"Alerted.org

Introduction

The IBM Public Cloud Organization is comprised of strong Security Certification Leaders overseeing solutions for a complex environment, collaborating with Security Architects and Cloud DevOps teams internally and around IBM to define, validate and implement security processes and procedures based on industry-standard best practices and compliance requirements. The Certification Lead’s role is to determine the secure operation of computer systems, servers, and network connections in accordance with FedRAMP policies, procedures and requirements.

Who You Are...

You are tenacious, ambitious, and confident in your ability to drive. Possessing a unique blend of strong relationship management and technology acumen that complements your security compliance background, you will also bring a track record of strong follow-through, ongoing skill development (aka "upskilling"), and a passion for innovation. You are...

* Consistent in relying upon on experience and judgment to plan and accomplish goals

* Broad in scope and creativity: Able and willing to perform a variety of tasks to ensure the success of the team and deliverables

* Adept in seeing "past the project": Understand and recognize opportunities by accepting ownership for 'next level' initiatives

Your role and responsibilities

Sound interesting? Here's what you'll do...

* Collaborate with internal cloud service teams, 3PAO, and Federal Agency partners to ensure IBM Cloud meets and maintains the requirements of a FedRAMP Cloud Service Provider.

* Stay current with the latest FedRAMP guidelines and standards, and methods of applying them across cloud services (IaaS and PaaS)

* Provide subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including FedRAMP

* Prepare and maintain detailed documentation of security controls implemented to meet FedRAMP requirements.

* Employ working knowledge of NIST 800-53r5 information security best practices

* Interpret FedRAMP standards, requirements, and their application to the Cloud environment in the most reasonable and cost-effective manner

* Define and validate requirements for audit testing methodology with a 3PAO

* Collaborating with 3PAO to conduct security assessments and testing to maintain FedRAMP authorization

* Ensure continued compliance with FedRAMP requirements including

* Continuous monitoring and reporting

* Incident Response

* Change Notifications

* Assist team members and internal clients in addressing highly complex security issues applicable to a FedRAMP environment.

Required technical and professional expertise

In addition to your strong written and verbal communication skills, you'll possess...

* 5+ years' experience with FedRAMP authorization

* 3+ years' experience with NIST 800 series standards (specifically 800-53r5)

* Experience working with Federal Agency Partners or other Authorizing Officials for FedRAMP

* Experience leading CSPs through FedRAMP authorization program

* RAR, SAP, SAR

Preferred technical and professional experience

* Expertise with FedRAMP specific programs

* Continuous Monitoring

* Incident Response

* Change Management

* Expertise in system configuration - especially privilege control (for example sudoer configuration) and system level firewall (iptables, etc.)

* Possess an understanding of basic networking concepts: ipsec tunnels, firewalls, routers, public and private addressing

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.