Sr. Federal Security Compliance Analyst

We are seeking a motivated and detail-oriented individual to join our team as a Senior Federal Security Compliance Analyst. The successful candidate will be responsible for supporting the FedRAMP Compliance at Equifax and ensuring that cloud environments meet the required security standards.

You will serve as a point of contact for FedRAMP compliance. You will be responsible for working with internal security, technology, legal, and business stakeholders as well as with third party auditors to communicate compliance mandates and maintain compliance against published standards. You will support the compliance program to reduce compliance load and streamline program activities.

What you will do

• Leverage knowledge of Security or Technical skills to provide support for Equifax's delivery of federal compliance frameworks.

• Collaborate across Equifax to support the implementation of technical, management, and operational controls, with a focus on controls required to deliver and operate FedRAMP environments.

• Collaborate with internal teams to create and maintain the FedRAMP Documentation (SSP and related docs). Ensure the SSP is updated to reflect changes as they arise and that the changes are reviewed and approved before being incorporated in the SSP.

• Shape the program to deliver FedRAMP continuous monitoring including tracking and reporting on Plans of Action and Milestones (POA&Ms).

• Facilitate and verify FedRAMP evidence and artifacts (monthly, quarterly, annually, etc.) per FedRAMP continuous monitoring requirements.

• Interface with 3PAOs for assessments and coordinate with internal and external stakeholders.

• Maintain a current understanding of relevant compliance standards and regulations.

• Monitor the industry landscape to keep visibility on evolutions, trends, and best practices for FedRAMP compliance programs and integrate improvements into existing activities.

• Drive remediation efforts for deficiencies and develop and support the implementation of compensating controls.

• Develop and maintain KPIs, KRIs, and dashboards for reporting on assigned compliance programs weekly, monthly, quarterly, and annually.

• Partner with other Compliance team members to prepare and update federal security artifacts.

• Collaborate with internal teams to collect and review evidence, track status and provide guidance on what good practices look like.

• Maintain a current understanding of relevant compliance standards and regulations.

• Develop and maintain KPIs, KRIs, and dashboards for reporting on assigned compliance programs weekly, monthly, quarterly, and annually.

• Facilitate and verify evidence and artifacts (monthly, quarterly, annually, etc.) per FedRAMP continuous monitoring requirements.

What experience you need

• Bachelor's Degree in Cyber/Information Systems/Information Security/or equivalent discipline or equivalent experience.

• 5+ years of overall technical experience in Systems Administration, IT Operations, Information Security, or Network Administration.

• Information Security experience in an audited and highly compliant environment.

• Experience with public cloud environments (GCP is preferred, AWS, or Azure) and their security controls.

• Proven ability to effectively collaborate with cross-functional, cross-organizational teams to secure commitments on deliverables, and ensure resolution of blocking issues.

• Familiar with Information Security principles, knowledge of IT processes (e.g. SDLC, Incident Management, Risk Management, Network and System Administration).

• Knowledge of IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure, encryption, routers, firewalls, virtualization, tokenization.

What could set you apart

• 2+ years of experience in some facet with the FedRAMP authorization program.

• 3PAO Audit Experience or FedRAMP Advisory Experience.

• Exposure to FedRAMP, FISMA, NIST CSF, PCI, SOC 1 & 2.

• Ability to deal effectively with a wide range of technical and functional team members at all levels of experience and decipher a wide range of responses into a cohesive result.

• Ability to work both independently and within a global team environment.

• Strong personal characteristics as demonstrated by the following: achievement-oriented, self-controlled, self-confident, flexible, approachable, and dedicated.

• Ability to interact confidently with various levels of technical and management positions.

• Excellent organizational, time management and problem-solving skills.

• Ability to deeply understand security controls and help improve its implementation.

• In depth technical knowledge of IT systems and operations.

• Ability to translate complex technical and security issues into common language.

• You are highly customer focused.

• Willingness to learn new processes and standards rapidly and evolve current approaches to accommodate without delay or loss of quality.

• Experience in preparing and executing presentations.

• Relevant IT Security and/or Audit certifications (CISSP, CISM, CISA, etc.)

#LI-Hybrid

#LI-KD1