Senior Governance, Risk and Compliance Analyst - BetterUp｜Meet.jobs

Let’s face it, a company whose mission is human transformation better have some fresh thinking about the employer/employee relationship.

We do. We can’t cram it all in here, but you’ll start noticing it from the first interview.

Even our candidate experience is different. And when you get an offer from us (and accept it), you get way more than a paycheck. You get a personal BetterUp Coach, a development plan, a trained and coached manager, the most amazing team you’ve ever met (yes, each with their own personal BetterUp Coach), and most importantly, work that matters.

This makes for a remarkably focused and fulfilling work experience. Frankly, it’s not for everyone. But for people with fire in their belly, it’s a game-changing, career-defining, soul-lifting move.

Join us and we promise you the most intense and fulfilling years of your career, doing life-changing work in a fun, inventive, soulful culture.

If that sounds exciting—and the job description below feels like a fit—we really should start talking.

This role is responsible for being a dedicated US Public Sector subject matter expert interfacing with the BetterUp federal team to support the delivery of a best-in-class information security federal GRC program.

What you’ll do:

• Collaborate closely with Product, Engineering, IT, People Operations, and Legal teams in devising action plans to meet FedRAMP requirements.
• Support and lead BetterUp’s US Public Sector GRC program, including requirements gathering, documentation, and planning.
• Be a FedRAMP subject matter expert (SME) and provide input to various business teams with regard to how FedRAMP compliance may impact product updates, SSP updates, or the underlying relevant processes.
• Leverage technical and program management skills to plan, track, collaborate, and report on FedRAMP program deliverables, including scheduling and leading meetings, assigning and tracking action items, and developing status reports.
• Work with the Engineering team to execute on continuous monitoring, including tracking and updating Plan of Action and Milestones and ensuring timely reporting to our government partners.
• Manage the security awareness and training program for employees on the Federal teams.
• Collaborate with the Federal Operations team to perform timely and efficient communication with our agencies and the FedRAMP PMO.
• Lead the Federal Customer Trust program, including external facing documentation and security questionnaires.
• Manage and develop related security documentation as applicable for FedRAMP policy lifecycle management.
• Provide support to the compliance audit and assessment efforts to include external third-party auditors with evidence collection and upload, auditor interview support, and auditor walk-throughs of policies, procedures, and related compliance and security documentation.
• Assist with performing and managing security impact analyses, reviewing access management controls, creating relevant training deployment to applicable users, and mapping technical implementation of changes to impacted NIST security controls.
• Assess the impact of new features and architectural changes to the FedRAMP boundary and SSP.
• Guide technical teams on relevant NIST requirements and documentation update tasks.
• Assist GRC team on other ad hoc important tasks when required.

If you have some or all of the following, please apply:

• Strong communications and critical thinking skills, attention to detail, eagerness to learn, a curious nature, and a fundamental desire to help.
• Demonstrated achievement in driving and/or supporting a company’s journey in obtaining FedRAMP ATO.
• Subject matter expert level knowledge FedRAMP, FISMA, NIST 800-53, CMMC, NIST 800-171 as applicable to a SaaS environment.
• Security experience in at least some of the following domains: application security, vulnerability management, continuous monitoring, incident response, authentication / authorization, or data governance.
• Extensive knowledge and experience in working with cloud technologies and architectures, preferably AWS.
• Understanding of security metrics and creation of effective dashboards for management review and consumption.
• Able to articulate situations, challenges, risks, and see intersection of compliance impacts.
• Demonstrated ability to create and present security awareness training content.
• Excellent presentation, facilitation, and communication skills.
• Ability to build and cultivate strong relationships to make and influence decisions at multiple levels in the organization.
• Intermediate to advanced level expertise with Excel and PowerPoint
• Must be a US citizen

Desirable Requirements

• Bachelor’s degree or 4 years experience in Computer Science, Information Technology, or related field.
• 5-7+ years of direct information security experience, with a primary focus in risk and compliance preferably within software/SaaS industry environments. Startup experience is a plus.
• 3+ years creating and maintaining System Security Plan (SSP), Plan of Actions & Milestones (POA&M), Security Assessment Plan (SAP), Information Security Risk Assessment (ISRA), Interconnection Systems Agreement (ISA), etc.
• 3+ years with Security / GRC in a predominantly Cloud/ SaaS environment.
• Industry certifications such as CISA/CISM/CRISC/CISSP/Security+/CCSK or similar are a plus.
• Knowledge of other security standards and frameworks such as SSAE-18, ISO 27001, PCI DSS, or similar are a plus.
• Experience with the DoD Cloud Computing Security Requirements Guide or US state and local security compliance (e.g., StateRAMP) is a plus.

Benefits:

At BetterUp, we are committed to living out our mission every day and that starts with providing benefits that allow our employees to care for themselves, support their families, and give back to their community.

• Access to BetterUp coaching; one for you and one for a friend or family member
• A competitive compensation plan with opportunity for advancement
• Medical, dental and vision insurance
• Flexible paid time off

• Per year:

  • All federal/statutory holidays observed
  • 4 BetterUp Inner Work days (https://www.betterup.co/inner-work)
  • 5 Volunteer Days to give back
  • Learning and Development stipend
  • Company wide Summer & Winter breaks

• Year-round charitable contribution of your choice on behalf of BetterUp

• 401(k) self contribution

We are dedicated to building diverse teams that fuel an authentic workplace and sense of belonging for each and every employee. We know applying for a job can be intimidating, please don’t hesitate to reach out — we encourage everyone interested in joining us to apply.

BetterUp Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, disability, genetics, gender, sexual orientation, age, marital status, veteran status. In addition to federal law requirements, BetterUp Inc. complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

At BetterUp, we compensate our employees fairly for their work. Base salary is determined by job-related experience, education/training, residence location, as well as market indicators. The range below is representative of base salary only and does not include equity, sales bonus plans (when applicable) and benefits. This range may be modified in the future.

The base salary range for this role is $163,000 – $252,000.

If you live in New York, the base salary range for this role is:

$181,000 – $252,000: New York City

$171,000 – $239,000: Nassau, Newburgh

$163,000 – $227,000: Albany, Buffalo, Rochester, Syracuse

Protecting your privacy and treating your personal information with care is very important to us, and central to the entire BetterUp family. By submitting your application, you acknowledge that your personal information will be processed in accordance with our Applicant Privacy Notice. If you have any questions about the privacy of your personal information or your rights with regards to your personal information, please reach out to support@betterup.co

#LI-Hybrid