Senior Grc Analyst

About DruvaDruva the autonomous data security company puts data security on autopilot with a 100 SaaS fully managed platform to secure and recover data from all threats The Druva Data Security Cloud ensures the availability confidentiality and fidelity of data - providing customers with autonomous protection rapid incident response and guaranteed data recovery The company is trusted by its more than 6 000 customers including 65 of the Fortune 500 to defend business data in today s ever-connected world Amidst a rapidly evolving security landscape Druva offers a 10 million Data Resiliency Guarantee ensuring customer data is protected and secured against every cyber threat Visit and follow us on and We are seeking a Federal GRC Analyst to join our team The candidate will be responsible for managing the POAM Plan of Actions and Milestones process working with Federal agencies analyzing vulnerability application web and database scans for multiple environments and providing support for compliance with the FedRAMP program The candidate should have experience in building and maintaining network architecture diagrams data flow diagrams System Security Plans Ports Protocols and Services Management PPSM documentation The role requires knowledge of NIST Risk Management Framework RMF FedRAMP High Moderate baselines Familiarity with StateRAMP and TX-RAMP is also a plus Primary Responsibilities Manage the POAM process including creating tracking and reporting on POAM items Work with Federal agencies to address security concerns and ensure compliance with FedRAMP requirements Analyse vulnerability scans to identify security risks and recommend remediation actions Provide support for compliance with FedRAMP program requirements including conducting security assessments and preparing security documentation Maintain and update a System Security Plan Collect and maintain artifacts used and needed for FedRAMP annual assessment Collaborate with third-party assessment organisation 3PAO for assessments Stay up-to-date on changes to regulations and standards related to federal compliance and security Work cross-functionally with engineering product advisory legal and sales teams to provide customer and stakeholder support Qualifications Skills Education and Training Degree in Computer Science or equivalent Understanding of multiple technology domains including Cloud Software Development MS Windows Database management Networking and UNIX preferred Understanding of information security standards best practices for securing computer systems and applicable laws and regulations Technical or Professional Experience Total of 8 years with a minimum of relevant experience 2 years experience in federal compliance and governance including experience with FedRAMP NIST FISMA and other relevant regulations and standards Progressive achievement in one or more of the traditional IT disciplines applications operations infrastructure and management Experience with SaaS Cloud Operations required Familiarity with AWS GovCloud environment and its related services Experience in using scanning solutions to gather and review container database web application and other vulnerability scans Skills Requirements Outstanding interpersonal and communications skills ability to communicate effectively with technical and non-technical audiences Strong verbal and written English language competency Strong knowledge of information security Compliance standards NIST ISO are examples Expert knowledge of internal auditing internal controls risk management and practices and methods Comprehensive understanding of internal control environments within the IT function Experience with multiple technology domains including aspects of Windows Unix and or database administration software development and networking Excellent leadership and teamwork skills Proactive hands-on detail-oriented and results-driven orientation required Ability to produce high quality work products for both the IT groups and Senior Management Additional Desirable Qualifications Recognized accounting auditing information system certifications e g CISA CISSP Experience with a reputed auditing firm