FedRAMP Technical Compliance Analyst II
About The Position
Medallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the management of experiences, insights, and actions for candidates, customers, employees, patients, and residents alike. We believe that every experience is a memory that can last a lifetime. Experiences shape the way people feel about a company. And they greatly influence how likely people are to advocate, contribute, and stay. At Medallia, we are committed to creating a world where organizations are loved by their customers and their employees. We empower exceptional people to create extraordinary experiences together. Bring your whole self. The Role and Team The FedRAMP Senior Technical Compliance Analyst role is considered a Public Sector compliance (NIST, FedRAMP, CMMC, FISMA, DoD SRG, 20X, etc.) subject matter expert that will own the FedRAMP RMF lifecycle. This role is focused on maintaining FedRAMP compliance across multiple FedRAMP certifications. You will conduct and own efforts for FedRAMP audits, continuous monitoring (ConMon), change management, and FedRAMP documentation updates and management. This role will also manage contract RFP reviews for FedRAMP compliance and support customer requests for ATO documentation support. What does success look like for this role? Sustaining multiple FedRAMP authorizations as part of the Medallia PubSec team while bridging the gap between compliance and technical.
Requirements
- US Citizen / US Resident
- 3 years of experience working in the cyber security / information security / compliance domain ( FISMA, FedRAMP, DoD etc.)
- FedRAMP compliance management experience
- FedRAMP NIST 800-53 controls implementation experience
- Experience with vulnerability management ownership
Nice To Haves
- Experience with Incident Response and Contingency Planning
- Knowledge of Python, Bash, Kubernetes
- Experience with FedRAMP GRC Tools
Responsibilities
- Own the FedRAMP RMF lifecycle, including defining/maintaining the authorization boundary, driving control implementation evidence, writing and reviewing the System Security Plan (SSP), and managing System Assessment Plan (SAP)/System Assessment Report (SAR), Plan of Action & Milestones (POA&M), and Continuous Monitoring submissions
- Author and maintain security and compliance policies, standards, and procedures, aligning with NIST 800-53r5 and organizational standards
- Drive vulnerability management, including vulnerability scanning, patching cadence enforcement, and tracking remediation
- Liaise with external FedRAMP advisors/3PAO and authorizing stakeholders, coordinating requests, and resolving findings
- Collaborate with Security (GRC/ProdSec/SecOps), Cloud Engineering/SRE, and IT teams to operationalize NIST 800-53 Rev. 5 controls and ensure traceable evidence
Benefits
- Medallia also offers competitive health and wellness benefits, including but not limited to medical, dental, vision, 401(k), short-term and long-term disability, life and AD&D insurance, statutory leaves, paid parental leave, and paid holidays. Benefits and eligibility may vary by location and role.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
