferably with a focus on AWS.
• Strong foundation in core security domains such as Vulnerability triage and remediation, Incident Response, Encryption, Host/Network Intrusion Detection, File Integrity Monitoring, Secure SDLC practices and more. 
• Excellent communication skills, capable of engaging with both technical teams and executive-level stakeholders.
• Experience with DoD IL4/IL5, DFARS, CMMC, or working in a FedRAMP High environment is a plus

The pay range for this position is expected to be between $147,000 and $205,667/year; however, base pay offered may vary depending on multiple individualized, non-discriminatory factors, including market location, job-related knowledge, skills, and experience. The total compensation package for this position may also include other incentive compensation opportunities in the form of discretionary annual bonus or commissions, and equity. Additionally, full-time employees are eligible to participate in our comprehensive benefits program, including health and wellness benefits, 401(k) retirement plan, life and disability insurance coverages, and other benefits the Company may offer from time to time.