Senior Security Analyst

The Company Serving the People Who Serve the People Granicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and its constituents together. We are on a mission to support our customers with meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn.  Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers power an unmatched Subscriber Network that use our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe. Want to know more? See more of what we do here.  

What your impact will look like here

• Senior Security AnalystPrimarily, this role will work alongside GRC leadership to support and delivery Granicus’ existing and successful FedRAMP program (JAB Authorization), which includes, but is not limited, to the following
• Lead, either individually or in partnership with GRC leadership, annual compliance audit components, including interaction with 3PAO.
• Take ownership and curate, as necessary, System Security Plan and any other documentation and policies.
• Stay apprised of any potential or upcoming changes to FedRAMP elements (e.g., NIST rev5) and ensure any work needed to comply is included in roadmap planning.
• Lead elements of Continuous Monitoring (ConMon) process, including governance of POA&Ms, preparation of communication and evidence for the JAB, and all follow-up JAB interaction.
• Act as point of contact with Joint Authorization Board as necessary, including any informal or ad-hoc engagement (e.g., discuss potential technology changes).  This role act as a trusted partner to JAB personnel, building on the positive, multi-year relationship Granicus has cultivated with the JAB.
• Work with technical teams to structure Significant Change Requests
As a senior member of the team, this role will also have the opportunity and will be called upon to support other GRC related efforts, which may include –
• Assisting with other certifications that Granicus maintains (e.g., ISO 27001)
• Policy rationalization and optimization to accommodate global operating model and varied compliance and regulatory obligations.
• Supporting Enterprise Risk Management Program
• Helping to integrate newly acquired companies into Granicus processes

You will love this job if you have

• Proven problem solving and analytical abilities, and can intake, assess and normalize, and present large amounts of complicated data.
• Ability to communicate in a clear, concise, and comprehensive manner, with internal and external stakeholders, including Granicus senior leaders and external compliance/regulatory personnel.
• Collaborative mindset, acting as an enabler of the business’ compliance/security goals and partner to technology teams to aid with risk reduction efforts, rather than an auditor-like approach to simply identify and track deficiencies.
• Strong, cross-discipline technical, security, and compliance background, with ability to have moderately deep conversations with technology teams.
• 3+ years of experience meaningfully supporting and leading elements of a FedRAMP program, including ongoing maintenance of all required processes, policies, or other documentation
• Deep familiarity with cyber security control frameworks, particularly NIST CSF and NIST 800-53
• 10+ years of Cyber Security experience, with 5+ of these years being in the Governance, Risk, and Compliance space.
• Bachelors and/or master’s degree in Computer Science, Cyber Security, Information Technology, Risk Management, or related field.

Benefits: At Granicus, we offer a competitive benefits package that allows employees to tailor benefits to their needs. Benefits listed below are for employees based in the U.S.- Flexible Time Off- Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance- 401(k) plan with matching contribution- Paid Parental Leave- Employer-paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance- Group legal coverage - And more!Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status with regard to public assistance, familial status, military or veteran status or any other status protected by applicable law.