This position is for FedRAMP Technology Compliance Lead role for Adobe’s Technology GRC (TechGRC) group. The role will be based out of Adobe San Jose, CA, Adobe Lehi, UT or Adobe’s Washington, D.
C. location. The person will lead the FedRamp efforts for Adobe including liaison with the AO (authorizing agencies) & Third-party Assessment Organizations (3PAO) & will report into TGRC Management at San Jose.
Responsibilities Include :
The FedRAMP Technology Compliance Lead is responsible for working with the internal stakeholders and product engineering teams to document implementation of control requirements and supporting the cloud security standards including technical security and operational controls for Adobe’s SaaS environments.
Work with internal stakeholder engineering teams to document the implementation of FedRAMP security compliance control implementations for technical, management, and operational requirements
Collect and document technical architecture, operational processes and security policies from multiple internal engineering teams
Reviewing, documenting, analyzing and evaluating business systems and user needs in areas of Authorization and Accreditation (A&A) and Plans of Action and Milestones (POA&Ms)
Collect security control implementation review results, penetration testing results, and vulnerability scan results for POAM reporting to authorizing agencies
Demonstrate subject matter expertise in FedRAMP (Federal Risk Authorization Management Program), NIST SP 800-53 Rev 4, NIST SP 800-37, FISMA (Federal Information Systems Management Act), NIST RMF (Risk Management Framework), supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies, NIST FIPS 199 & Data Classification.
Bachelors / master’s Degree with a focus in Information Technology / Computer Science or related field
Hand on experience with AWS & Azure environments
Experience on NIST SP 800 Series, FedRAMP and FISMA documents
Experience in executing the continuous monitoring operations of a FISMA / FedRAMP authorized environment
Experience with writing, editing, and / or managing a wide variety of IT security documentation and familiarity with federal IT standards such as Federal Information Security Management Act (FISMA)
Experience developing, editing, and revising documentation technical documentation, including as-built documents, system security plans, system architectures, and policies and procedures.
Experience with the production and / or editing of technical drawings using MS Visio or similar design tools.
Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, continuous monitoring, and POA&M management.
Understanding of Third-party Assessment Organizations (3PAO)
Experience with National Institute of Standards and Technology (NIST) standards, DISA Cloud Computing Security Requirements Guide (SRG), Experience and familiarity with cloud data security (FISMA / FedRAMP compliance) and working with public cloud solutions (AWS and Azure)
General requirements which will help you succeed in the role
Good interpersonal, verbal and written communication skills. It is essential that the candidate is a team-player and possesses strong organizational and planning skills
Ability to communicate with both business and technology staff including IT and Business management.
Ability to multi-task, be detail-oriented, and solve problems analytically
Knowledge of common IT systems (Operating Systems, network devices, applications)
Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities
Operational and deployment experience with various security tool platforms and systems
Ability to work independently or as a member of a team on various tasks
Skilled at organizing and translating information into clear written documentation, articulating complex concepts and processes in writing
Proven ability to effectively research subject matter
Experience working in a collaborative environment; ability to work well under tight deadlines and effectively interact with a wide range of personnel
Strong experience with Microsoft product suite, particularly Microsoft Word, PowerPoint and SharePoint
Security clearance not required
The candidate should be willing to travel for approximately 20 30% of time.
Bachelor's degree in a relevant field (e.g., Computer Science, Information Security, etc.) and 5-7 years relevant experience or master’s degree in a relevant field and 4 years relevant experience
CISSP, CCSP, CISA or equivalent
Strong understanding of Cloud Security concepts
At Adobe, you will be immersed in an exceptional work environment that is recognized throughout the world on . You will also be surrounded by colleagues who are committed to helping each other grow through our unique approach where ongoing feedback flows freely.
If you’re looking to make an impact, Adobe's the place for you. Discover what our employees are saying about their career experiences on the and explore the meaningful we offer.
Adobe is an equal opportunity employer. We welcome and encourage diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability or veteran status.