Senior Federal Program Manager at LogRhythm
LogRhythm is a Boulder-based security intelligence software company that empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. Globally the company has consistently been recognized as a market leader – including being placed in Gartner’s Magic Quadrant eight years running. We’ve earned a reputation as a company with a dynamic culture that’s committed to accelerated innovation cycles, thoughtful career development for our employees, and securing our customers from the most sophisticated cyber threats of the day.
Who we are looking for;
The Senior Program Manager for Federal is responsible for working across the organization to ensure requirements are understood, controls and ongoing monitoring are implemented correctly, and to drive continuous improvements within the FedRAMP, CMMC, and DISA programs. This role leverages technical, business, and interpersonal skills to deliver cloud and product compliance certifications which are critical to meet the high security and compliance standards of our customers.
A primary responsibility will be managing the LogRhythm FedRAMP authorization project. In this role, you will partner with teams across the organization (Development, Cloud Engineering, Security, IT, Sales, Legal, etc.) to ensure requirements are understood and controls are implemented correctly.
The Senior Program Manager provides leadership for enterprise-wide Federal compliance initiatives which support and align to the CSO strategic roadmap. You will be a liaison between cross-functional technical and non-technical resources and stakeholders so that all targets and requirements are met.
You will work with internal and external stakeholders on security policy reviews, documentation, requirements identification and gathering, security control mapping, assisting project integration teams implement controls, and ensuring security findings are communicated and remediated timely. You will support CSO and company-wide teams to develop and maintain corporate policies, standards, and procedures in alignment with ISO27001, NIST, and SOC2 frameworks and controls.
Here’s an overview of the responsibilities & challenges ahead;
- Be the single point of contact for all things FedRAMP.
- Lead and work with teams (Security, Cloud, Product, Engineering, IT, HR, Legal, etc.) to implement FedRAMP requirements and to create required documentation.
- Ensure technical documentation, e.g. System Security Plan (SSP) is maintained, using knowledge of security controls and audits, for technical architecture, operational and security processes.
- Create and maintain documents needed for continuous monitoring of the FedRAMP program (such as Deviation Forms and Plans of Action and Milestones (POA&Ms).
- Provide input to internal teams regarding implementation of FedRAMP and other security frameworks and how they impact product updates or organizational processes.
- Oversee and build the relationships with the 3PAO, Federal agencies, sponsoring agency, and advisory partners
- Demonstrate domain expertise in FedRAMP, NIST SP 800-53, NIST 800-171, and supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies.
- Manage onsite assessments and coordinate with external stakeholders.
- Collect security control implementation review results, penetration testing results, and vulnerability scan results for reporting to authorizing agencies.
- Track and drive remediation of control deficiencies and gaps identified internally and externally.
- Communicate with customers, stakeholders, and team leadership at all levels.
- Facilitate stakeholder meetings to provide updates, present ideas, and obtain feedback.
- Drive technical, operational, and go-to-market readiness to achieve cloud compliance authorizations and product certifications on schedule.
- Advise control owners in the development of remediation plans to meet the compliance and regulatory requirements, including identification of mitigating or compensating controls
- Drive accountability for risk remediation with internal customers
- Properly identify, remediate, communicate, or escalate technical and program risks
- Assist Sales and Support teams with responding to Federal compliance RFI questions.
- 5-8 years Governance, Risk, and Compliance experience managing projects and programs such as FedRAMP, ISO27001, SOC 2, PCI, HIPAA
- Experience leading FedRAMP initiative or an active member of a FedRAMP initiative in the past; demonstrated working knowledge in all phases of completing ATO packages.
- Strong knowledge of security monitoring topics, encryption, vulnerability management, access management, risk management, and related operational topics & processes required.
- SaaS or Cloud security experience required.
- Experience at a Cloud Service Provider, technology / software firm, systems integrator, US Government agency, or security / compliance consulting firm
- Strong written and oral communication with all levels from senior leadership to engineers
- Demonstrated knowledge and experience with information security frameworks (FedRAMP, ISO27001/2, PCI DSS, SOC2, HIPAA, FISMA) and industry best practices (NIST, SANS, CIS)
- Understanding of fundamental cloud computing concepts
- Experience developing policies, processes, procedures, and security system documentation
- Experience with technical documentation related to FIPS 199, NIST SP 800-37, NIST SP 800-53 REV 4, FISMA A&A, and continuous monitoring, and POA&M management.
- Working knowledge of the software development life cycle (SDLC) for both Software and SaaS applications.
Workplace equality & inclusion are not just words or topics for LogRhythm, they are part of our core values, beliefs, and integral to our company culture. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors. LogRhythm was built on the principals of innovation, dedication, creativity, and commitment. It is through these key areas we were able to grow as an equal and inclusive workplace, one where our employees feel respected and safe in.