Solventum is hiring a Compliance Analyst

Solventum is seeking a Compliance Analyst to contribute to our mission of enabling better, smarter, safer healthcare. You will join a team where you will immediately apply your expertise to large, complex projects involving regulatory compliance frameworks.

What You'll Do

• Assist with managing large, complex compliance projects.
• Independently research technical topics and develop logical testing approaches to validate NIST 800-53 control implications.
• Develop and deliver comprehensive reports on regulatory compliance.
• Present findings and recommendations to technical audiences.
• Perform final review and quality assurance on System Security Plan (SSP) and other compliance documentation.
• Update Plans of Action and Milestones (POA&M) as part of Continuous Monitoring Activities.

What We're Looking For

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 4 years of experience in Cybersecurity, IT Audit, or IT/Cloud Operations.
• Minimum of 2 years of experience with NIST 800-53/FedRAMP, preferably with StateRAMP.
• Hands-on experience with FedRAMP, GovRAMP, FISMA, and/or NIST 800-53.
• Experience authoring or assisting with final deliverable documentation for compliance engagements.
• Knowledge of Continuous Monitoring Activities required by GovRAMP.
• Experience with GRC or evidence collection tools such as Hyperproof.
• Must be legally authorized to work in the country of employment without visa sponsorship.

Nice to Have

• Experience with server and desktop operating systems like Windows and Linux.
• Understanding of Public Cloud Services, specifically AWS.
• Proficiency with Microsoft Office tools: Word, Excel, and PowerPoint.
• Knowledge of Compliance Assessment Standards.
• Understanding of FedRAMP and StateRAMP, including their similarities and differences.
• Experience with Penetration Testing and Vulnerability Scanning per StateRAMP guidance.
• Experience conducting Risk Assessments per NIST SP 800-30 and SP 800-39.
• Knowledge of the Common Vulnerability Scoring System (CVSS).
• Experience with Third Party/Vendor Risk Assessment as per NIST SP 800-53 rev 5.
• Familiarity with other Security and Compliance Frameworks.
• Federal Clearance.
• Relevant Professional Certifications: CCAK, CISA, CISSP, or CCSP.

Technical Stack

• Operating Systems: Windows, Linux
• Cloud: AWS
• Compliance Tools: GRC tools (e.g., Hyperproof)

Benefits & Compensation

• Compensation Range: $119,076 - $145,537
• Medical, Dental & Vision Insurance
• Health Savings Accounts (HSA)
• Health Care & Dependent Care Flexible Spending Accounts
• Disability Benefits
• Life Insurance
• Voluntary Benefits
• Paid Absences
• Retirement Benefits

Work Mode

This is a remote position.

All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.