Reports To

 

Manager, Information Security Risk and Compliance

What You Will Be Doing

ChargePoint is looking for an experienced Risk and Compliance Analyst to help us maintain and manage our FedRAMP program; support management of our system security plan (SSP) and relevant documentation such as policies, procedures, SSP attachments; oversee monthly ConMon activities, continuous compliance assessments, and process oversight.

The Analyst will support different initiatives part of our FedRAMP compliance and overall Risk Management program within the Information Security team. This position will mainly focus on monthly ConMon submissions and upkeep of the federal compliance program for ChargePoint. The Analyst will also review vulnerability and compliance scans, analyse the results, provide detailed assessments and ensure remediations within SLA. The Analyst will also be responsible to provide training and support to IT/ Engineering and other internal stakeholders on the best practices and procedures for federal compliance.

What You Will Bring to ChargePoint

• Be knowledgeable of the FedRAMP control families, and capable of making/ reviewing changes as needed to maintain our FedRAMP compliance
• Have led FedRAMP advisory projects and/ or created complete FedRAMP packages
• Ability to collaborate with cross-geographic and cross-functional teams like Engineering, IT, Sales, Support, H.R. etc. to gather artefacts and perform audits on an on-going basis
• Expertise in the execution of various FedRAMP program components, including change reviews, controls assessment, advising stakeholders, remediation recommendations, deficiency evaluations and reporting
• Manage relationships with the FedRAMP agency sponsor, 3PAO, and other required stakeholders
• Understand the technical issues to raise them and facilitate collaborative resolutions
• Communicate status, risks/issues and mitigation plans to a 360 audience, ranging from management to engineers
• Comfortable using tools for the job - Jira, Confluence, SharePoint, CrowdStrike, Lucid Chart, Outlook, etc.
• Demonstrate the ability to exercise judgment and display a high standard of ethics and professionalism
• Demonstrate exceptional communication skills, both written and verbal, with the ability to understand complexities of the business and technology
• Excellent oral and written communication and interpersonal skills with emphasis on building strong, longer-term relationships worldwide across different geographies and functions
• Detail oriented, self-motivated with the ability to meet project deadlines and deliverables in a fast-paced environment

Requirements

• Bachelor’s degree in business administration, information technology, engineering, or related field, or equivalent work experience
• 4+ years of experience in FedRAMP compliance
• United States resident
• Practical experience working with federal compliance standards, frameworks, and methodologies, such as NIST 800-53, NIST SP 800-30, NIST SP 800-34, FedRAMP, FISMA, or NIST 800-171
• Oversee the development and implementation of Plans of Action and Milestones (POA&Ms)
• Experience maintaining federal security documentation including SSP & attachments, ConMon Plan, policies, and procedures
• Experience with GRC platforms, reporting tools and presenting compliance reports to senior stakeholders

Good to have

• Experience performing cybersecurity risk assessments
• Experience implementing security training and awareness initiatives to educate stakeholders regarding security risks
• Certification such as CISA, CSSP, AWS Cloud Security Architect, is a plus

Location

Campbell, CA or US Remote 

ChargePoint is committed to fair and equitable compensation practices. The targeted US salary range for roles at this operating level is $52,500 to $143,000. This range represents base salary and does not reflect equity, benefits or variable pay where applicable. Actual base salaries are based on several factors unique to each candidate, including but not limited to skill set, experience, certifications and specific work location.