The Senior Security Risk Analyst is responsible for working with technical senior stakeholders in the US and UK. This role would have a deep technical understanding of cloud technologies and could advise Engineering, Technical Operations and Product teams on how to document and implement technical and operational controls for cloud security standards. This role reports into the Senior Director of Assurance ,Risk and Control (ARC). Please note that should the candidate be shortlisted; the hiring manager may request to see examples of skills or experience listed as essential or key.
Responsibilities Translate compliance requirements into implementable policies and procedures and review business processes to identify and address potential risks.
Work with technical stakeholders to design, document and implement technical controls required for a SaaS provider delivering services into the US public sector.
Partner with senior members of the ARC team in implementing company-wide audit activities in relation to the global Assessment, Certification and Attestation (ACA) program
Analyse audit logs, pen tests and vulnerability scans for security significance, and work with enterprise risk management (ERM) analysts, to interpret and risk assess in line with ERM policy
Collect and document technical architecture, operational processes and security policies from multiple internal engineering teams
Manage agency specific Plans of Action and Milestones (POA&Ms)
Continuous monitoring of technical controls in line with the maintenance of an agency ATO Qualifications
T Three or more years' experience in:
Experienced in writing technical documentation in line with a NIST Written Information Security Program (WISP). Examples will be required should the candidate be shortlisted
Experience with FedRAMP moderate impact and the FISMA
Experience with writing, editing, and/or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA). Examples will be required should the candidate be shortlisted
Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures.
Experience with the production and/or editing of technical drawings using MS Visio or similar design tools.
Experience working with a Third-party Assessment Organization (3PAO) and the FedRAMP PMO, to achieve agency authorization. Including the interpretation and implementation of a Security Assessment Plan (SAP)
Experience with FedRAMP+, CJIS, DoD Impact level 4 and above, US healthcare and Education control frameworks Knowledge of SSAE18 and ISO audit engagements An understanding of Control Objectives for Information and Related Technologies (COBIT)
Capable of producing quality outcomes whilst meeting demanding deadlines, across concurrent and dynamic work streams Open to international travel Can work under their own initiative Build productive relationships with senior stakeholders
We offer a highly competitive rewards and benefits package including private healthcare, dental and life coverage. Mimecast is an entrepreneurial and high growth company which will provide the right candidate with a wealth of career development opportunities. All Mimecasters strive on being high performers, problem solvers, and team players with passion and integrity.
An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.