Security Compliance Manager

Security Compliance Managers at HackerOne are Individual Contributors responsible for the company’s compliance with industry standards and best practices. The role will focus on FedRAMP as well as maturing the controls and processes in place to protect HackerOne.This position reports to the Director, Security Compliance who reports to the CISO. The Security Compliance Team works closely with other business units to advise on risk, consult on compliance and privacy requirements, build security awareness, enforce policies, respond to customer sales questions, comment on contracts, perform audits, and manage third-party due diligence.You'll also partner with various groups including Engineering, Product, Legal, and Human Resources to prepare for audits as well as ongoing improvement of Podium’s compliance program. #LI-Remote#LI-CK1

What You'll Do

• Responsible for HackerOne’s FedRAMP Li-SaaS package
• Manage ConMon on a monthly basis
• Meeting with HackerOne’s Sponsor regularly
• Coordinate w/ Auditor and Sponsor on Significant Change Requests
• Take the lead on annual FedRAMP assessments
• Manage and update security technology policies
• Collaborate with various teams to implement and improve existing controls and processes
• Support the compliance security audits (SOC2, ISO 27001, and ISO 27701)
• Assist in the relationship with external auditors
• Support the effective cadence for reviews of common controls and practices with the appropriate internal groups 
• Work with the appropriate groups to gather evidence for compliance audits
• Help drive the maturity of our compliance program while maintaining HackerOne’s unique culture and core values
• Conduct regular internal audits and report on progress as well as gaps needing further attention and improvement
• Assist in building roadmaps and long-term vision in partnership with the security and privacy team
• Partner with Sales and Legal teams to respond to security questions and contractual provisions
• Partner with Marketing teams to create customer materials describing security and audit programs
• Participate in Vendor and Partner relationships to conduct security reviews
• Document non-conformities and follow up with business leaders to address

Who You Are

• Bachelor's degree in Information Systems or a related field, or equivalent training, fellowship, (or equivalent work experience)
• 5+ years experience leading FedRAMP, SOC2, ISO 27001, HIPAA, PCI and/or other industry audits
• At least 3 years experience with FedRAMP and Continuous Monitoring
• In depth knowledge of the NIST 800-53 requirements and the FedRAMP authorization processes and be able to translate them into requirements for internal teams
• Understand complex technical security architectures (including cloud architecture) and apply that to certification and compliance projects as needed
• Familiarity with SaaS businessesExperience leading assurance engagements from planning, walk-throughs, evidence gathering, testing, and reporting
• Strong written and oral communication skills
• Familiarity with AWS and its services
• Ability to partner with groups to find innovative solutions that meet requirements
• Creatively seek out issues and implement solutions
• Strong collaborative and communicative skills in fast-paced company environment
• Passionate about compliance and cybersecurity
• Weigh several, often conflicting, constraints and make decisions

Employment at HackerOne is contingent on a background check.HackerOne ValuesHackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.What We DoHackerOne closes the security gap between what organizations own and what they can protect. HackerOne's AttackResistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Yahoo. In 2021, HackerOne was named as a ‘brand that matters’ by Fast Company.HackerOne is Digital FirstOur work is optimized for asynchronous collaboration, knowledge management, and decision-making. HackerOne is creating an industry, and to do that, we must employ the most creative, forward-thinking distributed talent in the market. Our remote model allows employees to contribute to our mission while providing time and location flexibility which are core elements to a healthy relationship between professional and personal pursuits.