Federal Jobs in Durham, NC

The successful applicant will be performing work on US Government classified environments, and therefore, must be a U.S. Person (i.e., U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil.

The Global Cloud Compliance (GCC) group within the STO is responsible to drive all compliance certifications across Cisco. The team enables and protects global cloud sales for our commercial customers, US Government and Federal agencies, as well as many international standards bodies. This team works with Sales and Business Unit partners to ensure accurate security and trust features and functionality are included in new offer releases.

What You'll Do

In today’s dynamic digital environment, security is everyone’s job. At Cisco, the Security and Trust Organization (STO) is at the core of making infrastructure more secure. Your involvement in this strategic and driven team will enable you to collaborate on Cisco’s major objectives – to be the number one trusted business partner to our customers. The STO reports to Cisco’s Chief Security and Trust Officer and owns the innovation, training, and implementation of security and trust features and processes across all of Cisco’s products.

You'll work with a team of control auditors who will provide strategy and execution support for global certifications' audits like SOC2, ISO, PCI, HIPAA, IRAP, C5 and others. The audit support activities will include, but are not limited to, defining the control objectives, advising various engineering organizations as compliance SMEs, performing gap assessments, performing internal readiness assessments, and collaborating closely with external auditors.

Primary responsibilities :

Partner with a team of compliance engineers passionate about the strategic development of Common Controls and execution of controls internal readiness

• Work on the design, governance, and maintenance of Common Controls and associated implementation strategy
• Partner with various BUs to support the appropriate adoption and on-boarding of Common Controls
• Support the development of the ISMS, risk assessment strategy, security policies, and standards for the certifications
• Liaison with external auditors and other internal teams to support certification audits
• Be the authority of relevant Security Compliance frameworks and provide mentorship to teams accordingly

Who You Are

This role will support the compliance strategy implementation across Cisco Cloud by developing, governing, and evolving common controls to achieve various security certifications like AICPA SOC2, ISO, PCI, FedRAMP, and others. The ideal candidate is proficient in compliance and has no issues with “rolling up” their sleeves to dig into the details of the various control frameworks; understanding Cisco Clouds current set up around people, process, and technology; and then crafting the common controls along with an implementation strategy.

You have a detailed understanding of risk management methodologies, frameworks, and principles (e.g., AICPA SOC2, FedRAMP, ISO, PCI, HIPAA, etc.) to evaluate and recommend the best approach to mitigating risk with outstanding controls. You possess knowledge of Core IT processes / services such as SDLC, Identity / User Access Management, Vulnerability Management, Backup and DR processes. Your superb interpersonal skills at all levels of the organization and ability to prioritize and multi-task in a constantly evolving environment set you apart from the pack and you love being a team-player.

Minimum requirements :

Preferred requirements :