FreshRemote.Work

Senior Compliance & Privacy Analyst - FedRAMP

United States (Remote)

Join us in bringing joy to customer experience.  Five9 is a leading provider of cloud contact center software, bringing the power of cloud innovation to customers worldwide.   

Living our values everyday results in our team-first culture and enables us to innovate, grow, and thrive while enjoying the journey together. We celebrate diversity and foster an inclusive environment, empowering our employees to be their authentic selves. 

This role requires a strong understanding of vulnerability management, FedRAMP requirements, and the authorization process. The successful candidate will partner with internal and external stakeholders, including vendors and third-party assessment organizations (3PAOs), to ensure remediation is completed, controls are implemented and documented in accordance with FedRAMP compliance standards, and SLAs are met.  The primary responsibilities are to complete activities required to maintain and update FedRAMP Continuous Monitoring documentation for the Five9 FedRAMP program. This role will be coordinating with departments at multiple levels as required to ensure the business objectives within FedRAMP program are achieved. 

 
Responsibilities 

  • Perform comprehensive assessments of systems, infrastructure, and processes to identify vulnerabilities and gaps in meeting FedRAMP compliance 
  • Analyze infrastructure, data flows, access controls, encryption methods, and security frameworks to ensure alignment with the FedRAMP Moderate baseline 
  • Maintain documentation and perform continuous monitoring of compliance with FedRAMP standards 
  • Assist with authorization packages, System Security Plans, and preparing for FedRAMP P-ATO assessments 
  • Collaborate with engineering teams to provide guidance on building FedRAMP compliant cloud architecture 
  • Collaborate with team members to help manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts. 
  • Conduct continuous monitoring activities to assess the effectiveness of security controls and identify potential vulnerabilities or non-compliance issues. 
  • Generate or facilitate deviation requests as required. 
  • Coordinate with internal stakeholder engineering teams to document security compliance control implementations for technical, management, and operational requirements. 
  • Assist in tracking of metrics and measurements through Plans of Action and Milestones (POA&Ms) and prepare Annual Authorization reports to support continuous monitoring 
  • Cultivate strong working relations with industry regulators, accreditation bodies, and authorized auditing firms 

Qualifications: 

  • Strong governance, risk and compliance experience and familiarity with cloud data security (NIST SP 800 Series, FedRAMP and FISMA) 
  • Proven experience in FedRAMP Continuous Monitoring activities and understanding of SaaS SDLC and agile processes. 
  • Familiarity with vulnerability management concepts, such as CVE and CVSS. 
  • Ability to quickly change priorities and handle simultaneous tasks. 
  • Strong analytical and problem-solving skills, excellent communication and interpersonal skills, and ability to work independently and as part of a team. 
  • Experience interviewing subject matter experts and using knowledge to develop, edit, and revise documentation including standard operating procedures, system security plans, and policies and procedures. 
  • Experience with technical documentation related to FIPS 199, NIST SP 800-53 REV 5,  continuous monitoring, and POA&M management 
  • Bachelor’s degree and 5+ years of experience or an additional 4 years of experience in lieu of a degree. 
  • Clearance: To comply with U.S. federal government security requirements, U.S. citizenship is required, and your employment will be conditioned upon obtaining the Public Trust Verification. 

 

Preferred Skills: 

  • Prior experience with Nessus Tenable, Wiz, or Sunbird 
  • Knowledge of other industry security standards (for example PCI, SOC 2, ISO 27000, etc.) 
  • Working knowledge of HIPAA and privacy  
  • Certification in relevant areas such as CISSP, CISM, CISA, PMP 

Work Location: This role is fully remote for candidates who reside outside the 50 mile radius of our San Ramon office.  For candidates who reside within 50 miles of our San Ramon location, this role is Hybrid and would require 3 days a week (M, W, TH) in our San Ramon office. 

As part of our continued commitment to diversity, equity, and inclusion, Five9 supports pay transparency during the entire recruitment process.  Actual compensation packages are based on several factors that are unique to each candidate including, but not limited to: skill set, depth of experience, certifications, and specific work location. The range displayed reflects the minimum and maximum target for new hire salaries for the job across the United States. Your recruiter can share more about the specific compensation package during your hiring process.

 

Additionally, the total compensation package for this position may also include an annual performance bonus, stock, and/or other applicable incentive compensation plans.

 

Our total reward package also includes:

  • Health, dental, and vision coverage, beginning on the first day of employment. Five9 covers 100% of the employee portion of the health, dental and vision coverage and shares a high portion of the dependent cost. We also offer Short & Long-Term Disability, Basic Life Insurance, and a 401k saving plan with employer matching.
  • Access to an innovative mental health support platform that offers personalized care and resources in areas such as: therapy, coaching and self-guided mindfulness exercises for all covered employees and their covered dependents.
  • Generous employee stock purchase plan.
  • Paid Time Off, Company paid holidays, paid volunteer hours and 12 weeks paid parental leave.

All compensation and benefits are subject to the requirements and restrictions set forth in the applicable plan documents and any written agreements between the parties.

The US base salary range for this role is below. $77,800—$145,500 USD

Five9 embraces diversity and is committed to building a team that represents a variety of backgrounds, perspectives, and skills.  The more inclusive we are, the better we are.  Five9 is an equal opportunity employer. 

Our headquarters are located in the San Francisco Bay Area with global hubs in the United Kingdom, Germany, Philippines, Portugal, and Australia. 

View our privacy policy, including our privacy notice to California residents here: https://www.five9.com/pt-pt/legal.  

Note: Five9 will never request that an applicant send money as a prerequisite for commencing employment with Five9.

Apply

Job Profile

Regions

North America

Countries

United States

Restrictions

Fully remote U.S. citizenship required

Benefits/Perks

12 Weeks Paid Parental Leave 401k saving plan 401k saving plan with employer matching Access to an innovative mental health support platform Annual performance bonus Basic life insurance Employee stock purchase plan Fully remote Health, dental, and vision coverage Incentive compensation Incentive compensation plans Inclusive environment Innovative mental health support platform Mental health support Mental health support platform Opportunities for growth Paid holidays Paid parental leave Paid Time Off Paid volunteer Paid Volunteer Hours Pay Transparency Short & Long-Term Disability Team-first culture Vision coverage

Tasks
  • Collaborate with engineering teams
  • Collaborate with team
  • Collaborate with team members
  • Communication
  • Conduct assessments for compliance
  • Documentation
  • Maintain FedRAMP documentation
  • Manage continuous monitoring program
  • Monitoring
  • Track metrics and prepare reports
Skills

Agile Analytical Cloud Contact Center Cloud contact center software Communication Compliance Contact center Continuous Monitoring CVE CVSS Engineering FedRAMP Fedramp compliance FISMA Infrastructure Interpersonal NIST SP 800 Operational POA&M Management Privacy Problem-solving Reporting SaaS SAN SDLC Security Security Compliance Security Controls Technical Documentation Vulnerability Management

Experience

5 years

Education

Bachelor's degree Business Engineering

Certifications

Agile CISA CISM CISSP PMP

Timezones

America/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9