Job Location : Lowell,MA, USA
Introduction
About IBM:
IBM (International Business Machines Corporation) is a leading provider of global hybrid cloud and AI, and consulting expertise. It helps clients in more than 175 countries capitalize on insights from their data by offering an extensive portfolio of technology and consulting services; a broad range of infrastructure, including computers, storage, and networking technologies; software, including operating systems and middle-ware; and consulting services spanning applications and business processes.
Your role and responsibilities
IBM is currently seeking a highly skilled and detail-oriented Security & Compliance Engineer to join our Information Security team. The successful candidate will be responsible for managing our FedRAMP Continuous Monitoring (ConMon) processes, ensuring compliance with NIST 800-53 standards, and driving the development of best practices in vulnerability management.
Responsibilities:
Monthly POA&M Gathering: Collect and analyze findings from Monthly Plan of Action & Milestones (POA&M) reports to identify, track, and manage cybersecurity vulnerabilities.
Team Communication: Act as the primary point of contact for vulnerability status updates, liaising with various teams to ensure timely resolution of identified issues.
Vulnerability Analysis & Assignment: Perform thorough analysis of vulnerability scan results, prioritize risks, and assign appropriate remediation tasks to relevant teams based on their expertise.
NIST 800-53 Compliance: Demonstrate a strong understanding of NIST 800-53 security control requirements and ensure adherence within IBM's environment.
FedRAMP Continuous Monitoring (ConMon) Knowledge: Possess in-depth knowledge of FedRAMP ConMon requirements, including the ability to create relevant Key Performance Indicators (KPIs) for our ConMon team.
Vulnerability Tracking & Reporting: Maintain an up-to-date vulnerability registry, track remediation progress, and generate monthly reports on status, trends, and risk mitigation efforts for senior management.
ConMon Process Management: Oversee the ConMon process end-to-end, ensuring its efficiency and effectiveness while maintaining regulatory compliance.
Documentation & Procedure Development: Responsible for accurate documentation of the ConMon processes, creating procedural guidelines, and establishing best practices within the team.
FedRAMP Reporting: Serve as the key point of contact for all FedRAMP-related reporting, ensuring all necessary documentation is prepared accurately and in a timely manner.
Experience & Expertise: Bring relevant experience working within a FedRAMP environment to this role.
Required technical and professional expertise
Experience in cybersecurity, vulnerability management, and compliance roles with a strong focus on FedRAMP.
Proficient understanding of NIST 800-53 and other relevant security standards.
Proven track record in managing complex ConMon processes and vulnerability remediation efforts.
Excellent written and verbal communication skills with the ability to articulate complex technical concepts effectively.
Preferred technical and professional experience
Detail-oriented with strong analytical, problem-solving, and organizational abilities.
Knowledge of Agile methodologies is a plus.
Familiarity with automation tools for vulnerability management and reporting processes.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.