WHO WE ARE; WHAT WE DO; WHERE WE’RE GOING

Magnet Forensics is a global leader in the development of digital investigative software that acquires, analyzes, and shares evidence from computers, smartphones, tablets, and IoT-related devices. We are continually innovating so our customers can deploy advanced and effective tools to protect their companies, communities, and countries.
Serving thousands of customers globally, our solutions are playing a crucial role in modernizing digital investigations, helping investigators fight crime, protect assets, and guard national security.
With employees based around the world, Magnet Forensics has been expanding our global presence. As a part of Magnet Forensics, you can expect to make a difference in the world, no matter what role you play. You’ll be supported through learning and development, not to mention an incredible team with unbelievable talent and integrity.
If you think you would be the right person to join our team working towards this goal, we would love to hear from you!

QUALIFICATIONS:

• 
  
  
  
• Bachelor’s degree in computer science, Information Security, or a related field.

• 5+ years of experience working in cybersecurity and/or security compliance roles.
• 2+ years of experience with FedRAMP
• In-depth understanding of the NIST 800-53 guidelines and FedRAMP requirements.
• Thorough knowledge of security best practices, standards, and frameworks such as NIST, CJIS, FISMA, and IRAP.
• Must be a U.S. citizen, residing in and with legal authorization to work in the U.S.
• May be required to travel

PREFERRED QUALIFICATIONS:

• 
  
  
  
• Master’s degree (or currently pursuing a higher degree).

• Experience in managing compliance programs within a Software as a Service (SaaS) company.
• Previous experience in a compliance assessment, having participated either as an assessor or as a Cloud Service Provider (CSP) throughout the entire audit process, from initiation to completion.
• Experience with SaaS security and monitoring, risk management, and GRC tools.
• Thorough knowledge of security best practices, standards, and frameworks such as ISO 27001, SOC 2, SOX, PCI-DSS, GDPR, and cloud security frameworks like CSA STAR, CIS Controls, and AWS Well-Architected Framework, in addition to FedRAMP, NIST, CJIS, FISMA, and IRAP.
• Professional certifications in cybersecurity, audit, risk, and compliance such as CISM, CISA, CISSP, CRISK, CGRC, etc.

THE MOST IMPORTANT THING

• 
  
  
  
• We’re looking for candidates that can provide examples of how they demonstrated Magnet CODE in their previous experiences.

CARE -We care about each other and our mission to make a difference in the world.

• OWN -We are accountable for or results – while never forgetting to act with integrity, empathy, and respect.
• DEDICATE -We put our heart and soul into meeting the needs of our customers and helping them serve the people they protect.
• EVOLVE -We are constantly innovating and exploring new ways to work together to make an impact with our work.

ROLE SUMMARY:

This role involves collaborating with teams across the organization to ensure ongoing compliance with various security and regulatory standards, including but not limited to the Federal Risk and Authorization Management (FedRAMP) program. The ideal candidate has experience supporting compliance programs and is familiar with government-centric compliance standards such as StateRAMP, CJIS, FISMA, and IRAP. The candidate must be adept at interacting with both technology and business leaders and third parties.

ROLE RESPONSIBILITIES:

• 
  
  
  
• Lead and support compliance programs to ensure adherence to security standards and regulatory requirements, including FedRAMP, StateRAMP, CJIS, FISMA, and IRAP.

• Create and submit compliance reports, including vulnerability scan results, POA&M, and executive summaries.
• Act as the liaison with external stakeholders, including 3PAO, Authorizing Agencies, and other regulatory bodies.
• Run the continuous monitoring (ConMon) program, including internal audit, internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
• Support assessment activities, including significant change requests, feature onboarding, annual assessments, and agency reviews.
• Assist in maturing the organization’s GRC program through process improvement, assessing and implementing new regulatory and industry standards.
• Collaborate with internal stakeholders to support compliance initiatives through awareness, training, and risk management.
• Lead internal security audits to validate adherence to standards including FedRAMP, CJIS, FISMA, IRAP, NIST 800-53, SOC 2, ISO 27001, IT General Controls, and other standards.
• Prepare and present reports on compliance status, audit findings, and remediation plans to management.
• Collaborate with third parties for independent security audits, assessments, and testing.
• Provide mentorship and guidance on security compliance standards, frameworks, and best practices.
• Develop and update company security policies.