Skip to content
Sr. Governance – Risk – And Compliance Specialist
| Company | Crowdstrike |
|---|
| Location | Virginia, USA |
|---|
| Salary | $95000 – $160000 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s, Master’s |
|---|
| Experience Level | Senior |
|---|
Requirements
- US Citizen
- 5 to 8 years of working experience on different compliance frameworks, including but not limited to FedRAMP, NIST CSF, DoD Cloud Computing Security Requirements Guide (SRG), CMMC, ISO 27001 and other existing and emerging standards.
- prior strategic-level experience with FedRAMP or DoD authorization processes, systems, and methodologies;
- Experience in program or project management, auditing, and/or control framework development and implementation.
- fundamental technical understanding of key technologies such as Windows, Linux, and Apple operating systems, networks, application development, databases, virtualization, and cloud infrastructure; and
- a BA or BS / MA or MS degree in Computer Science/Engineering, Math, Information Security, Information Systems, Information Assurance, Information Security Management, Intelligence Studies, Data Science, Cybersecurity, or equivalent experience.
Responsibilities
- leading and managing GRC Compliance projects and programs as a Senior Specialist on the team;
- assisting with internal and external audits and assessments including control assessment, monitoring, and reporting including collection and organization of evidence;
- conducting third party controls evaluations to determine risk;
- working with various internal teams or external parties to define and prioritize remediation efforts, tracking remediation activities, and inspecting/validating solutions that have been implemented;
- responding to CrowdStrike and customer questions regarding our information security practices and CrowdStrike technologies;
- advise various teams on the controls language, expectations and requirements
- performing other duties within the scope of governance, risk, and compliance as needed.
Preferred Qualifications
- Prior writing of system security plans (SSPs) or authorization documentation for federal platforms.
- Knowledge of and/or experience with other Risk Management Frameworks like SOC2, PCI, ISO, GDPR, etc.
- Any work with OSCAL and its ecosystem of languages.
- Practical experience in programming languages including typical HTML, CSS, JavaScript, Python, etc. and Data Analytics.
- Project management experience in scoping, work break-down, critical path analysis, resourcing, managing time estimates, project risks, and quality.
- Ability to think strategically about risks and tie those risks to tactical organizational activities.
- Experience with a cloud environment and the CrowdStrike products or services.
- Demonstrated ability to collaborate effectively, especially with cross-functional teams.
- Open to learning and working on new domains and technology.
