At Everlaw, the GRC (Governance, Risk and Compliance) team is a service organization to help meet needs of several teams across the company, including customer trust, compliance and governance. We expect 2023 to be another exciting year of growth initiatives as we continue building a robust GRC platform fitting for a scaling company like Everlaw. This is where you come in!
We’re looking for a Sr. FedRAMP Program Manager to lead, manage, and grow Everlaw’s FedRAMP program. As a Sr. FedRAMP Program Manager, you will be empowered to take full ownership of our FedRAMP program while working closely with a variety of internal and external stakeholders, including Engineering, Federal Operations, IT, Outside Counsel, AO (authorizing agencies) & 3PAO to maintain and improve our ATO.
At Everlaw, our mission is to promote justice by illuminating truth. Our company culture is open and vibrant and we’re committed to the professional growth of our team members, offering an annual learning and development stipend and regular check-ins with managers regarding career goals. If you’re looking for a place that values passion, integrity, thinking big, and a desire to learn, we’d love to hear from you!
Think you’re missing some of the skills and are hesitant to apply? We do not believe in the ‘perfect’ candidate and encourage you to apply if you feel you can bring value to our team. Learn more about Life at Everlaw.
This is a full-time, exempt, onsite position located in Oakland, California, or in Washington, D.C..
- We want you to feel like part of the team early on! Our onboarding process will integrate you into the company with informative sessions on our product, policies, processes, and team structure and goals.
- We’re excited for you to learn, grow, and contribute right away! We trust that you’ll bring experience and knowledge that will uplift and uplevel the team, but we don’t expect you to know everything on Day 1.
In your role, you'll...
- Lead and manage Everlaw’s FedRAMP program, including making updates to Everlaw’s FedRAMP System Security Plan (SSP), and managing the ConMon initiative.
- Be a FedRAMP subject matter expert (SME) and provide input to Engineering, IT and various business teams regarding how FedRAMP compliance may impact product updates, SSP updates, or the underlying relevant processes.
- Leverage technical and program management skills to plan, track, collaborate and report on FedRAMP program deliverables, including scheduling and leading meetings, assigning and tracking action items, and developing status reports.
- Provide support to the compliance audit and assessment efforts to include external third-party auditors with evidence collection and upload, auditor interview support, and auditor walk-throughs of policies, procedures, and related compliance and security documentation.
- Build GRC-specific compliance review processes and perform the security impact analyses, reviewing access management controls, creating relevant training deployment to applicable users, and mapping technical implementation of changes to impacted NIST security controls.
- Work with the Engineering team to execute on continuous monitoring, including tracking and updating Everlaw’s Plan of Action and Milestones and ensuring timely reporting to our Agency partners.
- Collaborate with the Federal Operations team and Outside Counsel to perform timely and efficient communication with our agencies and the PMO. Facilitate and verify that FedRAMP evidence and artifacts are created and uploaded according to FedRAMP continuous monitoring (ConMon) requirements.
- Design, build and implement Everlaw’s Multi-Agency Continuous Monitoring program in collaboration with our 3PAO, under PMO’s guidance.
- Assess the impact of new features and architectural changes to the FedRAMP boundary and SSP. Guide technical teams on relevant NIST requirements and documentation update tasks.
- Assist GRC team on other ad hoc important tasks when required.
- Bachelor’s degree in Information Security/Information Technology, Computer/Electronic Engineering, Communications Engineering, or related field.
- You have at least 12 years of information technology and/or information security experience
- You have at least 6 years of experience either in building, executing, planning, tracking, or auditing a FedRAMP program (FedRAMP-moderate or FedRAMP-high).
- You have deep technical expertise in implementing NIST SP 800-53 Rev 4/5 and/or NIST SP 800-37 frameworks.
- You are a strong, capable project manager who has successfully planned, led, and completed complex projects with multiple stakeholders and dependencies.
- You have a track record of successfully collaborating with technical and business teams to achieve deadline-driven milestones while demonstrating the ability to think critically and creatively, with analytical and problem solving skills.
- You are able to independently operate and take a proactive approach to your projects.
- CISSP, CISM, or CISA required.
- The expected salary range for this role is between $195,000 - $230,000. The final offered salary will be dependent upon many factors including the candidate’s experience and skills. The base pay range is subject to change in the future.
- Equity program
- 401(k) retirement plan with company matching
- Health, dental, and vision
- Flexible Spending Accounts for health and dependent care expenses
- Paid parental leave and approximately 10 days (80 hours) per year of sick leave
- Seventeen paid vacation days plus 11 federal holidays
- Membership to Modern Health to help employees prioritize mental health and wellness
- Annual allocation for Learning & Development opportunities and applicable professional membership dues
- Company-sponsored life and disability insurance
- Work in Uptown Oakland, just steps from the BART line and dozens of restaurants and walking distance to Lake Merritt
- Flexible work-from-home days on Tuesdays and Fridays
- Monthly home internet reimbursement
- Select your preference of hardware (Mac or PC) and customize your desk setup
- Enjoy a wide variety of snacks and beverages in the office
- Bond over company-wide out-of-the-box events and fun activities with your team
- Time off for company-sponsored volunteer events and 4 paid hours per quarter to volunteer at a charitable organization of your choice
- Take advantage of learning and career development opportunities
- Ranked #9 on Glassdoor's Best Places to Work 2023 for US small and medium companies
- One of Wealthfront’s 2021 Career Launching Companies, and ranked #2 on the “2022 Bay Area Best Places to Work” list by the San Francisco Business Times and the Silicon Valley Business Journal
- One of Fast Company’s World's Most Innovative Companies for 2022 and proud contributor of free ediscovery resources to benefit the greater good through “Everlaw for Good”
Pursue Truth While Finding Yours
At Everlaw, we are deeply invested in pursuing the truth, for our clients and for our employees. We know that when you’re empowered to pursue your passions, it is reflected in the work. That’s why we’re committed to the professional growth of all our team members, offering an annual learning and development stipend and regular career check-ins with managers. If you’re looking for a place that values passion, integrity, and a desire to learn, we’d love to hear from you!
We help law firms, government agencies, and corporations sift through millions of documents of evidence in big lawsuits and investigations to find the proverbial smoking gun (or needle in the haystack -- pick your metaphor). It's a multi-billion dollar space typically dominated by service-oriented vendors, and we're coming at it with cutting-edge technology and elegant design. It's working, and we've been growing very rapidly: we host hundreds of terabytes of data and work with all 50 state Attorneys General and hundreds of law firms on some of the most high-profile cases litigated today.
Everlaw is an equal opportunity employer. We pride ourselves on having a diverse workforce and we do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law. We respect the gender, gender identity and gender expression of our applicants and employees, and we honor requests for pronouns. It is our policy to comply with all applicable national, state and local laws pertaining to nondiscrimination and equal opportunity, including the California Equal Pay Act
. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Everlaw requires all of its employees to be fully vaccinated for COVID-19, unless a medical or religious exemption applies. If you are hired, we will require you to prove that you have received the COVID-19 vaccine, unless you have received a medical or religious exemption.