About the job

Saviynt’s Enterprise Identity Cloud helps modern enterprises scale cloud initiatives and solve the

toughest security and compliance challenges in record time. The company brings together identity

governance (IGA), granular application access, cloud security, and privileged access (PAM) to secure

the entire business ecosystem and provide a frictionless user experience. The world’s largest brands

trust Saviynt to accelerate digital transformation, empower distributed workforces, and meet

continuous compliance.

The Director, Governance Risk and Compliance, reports into the Information Security team, and will

lead various Governance Risk and Compliance efforts.

The candidate will possess the ability to execute, scale, and continuously evolve the Governance

function to maximize the impact and oversight across the organization. The candidate must be

comfortable managing projects in an Agile environment.

They should be familiar with policy and compliance requirements, including policy documentation and

system requirements to successfully respond to potential audits.

● Serve as the lead for Saviynt’s FedRAMP Info Sec and Compliance related activities

● Taking Saviynt through FedRAMP certification and re-recertification journey

● Develop System Security Plans (SSP), drive FedRAMP audit work with support from cross

functional team members

● Lead monthly ConMon discussions

● Review security documentation/artifacts such as audit reports, gap analysis reports, POA& amp; Ms,

etc.

● Serve as the Governance POC both internally and externally.

● Identify governance or compliance requirements, assess risks, review required forms

● Serve as liaison across cross functional teams to help achieve Info Sec objectives.

● Maintain a compliance calendar and be accountable for the execution of various compliance

assessments throughout the year, including but not limited to ISO 27001, FedRAMP, PCI-DSS,

SOC 1, SOC 2.

● Draft and update key security documentation including policies, guidance documents,

Contingency Plan, Incident Response Plan, etc.

● Help automate GRC inefficiencies through automation and improved workflows.

● Perform vulnerability scanning and provide remediation guidance as needed.

● Have a working knowledge of the NIST CSF and RMF frameworks

● Support customer requests as they pertain to Compliance queries and to other Information

Security questions, with the support of technical Info Sec members

● Develop and update Policies, Standards and Procedures per the organization’s policy

framework

● Establish and lead risk management activities, including identification of risk and recommended

mitigations; track and manage risks and issues from identification through closure.

● Establish and maintain appropriate metrics that will help measure the GRC posture of the

company

● Collaborate with key stakeholders to ensure successful execution of mission and business

needs

● Execute on GRC initiatives as defined within the security roadmap, while working with the

broader Information Security team and technology teams

● Conduct risk assessments, compile risk registers, and track risk remediation plans

● Respond to requests from customers for information on our security measures

● Completing vendor security reviews. Optimize and automate the security questionnaire

process.

● Review security clauses in customer and vendor contracts

● Establish, review, and enhance security training and awareness programs

● Support the business with customer engagements, including attending customer calls and

supporting sales teams

What You Bring

● Bachelor's degree with a minimum of 8 years of experience

● Knowledge of U.S. Federal Government security compliance, risk management processes and

requirements, including NIST RMF and NIST SP 800-53 Rev 5 controls

● Experience with GRC tools and automation is a plus

● Experience with common controls framework, unified control framework (UCF) is a plus

● Knowledge of current trends/technologies (i.e., Zero Trust, AI/ML, PAM, etc.) is a plus

● Experience with vulnerability scanning, remediation, and continuous monitoring (ConMon)

● Experience managing Agile projects with a focus on duties related to Product Owner

● Experience developing executive level presentations to support Governance and broader

Information Security updates to appropriate audiences

● Experience assessing project and technical documentation to ensure compliance with

established policies, processes, and procedures.

● Requires sufficient technical background to be able to interpret audit and compliance

requirements, and be able to support basic evidence gathering needs in support of audits

● Ability to provide excellent written and oral communications by email, presentations, and

mobile communication platforms (including: experience facilitating discussions, briefing senior

managers, and conducting project meetings).

● Experience supervising or managing an Agile project team.

● Work on multiple projects and tasks concurrently

● Experience defining project scope and objectives, developing detailed work products

(schedules, status reports, etc.), conducting project meetings, and owning responsibility for

project tracking and analysis.

● Experience with continuous monitoring and Plans of Actions and Milestones (POA& amp ;Ms) is a plus

● Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and

GDPR/privacy

● Flexible and collaborative approach to enabling and supporting the business

● Strong stakeholder and relationship management skills