Lead Information Security, Senior Cloud Governance Analyst (FedRAMP) (Remote Eligible)

Position Description

Mathematica applies expertise at the intersection of data, methods, policy, and practice to improve well-being around the world. We collaborate closely with public- and private-sector partners to translate big questions into deep insights that improve programs, refine strategies, and enhance understanding. Our work yields actionable information to guide decisions in wide-ranging policy areas, from health, education, early childhood, and family support to nutrition, employment, disability, and international development. Mathematica offers our employees competitive salaries, and a comprehensive benefits package, as well as the advantages of being 100 percent employee owned. As an employee stock owner, you will experience financial benefits of ESOP holdings that have increased in tandem with the company’s growth and financial strength. You will also be part of an independent, employee-owned firm that is able to define and further our mission, enhance our quality and accountability, and steadily grow our financial strength. Learn more about our benefits here.

We are looking for a Lead, Information Security, Senior Cloud Governance Analyst to join our IT Security, Risk and Compliance group. This individual will work across technology, business unit and project teams to lead the development of a cloud governance model. The Lead Information Security Analyst will provide technical expertise and advice on IT control implementation. The ideal candidate has and can maintain expertise with cloud and hybrid system security industry standards and will champion the adoption of tools and procedures that promote security monitoring and information and technology risk management.

At Mathematica, we take pride in our commitment to diversity. Building an inclusive culture that draws on the individual strengths of employees from different ethnic backgrounds, cultures, lifestyles, abilities, and experience is key to our success. **

Responsibilities**

• Apply in-depth, hands-on knowledge of the FedRAMP regulations, process, and requirements to lead project and initiative teams in accrediting cloud products and services, positively impacting the achievement of customer and operational objectives.
• Lead cross-functional teams in the execution of moderately complex platform, system, tool, or application security authorizations, supporting team members in solving complex problems associated with the FedRAMP and cloud accreditation process and associated risk management activities.
• Develop a cloud governance model that defines roles and responsibilities for cloud security governance across Mathematica, creates a repository of the documentation necessary for the Federal Risk and Authorization Management Program (FedRAMP) process, and defines required updates to people, process and technology controls to position a platform, system or application for favorable external party evaluation.
• Conduct assessments of the management, operational, and technical security controls and control enhancements of systems to determine the overall effectiveness of those controls.
• Define system boundaries including the security architecture of applications, security, compliance and infrastructure that comprise the boundaries.
• Prepare and direct continuous monitoring plans, consistent with FedRAMP requirements, including managing Plans of Action and Milestones (POA&Ms) and logging activities for ingestion into SIEM.
• Advise and contribute to the risk and compliance tactics for Mathematica cloud-based administrative systems and services, including communicating necessary changes to operating processes and procedures in a way that clearly articulate the concepts and persuades others to make necessary changes in their processes.
• Actively support the advancement of organizational diversity, equity and inclusion efforts, and apply diversity, equity and inclusion lens across job responsibilities.
• Additional duties may be assigned as needed.

Position Requirements

• Bachelor’s degree in a relevant field.
• 7+ years of experience leading cloud accreditation processes and security risk management activities.
• A combination of equivalent education and work experience may be substituted for the above requirement.
• Expertise in federal standards and regulations-compliant security and privacy programs, and Authority to Operate (ATO) processes.
• Deep familiarity with, or experience as a 3PAO to obtain FedRAMP Ready or FedRAMP Authorized status for platforms, systems and applications.
• Specialized knowledge in producing and/or validating FedRAMP documentation.
• Expert knowledge of relevant FedRAMP and National Institute of Standards and Technology (NIST) Special Publications
• Experience integrating FedRAMP requirements into GRC solution.

Nice-to-Have

• Project Management experience including project planning, work breakdown structures, and budgeting.
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
• Experience supporting platforms, systems and applications that offer data analytics and big data as a cloud service.
• Experience managing penetration testing engagements as part of continuous monitoring.
• Experience with Agile and DevSecOps approaches.
• Knowledge of operational risk management concepts.
• Knowledge of security certification processes (ISO 27001, CMMC).

This position offers an anticipated annual base salary range of $100,000 - $135,000. This position is eligible for a discretionary bonus based on company and individual performance.

To apply, please submit a cover letter, resume, location preference, and salary expectations. To choose "remote" as your location, select "no preference."

STAFFING AGENCIES AND THIRD PARTY RECRUITERS: _Mathematica is not accepting candidates for this role or any technical role from staffing agencies or third party recruiters. Please do not contact technical or senior staff at Mathematica or share unsolicited resumes. All agency inquiries go through the talent acquisition team and will be routed accordingly.

_ Available Locations: Washington, DC; Princeton, NJ; or remote

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

Any offer of employment will be contingent upon passing a background check. Various federal agencies with whom we contract require that staff successfully undergo security clearance as a condition of working on the project. If you are assigned to such a project, you will be required to obtain the requisite security clearance. Additionally, if you participate in/complete the application process and are denied, Mathematica may choose to terminate your employment.

Although Mathematica does not require vaccination from COVID-19 as a condition of employment, various projects or agencies may require documentation of vaccination (or an approved exception/accommodation).

We take pride in our employees and in their commitment to excellence. We encourage staff to collaborate in developing creative solutions to difficult problems and to share the responsibility and enjoyment of carrying out complex projects. This collegial spirit has helped us earn our reputation for innovative and high quality work.

One of Mathematica’s core values is a deep commitment to diversity, equity, and inclusion. Our work is more robust because it is informed by a variety of diverse perspectives, and our mission to improve societal well-being is strengthened by a greater understanding of issues and challenges facing the populations we serve. Mathematica’s ongoing commitment to diversity and inclusion is woven into our everyday actions, policies, and practices—including decisions regarding recruitment, training, compensation, and promotion. We are dedicated to maintaining a work environment in which everyone is treated with respect and dignity.