Responsibilities
- Manage and develop staff members under Product Compliance and fulfill people manager responsibilities
- Direct Continuous Monitoring (ConMon) processes and ensure successful monthly reviews with ExtraHop and agency stakeholders in order to maintain FedRAMP authorization
- Oversee and contribute to the vulnerability management lifecycle: triage, reporting, coordination with system owners, and remediation tracking
- Manage the review of vulnerability findings and provide formal written responses for internal and external stakeholders, including customers
- Assess and serve as a subject matter expert for regulatory and compliance requirements and best practices for various standards (e.g., CSA STAR, ISO 27001, FISMA, DORA, FINRA, DoDIN APL, NIAP, FIPS, CMMC, IL4/IL5)
- Lead gap assessments and facilitate or support audits (including coordinating evidence collection and submission)
- Develop and manage a product security compliance roadmap, incorporating input, feedback and data-driven requirements from Sales, Customer Success, Product Management, and R&D organizations; validate the roadmap with executive leadership; coordinate key activities across the organization to achieve roadmap milestones
- Collaborate with Product Security and R&D staff to provide responses to customer and pre-sales inquiries about product security and related items
- Collaborate with Product Security team members to develop and improve standards, policies, procedures, documentation, and training
- Participate in security incident response activities, representing Product Security and R&D leadership in directing the execution of the IR Plan
- Other duties as assigned
- Represent Product Security and R&D to engage with prospective and current customers, particularly in the public sector, in partnership with Sales, Customer Success, and Product Management
- Provide verbal and written representation of ExtraHop’s product security practices, posture, and compliance
- Clarify and negotiate customer requirements regarding security compliance, security capabilities in the product, and related items
- As a subject matter expert, educate and guide ExtraHop teams through the customer procurement and implementation journey
- Develop goodwill with prospective and current customers and facilitate successful partnerships
Requirements
- 12+ years of experience in cybersecurity, with a focus on compliance frameworks like FedRAMP, NIST SP800-53, SOC 2 and ISO 27001
- 5+ years of which should be hands-on experience specifically managing compliance programs, security assessments, or cloud security initiatives
- Bachelor's degree in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical or management discipline
- Direct experience with the FedRAMP compliance framework, including security control requirements, documentation and assessment methodologies
- Technical knowledge of web application security and cloud security, including best practices and controls for cloud-based environments
- Proficient with security tools, including vulnerability scanners, ticketing systems (e.g., Jira), compliance reporting platforms, and SIEM tools
- Exceptional analytical skills to effectively manage and resolve security and compliance issues
- Proven ability to communicate complex security concepts to technical and non-technical audiences
- Strong project management skills with the ability to balance compliance initiatives and security operations
- Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum
- Work cooperatively with others within the organization and other cross-functional stakeholders.
- Work well in fast-paced, high-stress environments.
- Has predictable, reliable attendance.
Work Arrangement
Hybrid
Additional Information
- Work cooperatively with others within the organization and other cross-functional stakeholders.
- Work well in fast-paced, high-stress environments.
- Has predictable, reliable attendance.
