Scale AI, Inc.
Information System Security Manager (ISSM), Public Sector
Scale AI, Inc., Saint Louis, Missouri, United States, 63146
Our Security team works on operational issues at the leading edge of machine learning technology. You will join a creative and solutions-oriented team collaborating with internal teams at Scale and externally with our customers. Scale is looking for an experienced security and compliance professional to support Assessment and Authorization and agency audit activities for Scale's products that are offered in the US Government and global Public Sector space. We are looking for relentlessly curious, deliberately open-minded, and action-oriented generalists who can design effective legal advice, internal policies, and operational processes while employing an empathetic interpersonal style. If you enjoy solving novel and challenging problems and building strong teams and relationships while doing it, we'd love to hear from you!
Responsibilities
Lead public sector security compliance projects and audits (FedRAMP HIGH, DoD Cloud Computing SRG IL4/IL5/IL6 , NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework)
Collaborate with product, engineering, security, operations, people operations, and legal to implement new technical, administrative, and operational controls
Work with 3PAOs and federal government AOs to achieve compliance certifications and reports
Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures
Serve as a liaison between system owners and other security personnel, ensuring that selected security controls are effectively implemented and maintained throughout the lifecycle of projects
Act as a liaison between system owners and other security personnel to facilitate effective communication and collaboration
Develop, maintain, review, and update system security documentation on a continuous basis
Conduct required vulnerability scans and develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities. Manage risks by coordinating correction or mitigation actions and tracking the completion of POAMs
Coordinate system owner concurrence for correction or mitigation actions and monitor security controls to maintain security Authorized To Operate (ATO)
Upload security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS or Xacta) to support security control implementation during the monitoring phase
Lead Risk Management Assessment and Authorization (A&A) processes for deployments
Perform Cloud system risk assessments, enhance process workflows, and develop new processes
Implement all applicable manual Security Technical Implementation Guides (STIGs), vendor hardening guides and ensuring timely installation of all available patches
Create and maintain ATO packages
Lead security compliance reviews for new products, changes, and features
Proactively evaluate and advise the business on new and evolving certification programs, requirements, and technologies
Develop and provide training to improve the security awareness and knowledge for all employees and contractors
Required Active US Top Secret security clearance with minimum IAT Level 2 certification (Security +, CASP, or similar)
Ideally you'd have
Experience implementing and maintaining some of the following frameworks and standards: FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53.
STIG/RMF policy knowledge & implementation, including validating compliance via ACAS and other relevant tests.
Experience in project management and taking projects from conception to launch
An ability to translate between business and technical risk and communicate clearly to leadership
Excellent organizational and communications skills
Understanding of cybersecurity controls for cloud service providers
Knowledge of AWS and other government authorized cloud services
5+ years of security compliance or technology audit related experience
Nice-to-haves
Bachelor's degree in accounting, information systems, computer science, or a related field
Compensation Base salary range for this full-time position in Washington DC: $195,800 – $245,300 USD. Base salary range for this full-time position in St. Louis: $162,800 – $203,500 USD. Equity and benefits included as described in the original posting.
Important Policies Our policy requires a 90-day waiting period before reconsidering candidates for the same role.
About Us About Us:
At Scale, our mission is to develop reliable AI systems for the world's most important decisions. Our products provide the high-quality data and full-stack technologies that power the world's leading models, and help enterprises and governments build, deploy, and oversee AI applications that deliver real impact. We work closely with industry leaders like Meta, Cisco, DLA Piper, Mayo Clinic, Time Inc., the Government of Qatar, and U.S. government agencies including the Army and Air Force. We are expanding our team to accelerate the development of AI applications.
We believe that everyone should be able to bring their whole selves to work, which is why we are proud to be an inclusive and equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability status, gender identity or Veteran status.
We are committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at accommodations@scale.com. Please see the United States Department of Labor's Know Your Rights poster for additional information.
We comply with the United States Department of Labor's Pay Transparency provision.
We collect, retain and use personal data for our professional business purposes, including notifying you of job opportunities that may be of interest and sharing with our affiliates. We limit the personal data we collect to that which we believe is appropriate and necessary to manage applicants' needs, provide our services and comply with applicable laws. Any information we collect in connection with your application will be treated in accordance with our internal policies and programs designed to protect personal data. Please see our privacy policy for additional information.
#J-18808-Ljbffr
Responsibilities
Lead public sector security compliance projects and audits (FedRAMP HIGH, DoD Cloud Computing SRG IL4/IL5/IL6 , NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework)
Collaborate with product, engineering, security, operations, people operations, and legal to implement new technical, administrative, and operational controls
Work with 3PAOs and federal government AOs to achieve compliance certifications and reports
Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures
Serve as a liaison between system owners and other security personnel, ensuring that selected security controls are effectively implemented and maintained throughout the lifecycle of projects
Act as a liaison between system owners and other security personnel to facilitate effective communication and collaboration
Develop, maintain, review, and update system security documentation on a continuous basis
Conduct required vulnerability scans and develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities. Manage risks by coordinating correction or mitigation actions and tracking the completion of POAMs
Coordinate system owner concurrence for correction or mitigation actions and monitor security controls to maintain security Authorized To Operate (ATO)
Upload security control evidence to the Governance, Risk, and Compliance (GRC) application (eMASS or Xacta) to support security control implementation during the monitoring phase
Lead Risk Management Assessment and Authorization (A&A) processes for deployments
Perform Cloud system risk assessments, enhance process workflows, and develop new processes
Implement all applicable manual Security Technical Implementation Guides (STIGs), vendor hardening guides and ensuring timely installation of all available patches
Create and maintain ATO packages
Lead security compliance reviews for new products, changes, and features
Proactively evaluate and advise the business on new and evolving certification programs, requirements, and technologies
Develop and provide training to improve the security awareness and knowledge for all employees and contractors
Required Active US Top Secret security clearance with minimum IAT Level 2 certification (Security +, CASP, or similar)
Ideally you'd have
Experience implementing and maintaining some of the following frameworks and standards: FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53.
STIG/RMF policy knowledge & implementation, including validating compliance via ACAS and other relevant tests.
Experience in project management and taking projects from conception to launch
An ability to translate between business and technical risk and communicate clearly to leadership
Excellent organizational and communications skills
Understanding of cybersecurity controls for cloud service providers
Knowledge of AWS and other government authorized cloud services
5+ years of security compliance or technology audit related experience
Nice-to-haves
Bachelor's degree in accounting, information systems, computer science, or a related field
Compensation Base salary range for this full-time position in Washington DC: $195,800 – $245,300 USD. Base salary range for this full-time position in St. Louis: $162,800 – $203,500 USD. Equity and benefits included as described in the original posting.
Important Policies Our policy requires a 90-day waiting period before reconsidering candidates for the same role.
About Us About Us:
At Scale, our mission is to develop reliable AI systems for the world's most important decisions. Our products provide the high-quality data and full-stack technologies that power the world's leading models, and help enterprises and governments build, deploy, and oversee AI applications that deliver real impact. We work closely with industry leaders like Meta, Cisco, DLA Piper, Mayo Clinic, Time Inc., the Government of Qatar, and U.S. government agencies including the Army and Air Force. We are expanding our team to accelerate the development of AI applications.
We believe that everyone should be able to bring their whole selves to work, which is why we are proud to be an inclusive and equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability status, gender identity or Veteran status.
We are committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at accommodations@scale.com. Please see the United States Department of Labor's Know Your Rights poster for additional information.
We comply with the United States Department of Labor's Pay Transparency provision.
We collect, retain and use personal data for our professional business purposes, including notifying you of job opportunities that may be of interest and sharing with our affiliates. We limit the personal data we collect to that which we believe is appropriate and necessary to manage applicants' needs, provide our services and comply with applicable laws. Any information we collect in connection with your application will be treated in accordance with our internal policies and programs designed to protect personal data. Please see our privacy policy for additional information.
#J-18808-Ljbffr