Information Security FedRAMP Compliance Specialist
Apply NowCompany: Medidata Solutions
Location: New York, NY 10025
Description:
Location: Hybrid
Medidata follows a hybrid office policy in which employees who are hired for an in-person position are expected to work on site a certain number of days per week in accordance with Company policy.
About our Company:
Medidata: Powering Smarter Treatments and Healthier People
Medidata, a Dassault Systmes company, is leading the digital transformation of life sciences, creating hope for millions of people. Medidata helps generate the evidence and insights to help pharmaceutical, biotech, medical device and diagnostics companies, and academic researchers accelerate value, minimize risk, and optimize outcomes. More than one million registered users across 2,000+ customers and partners access the world's most trusted platform for clinical development, commercial, and real-world data. Known for its groundbreaking technological innovations, Medidata has supported more than 33,000 clinical trials and 10 million study participants. Medidata is headquartered in New York City and has offices around the world to meet the needs of its customers. Discover more at www.medidata.com and follow us on LinkedIn , Instagram , and X .
Your Mission:
The Information Security FedRAMP Compliance Specialist facilitates FedRAMP standards at Medidata. They support achieving and subsequently maintaining compliance with the Medidata FedRAMP (moderate) ATO.'Success' is measured in the achieving and maintaining compliance with FedRAMP standards, including System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POAM and Authority to Operate (ATO).
You will maintain business relationships internally with; Cloud Operations and Infrastructure Teams, Professional Services, Customer Success, Global Compliance and Strategy, Medidata's Privacy Office, and the Information Security Department.
You will report to the Information Security Director of Security Frameworks.
Key Responsibilities:
The salary range for positions that will be physically based in the NYC Metro Area is $114,750-153,000.
The salary range for positions that will be physically based in the California Bay Area is $121,500-162,000.
The salary range for positions that will be physically based in the Boston Metro Area is $113,250-151,000.
The salary range for positions that will be physically based in Texas or Ohio is $101,250-135,000.
The salary range for positions that will be physically based in all other locations within the United States is $102,750-137,000.
Base pay is one part of the Total Rewards that Medidata provides to compensate and recognize employees for their work. Most sales positions are eligible for a commission on the terms of applicable plan documents, and many of Medidata's non-sales positions are eligible for annual bonuses. Medidata believes that benefits should connect you to the support you need when it matters most and provides best-in-class benefits, including medical, dental, life and disability insurance; 401(k) matching; unlimited paid time off; and 10 paid holidays per year.
Note: Please be on the lookout for job scams. Medidata recruiters will never ask applicants for monetary compensation, credit card, or banking details.
Equal Employment Opportunity:
In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Medidata are based on merit, qualifications and abilities. Medidata is committed to a policy of non-discrimination and equal opportunity for all employees and qualified applicants without regard to race, color, religion, gender, sex (including pregnancy, childbirth or medical or common conditions related to pregnancy or childbirth), sexual orientation, gender identity, gender expression, marital status, familial status, national origin, ancestry, age, disability, veteran status, military service, application for military service, genetic information, receipt of free medical care, or any other characteristic protected under applicable law. Medidata will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.
Applications will be accepted on an ongoing basis until the position is filled.
#LI-EM1
#LI-Hybrid
Diversity As a game-changer in sustainable technology and innovation, Medidata, Dassault Systmes company, is striving to build more inclusive and diverse teams across the globe. We believe that our people are our number one asset and we want all employees to feel empowered to bring their whole selves to work every day. It is our goal that our people feel a sense of pride and a passion for belonging. As a company leading change, it's our responsibility to foster opportunities for all people to participate in a harmonized Workforce of the Future.
Medidata follows a hybrid office policy in which employees who are hired for an in-person position are expected to work on site a certain number of days per week in accordance with Company policy.
About our Company:
Medidata: Powering Smarter Treatments and Healthier People
Medidata, a Dassault Systmes company, is leading the digital transformation of life sciences, creating hope for millions of people. Medidata helps generate the evidence and insights to help pharmaceutical, biotech, medical device and diagnostics companies, and academic researchers accelerate value, minimize risk, and optimize outcomes. More than one million registered users across 2,000+ customers and partners access the world's most trusted platform for clinical development, commercial, and real-world data. Known for its groundbreaking technological innovations, Medidata has supported more than 33,000 clinical trials and 10 million study participants. Medidata is headquartered in New York City and has offices around the world to meet the needs of its customers. Discover more at www.medidata.com and follow us on LinkedIn , Instagram , and X .
Your Mission:
The Information Security FedRAMP Compliance Specialist facilitates FedRAMP standards at Medidata. They support achieving and subsequently maintaining compliance with the Medidata FedRAMP (moderate) ATO.'Success' is measured in the achieving and maintaining compliance with FedRAMP standards, including System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POAM and Authority to Operate (ATO).
You will maintain business relationships internally with; Cloud Operations and Infrastructure Teams, Professional Services, Customer Success, Global Compliance and Strategy, Medidata's Privacy Office, and the Information Security Department.
You will report to the Information Security Director of Security Frameworks.
Key Responsibilities:
- Facilitate the creation of the moderate authorization package and preparations for our Third-Party Assessment Organizations (3PAO) assessment.
- Develop and maintain our System Security Plan and related comprehensive documentation, including policies, standards, procedures, diagrams and controls, to support FedRAMP compliance.
- Coordinate with our internal stakeholder teams to document security compliance control implementations for technical, management, and operational requirements.
- Collaborate with engineering teams to provide technical guidance on enabling our cloud architecture environment to be FedRAMP compliant.
- Support Medidata's FedRAMP continuous monitoring and management of POA&Ms.
- Support Medidata's numerous certifications and ATOs: ISO, FISMA, SOC 2 Type 2, HITRUST etc. as needed.
- 8+ years of related experience with a bachelor's degree; or 6 years with a master's degree; or equivalent Information Security and Compliance experience
- 3+ years of experience with FedRAMP authorization process including continuous monitoring and Plan of Action & Milestones (POA&Ms) management
- Certifications such as CISSP, CCSP, CISM, CRISC, CISA
- Strong analytical and problem-solving skills including the ability to analyze security requirements and relate them to appropriate security controls
- Excellent verbal and written communication skills including expertise in developing security plans and related documentation
- Broad knowledge of Information Technology & Security architecture in on prem data center and cloud environments
- Deep knowledge of Frameworks, e.g.: NIST CSF, RMF & SP 800-53, FISMA, ISO/IEC 27001/27002, SOC 2, HIPAA, GDPR
- Understanding of US government customer priorities
- Agility and willingness to broaden areas of expertise
- Background in the life sciences industry a plus
- Agile project experience a plus
The salary range for positions that will be physically based in the NYC Metro Area is $114,750-153,000.
The salary range for positions that will be physically based in the California Bay Area is $121,500-162,000.
The salary range for positions that will be physically based in the Boston Metro Area is $113,250-151,000.
The salary range for positions that will be physically based in Texas or Ohio is $101,250-135,000.
The salary range for positions that will be physically based in all other locations within the United States is $102,750-137,000.
Base pay is one part of the Total Rewards that Medidata provides to compensate and recognize employees for their work. Most sales positions are eligible for a commission on the terms of applicable plan documents, and many of Medidata's non-sales positions are eligible for annual bonuses. Medidata believes that benefits should connect you to the support you need when it matters most and provides best-in-class benefits, including medical, dental, life and disability insurance; 401(k) matching; unlimited paid time off; and 10 paid holidays per year.
Note: Please be on the lookout for job scams. Medidata recruiters will never ask applicants for monetary compensation, credit card, or banking details.
Equal Employment Opportunity:
In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Medidata are based on merit, qualifications and abilities. Medidata is committed to a policy of non-discrimination and equal opportunity for all employees and qualified applicants without regard to race, color, religion, gender, sex (including pregnancy, childbirth or medical or common conditions related to pregnancy or childbirth), sexual orientation, gender identity, gender expression, marital status, familial status, national origin, ancestry, age, disability, veteran status, military service, application for military service, genetic information, receipt of free medical care, or any other characteristic protected under applicable law. Medidata will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.
Applications will be accepted on an ongoing basis until the position is filled.
#LI-EM1
#LI-Hybrid
Diversity As a game-changer in sustainable technology and innovation, Medidata, Dassault Systmes company, is striving to build more inclusive and diverse teams across the globe. We believe that our people are our number one asset and we want all employees to feel empowered to bring their whole selves to work every day. It is our goal that our people feel a sense of pride and a passion for belonging. As a company leading change, it's our responsibility to foster opportunities for all people to participate in a harmonized Workforce of the Future.