Information Security Program Manager - FedRAMP

at Rubrik
  • $186k-$310k
  • Remote - United States

Remote

Cybersecurity

Mid-level

Job description

About the team:

The Information Security organization advances the overall state of security at Rubrik through purposeful initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties in order to securely protect Rubrik information.

About the role:

Information Security is looking for a success-driven, US-based Staff Program Manager to organize, plan, lead, and execute on public sector certification and compliance activities for Rubrik’s government-focused cloud and on-premises product offering(s). This mission-critical position will lead or support product security accreditation under frameworks such as Common Criteria, NIAP Protection Profile, DoD Impact Level, CMMC, FedRAMP, GovRAMP, DISA STIG,  and more. In addition, s/he may perform a limited set of Facility Security Officer (FSO) duties.

Our ideal candidate brings previous experience across public sector product certification and compliance activities for a Cloud Product Provider organization. They will also bring excellent leadership aligned with Rubrik’s values, demonstrating personal accountability for results, and reliable attention to detail. The selected candidate must have solid skills in communication, presentation, collaboration, decision-making, and organization.

This role represents Rubrik externally with selected Government / Agency Partner(s) and certification offices, third party assessors / lab testers, and in sales calls with customers and prospects.  The incumbent will help Rubrik accelerate and assure the growth of our government-based business through implementing security controls, ensuring flaw remediation, performing continuous monitoring, and meeting timely reporting requirements for each product certification we obtain.

The environment at Rubrik is dynamic and fast-paced, with strong, supportive leadership and amazing colleagues who enjoy getting things done. You’ll need to be comfortable solving complex problems, working through ambiguity, and relentlessly pursuing progress over perfection. Assignments here can vary from starting new programs, handling operational tasks and delivering cross-functional  projects. Consistently strong performance is essential here. In return, you’ll enjoy a culture that rewards excellence while honoring the importance of a healthy work-life balance.

What you’ll do:

Program / Development

  • Implement and serve as Program Lead / Control Owner for assigned program frameworks and activities, staying current on changes in the landscape, standards, and associated procedures for certification.  Knows the role and technology inside out; drives multiple programs internally and cross functionally.
  • This role translates certification and compliance gaps into Engineering or Process requirements. Each translation must clearly identify product or control gaps and effectively propose options and success criteria for ensuring risk-based remediation on a timely basis.
  • Lead by influence, and collaborate with a range of stakeholders from individual contributors to senior leadership to external parties including Gov/Agency Partners and/or Third Party Security Labs or Assessors.
  • Drive activities related to the remediation of technical security and compliance risks with cross-functional teams, including, but not limited to, engaging third party services, using Jira to manage initiatives / epics / stories / tasks, leading meetings or presentations, assigning and tracking work items, producing reports, and escalating risks and issues.
  • Serve as a subject matter expert and an integral member of the public sector compliance team, cultivating strong relationships across the company to aid in achieving consensus, expectation setting, risk and vulnerability awareness, and continual process improvement.
  • Work continually toward process improvements and enhancements in security capability or maturity. Drives organizational change and defines objectives for projects and programs, setting the desired outcomes and timing for execution. Implements automation for scalability as opportunities arise.
  • Contribute data / metrics to IS leadership; is capable of presenting to executives, leadership, customers / external partners.
  • Cross-train team members to enable continuous monitoring and program coverage. Teaches and mentors others to educate them on the applicable program or control(s).
  • Develop and maintain the definitive calendar of compliance requirements for assigned public sector security certification and compliance programs.

Operations

  • Support Sales and Customer Trust by assisting with inquiries about assigned programs and discussing Rubrik’s security posture or certifications on customer calls as needed.
  • Develop, maintain, and disseminate Rubrik’s government Authorization Package(s) and related product certification artifacts, obtaining updates from Control Owners when needed and ensuring each item is correct, complete, and current.
  • Develop and maintain POA&M, risk register, and/or compliance gap list and use it to log and report vulnerability remediation status for in-scope product or service offering(s).
  • Perform and document Security Impact Analyses on proposed product changes, ensuring consensus on how we view risks and security posture whenever possible.
  • Package and submit required reporting and documentation for assigned programs.
  • Ensure approval or concurrence for monthly reporting and any associated annual test plans and exercises required such as Incident Response and Contingency Plans.
  • Respond to requests from DISA, CISA, and other entities that require reporting, and assist as needed with incident response involving public sector organizations.
  • Bridge gaps by performing manual processes until automation is delivered.
  • Participate in Change Control Board activities to present security impact analyses and make recommendations as to whether requested changes should be approved and implemented.

Technical

  • Organize, document, and manage activities using JIRA as a primary project and work tracking tool.
  • Drive automation where opportunities exist for effectiveness, efficiency, and scalability.
  • Share expertise in certification processes and related control requirements.
  • Manage third party assessors, labs, and/or auditors as well as the associated procurements.

Experience you’ll need:

  • Demonstrated leadership capability including prior experience with people management and driving cross functional performance using influence to achieve targeted outcomes
  • 7+ years of related work experience in Information Security or relevant Compliance roles in the tech / SaaS / software product industry
  • 4+ years of experience in a U.S. public sector compliance role associated with DoD Impact Levels, Controlled Unclassified Information, or Assurance & Authorization activity
  • 2+ years of product management experience or history of working with Engineering road maps to remediate product vulnerabilities or compliance gaps
  • Alignment with Rubrik’s RIVET values and a culture of collaboration and respect
  • Experience in a dynamic, high growth / start-up business environment
  • Comfortable wearing many hats in a small and agile team that stays upbeat and enjoys working together to get things done
  • Advanced knowledge of government compliance and cloud security risks, vulnerabilities, and threats, and can take these issues through triage / risk treatment conversations
  • Deep understanding of relevant information security frameworks
  • Detail-oriented and able to understand the bigger picture by using technical expertise and problem solving abilities to prioritize efforts and work through ambiguity and issues
  • Ability to ramp up quickly and learn new technologies with minimal lag time
  • Bachelor’s degree or equivalent in Security, Computer Science, Management Information Systems, Business Administration or related field preferred
  • Professional certifications in Information Security, Cloud Security, or Systems Audit/Assessment (e.g., CISSP, CISA, CCSK) preferred

Security and Privacy Responsibilities:

This position carries special Security and Privacy Responsibilities for protecting the U.S. Federal Government’s interests:

  • Know, acknowledge, and follow system-specific security policies and procedures;
  • Protect data and individual privacy per requirements and regulations;
  • Perform ongoing activities in compliance with service and contractual obligations;
  • Participate in role-based training, completing assignments on a timely basis;
  • Report security issues promptly, and aid investigation when needed;
  • Support controlled changes and vulnerability remediation activities; and
  • Work collaboratively with Information Security in designing, implementing, assessing or enhancing system-specific security and privacy controls.

Position Risk Designation:

This position carries duties and responsibilities involving the U.S. Federal Government’s interests. The selected incumbent may be subject to one or both of the additional background checks with periodic re-screening as noted below:

Position Risk Designation: Non-Sensitive, Low Risk, Tier 1

Incumbents without access to U.S. Government data may be required to complete Standard Form 85 and undergo a Tier 1 Investigation (T1) for non-sensitive positions of Low Risk. (Baseline screening; formerly National Agency Check and Inquiries (NACI)).

Position Risk Designation: Non-Sensitive, Moderate Risk, Tier 2 (Public Trust)

Incumbents with access to U.S. Government data may be required to complete Standard Form 85P and undergo Tier 2 (T2) Investigation for non-sensitive positions designated Moderate Risk.

Position Risk Designation:Moderate Risk Law Enforcement (CJIS)

When hired for a position where access to Moderate Risk criminal justice information is required, the employee must complete a fingerprint-based national criminal history background check within 30 days after the employee’s start date.

The minimum and maximum base salaries for this role are posted below; additionally, the role is eligible for bonus potential, equity and benefits. The range displayed reflects the minimum and maximum target for new hire salaries for the role based on U.S. location. Within the range, the salary offered will be determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

US (SF Bay Area, DC Metro, NYC) Pay Range

$206,600—$310,000 USD

The minimum and maximum base salaries for this role are posted below; additionally, the role is eligible for bonus potential, equity and benefits. The range displayed reflects the minimum and maximum target for new hire salaries for the role based on U.S. location. Within the range, the salary offered will be determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

US2 (all other US offices/remote) Pay Range

$186,000—$279,000 USD

Join Us in Securing the World’s Data

Rubrik (NYSE: RBRK) is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Linkedin | X (formerly Twitter) | Instagram | Rubrik.com

Inclusion @ Rubrik

At Rubrik, we are dedicated to fostering a culture where people from all backgrounds are valued, feel they belong, and believe they can succeed. Our commitment to inclusion is at the heart of our mission to secure the world’s data.

Our goal is to hire and promote the best talent, regardless of background. We continually review our hiring practices to ensure fairness and strive to create an environment where every employee has equal access to opportunities for growth and excellence. We believe in empowering everyone to bring their authentic selves to work and achieve their fullest potential.

Our inclusion strategy focuses on three core areas of our business and culture:

  • Our Company: We are committed to building a merit-based organization that offers equal access to growth and success for all employees globally. Your potential is limitless here.

  • Our Culture: We strive to create an inclusive atmosphere where individuals from all backgrounds feel a strong sense of belonging, can thrive, and do their best work. Your contributions help us innovate and break boundaries.

  • Our Communities: We are dedicated to expanding our engagement with the communities we operate in, creating opportunities for underrepresented talent and driving greater innovation for our clients. Your impact extends beyond Rubrik, contributing to safer and stronger communities.

Equal Opportunity Employer/Veterans/Disabled

Rubrik is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact us at [email protected] if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

EEO IS THE LAW

NOTIFICATION OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS

Share this job:
Please let Rubrik know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Rubrik

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply now