"Alerted.org

Introduction

At IBM, work is more than a job - it’s a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you’ve never thought possible. Are you ready to lead in this new era of technology and solve some of the world’s most challenging problems? If so, let’s talk.

Your role and responsibilities

The ideal candidate for this role will become an active member of a globally distributed team responsible for ensuring MaaS360, IBM’s Unified Endpoint Management offering, is running smoothly and providing customers the quality of service they’ve come to expect. This role is focused on working with multiple technology and offering teams to ensure the MaaS360 is deployed, supported to achieve both corporate and regulatory compliance requirements; specific focus on FedRAMP, FBA/ FFIEC, SOC 2, and NIST 800-53 controls. We are seeking a self-motivated, experienced compliance engineer to lead vulnerability management, POA&M and ConMon efforts. This role covers security assessment support, the knowledge/development of appropriate security documentation (i.e., System Security Plan (SSP), policies and procedures), and ongoing continuous monitoring activities

Required technical and professional expertise

* Working experience with NIST Security controls and technologies, including vulnerability management capabilities.

* Working experience with using tools such as Tenable, Nessus/Security Center, WebInspect, or Nexpose, etc.

* Participate in recurring ConMon meetings to review, submit required artifacts, assist with annual 3PAO security assessment, generate or facilitate deviation requests as required

* Flexible, self-motivated, and able to work independently in a fast paced environment

* Collaborate with cross-functional teams to ensure security and compliance requirements are integrated into the development lifecycle

Preferred technical and professional experience

* Create dashboards and metric reports to ensure FedRAMP Continuous Monitoring program is meeting compliance obligations

* Excellent communication skills and the proven ability to work effectively with all levels of IT and business management

* Track and oversee the vulnerability remediation efforts in order to advise leadership as required on status, blockers and potential risks

* Experience in filing deviation requests for vulnerabilities on behalf of product teams

* One or more related professional certifications (e.g. CISSP, CISM, CISA, CRISC, etc.)

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.