IBM
Join to apply for the
FedRAMP Compliance Security Analyst
role at
IBM . Introduction A career in IBM Software means you’ll be part of a team that transforms our customer’s challenges into solutions. Seeking new possibilities and always staying curious, we are a team dedicated to creating the world’s leading AI-powered, cloud-native software solutions for our customers. Our renowned legacy creates endless global opportunities for our IBMers, so the door is always open for those who want to grow their career. IBM’s product and technology landscape includes Research, Software, and Infrastructure. Entering this domain positions you at the heart of IBM, where growth and innovation thrive. Your Role And Responsibilities Manage aspects of FedRAMP programs, including updates to FedRAMP System Security Plan (SSP), and related program initiatives. Serve as a FedRAMP SME, providing input to Engineering, IT, and business teams on compliance impacts. Use technical and program management skills to plan, track, collaborate, and report on FedRAMP deliverables. Support compliance audits, including evidence collection, auditor interactions, and walkthroughs. Assist in advisory services, third-party assessments, and coordinate annual reviews. Maintain internal and external client relationships. Build GRC-specific review processes, perform security impact analyses, and review access controls. Work with Engineering on continuous monitoring, tracking IBM's Plan of Action and Milestones. Coordinate communications with agencies and the PMO, ensuring FedRAMP evidence and artifacts are created and validated. Assist in evaluations and gap analyses at various impact levels. Design and implement IBM's Multi-Agency Continuous Monitoring program. Assess impact of features and architectural changes on FedRAMP boundary and SSP, guiding technical teams accordingly. Assist GRC team with other tasks as needed. Maintain knowledge of public cloud platforms and security topics. Experience in SaaS organizations is a plus. Drive collaboration and influence across technical and functional teams. Bridge business requirements with technical solutions. Experience in requirements development, program management, or process improvement in a technical environment. Preferred Education Bachelor's Degree. Required Technical And Professional Expertise 5+ years in creating and managing POA&M for FedRAMP. Proficient with NIST Risk Management Framework (FIPS 199/200, NIST 800 series). 3+ years implementing security controls following NIST 800-53. Certifications such as FAIR, CRISC, CISSP, SANS GSEC or equivalent. Bachelor's + 7 years of related experience or Master's + 5 years in FedRAMP/SAA. 3+ years building relationships with technical and non-technical teams. 3+ years in managing dependencies and resolving impacts in complex projects. Preferred Technical And Professional Experience At least 12 years in IT/security. At least 6 years in FedRAMP program execution or auditing. Deep expertise in NIST SP 800-53 Rev 4/5 and NIST SP 800-37 frameworks. Proven program management skills in complex projects. Strong collaboration and problem-solving skills. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries
IT Services and IT Consulting Referrals increase your chances of interviewing at IBM by 2x. Sign in to set job alerts for “Security Analyst” roles. #J-18808-Ljbffr
FedRAMP Compliance Security Analyst
role at
IBM . Introduction A career in IBM Software means you’ll be part of a team that transforms our customer’s challenges into solutions. Seeking new possibilities and always staying curious, we are a team dedicated to creating the world’s leading AI-powered, cloud-native software solutions for our customers. Our renowned legacy creates endless global opportunities for our IBMers, so the door is always open for those who want to grow their career. IBM’s product and technology landscape includes Research, Software, and Infrastructure. Entering this domain positions you at the heart of IBM, where growth and innovation thrive. Your Role And Responsibilities Manage aspects of FedRAMP programs, including updates to FedRAMP System Security Plan (SSP), and related program initiatives. Serve as a FedRAMP SME, providing input to Engineering, IT, and business teams on compliance impacts. Use technical and program management skills to plan, track, collaborate, and report on FedRAMP deliverables. Support compliance audits, including evidence collection, auditor interactions, and walkthroughs. Assist in advisory services, third-party assessments, and coordinate annual reviews. Maintain internal and external client relationships. Build GRC-specific review processes, perform security impact analyses, and review access controls. Work with Engineering on continuous monitoring, tracking IBM's Plan of Action and Milestones. Coordinate communications with agencies and the PMO, ensuring FedRAMP evidence and artifacts are created and validated. Assist in evaluations and gap analyses at various impact levels. Design and implement IBM's Multi-Agency Continuous Monitoring program. Assess impact of features and architectural changes on FedRAMP boundary and SSP, guiding technical teams accordingly. Assist GRC team with other tasks as needed. Maintain knowledge of public cloud platforms and security topics. Experience in SaaS organizations is a plus. Drive collaboration and influence across technical and functional teams. Bridge business requirements with technical solutions. Experience in requirements development, program management, or process improvement in a technical environment. Preferred Education Bachelor's Degree. Required Technical And Professional Expertise 5+ years in creating and managing POA&M for FedRAMP. Proficient with NIST Risk Management Framework (FIPS 199/200, NIST 800 series). 3+ years implementing security controls following NIST 800-53. Certifications such as FAIR, CRISC, CISSP, SANS GSEC or equivalent. Bachelor's + 7 years of related experience or Master's + 5 years in FedRAMP/SAA. 3+ years building relationships with technical and non-technical teams. 3+ years in managing dependencies and resolving impacts in complex projects. Preferred Technical And Professional Experience At least 12 years in IT/security. At least 6 years in FedRAMP program execution or auditing. Deep expertise in NIST SP 800-53 Rev 4/5 and NIST SP 800-37 frameworks. Proven program management skills in complex projects. Strong collaboration and problem-solving skills. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries
IT Services and IT Consulting Referrals increase your chances of interviewing at IBM by 2x. Sign in to set job alerts for “Security Analyst” roles. #J-18808-Ljbffr