Information Security FedRAMP Compliance Specialist
United States - NY, New York
Medidata: Powering Smarter Treatments and Healthier People
Medidata, a Dassault Systèmes company, is leading the digital transformation of life sciences, creating hope for millions of people. Medidata helps generate the evidence and insights to help pharmaceutical, biotech, medical device and diagnostics companies, and academic researchers accelerate value, minimize risk, and optimize outcomes. More than one million registered users across 2,000+ customers and partners access the world's most trusted platform for clinical development, commercial, and real-world data. Known for its ground-breaking technological innovations, Medidata has supported more than 30,000 clinical trials and 9 million study participants. And Medidata’s ongoing commitment to infusing the patient voice into trial designs and solutions is helping to create a better and more inclusive experience for all participants in clinical studies. Medidata is involved in nearly 40% of company-initiated trial starts globally, with studies conducted in more than 140 countries. More than 70% of novel drugs approved by the Food and Drug Administration (FDA) in 2022 were developed with Medidata software. Medidata is headquartered in New York City and has offices around the world to meet the needs of its customers. Discover more at www.medidata.comand follow us @medidata.
The Information Security Teams manage the protection of the assets that our customers and their patients trust us with. More than just ensuring integrity and availability assurance, we are also responsible for the Reputation Integrity of the organization as a whole.
Protection of that Trust is the single truth for our compass and values.
Information Security has evolved from a backoff burden to front and center to the business. This role is necessary to the success of our Go-To-Market strategy, and supporting the premise that what we provide is a differentiator.
What we're looking for:
The Information Security FedRAMP Compliance Specialist represents Medidata (as a Cloud Services Provider) in all interactions with the FedRAMP Project Management Office, Federal Agencies and 3rd Party Assessment Organizations (3PAOs). ‘Success’ is measured in the achieving and maintaining compliance with FedRAMP standards, including System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POAM and Authority to Operate (ATO).
You will maintain business relationships internally with; Cloud Operations and Infrastructure Teams, Professional Services, Customer Success, Global Compliance and Strategy, Medidata’s Privacy Office, and the Information Security Department.
You will be provided a hybrid work environment, with remote and in-office presence.
You will report to the Information Security Director of Security Frameworks and Compliance.
- Through your expertise, provide leadership in the drive to achieve and maintain FedRAMP Moderate ATO
- Be the primary liaison between Medidata and FedRAMP Project Management Office, Federal Agencies and 3rd Party Assessment Organizations (3PAOs)
- Participate in Dassault Systèmes community of businesses aiming to obtain FedRAMP certification
- Engage with Information Security, Data Privacy, Cloud Operations and Infrastructure, and executive leadership to discuss infrastructure architecture, and business process changes that are necessary to achieve and maintain the FedRAMP certification
Requirements (Education & Experience):
- Have direct involvement in the process of acquiring and maintaining a FedRAMP Authority to Operate (ATO)
- Understand the security aspects of Medidata's services, and corporate and hosting environments
- Understand the priorities of Medidata’s US government customers, their concerns, and processes
- Familiar with Global regulatory requirements For example, GDPR in the EU, and the Personal Data Privacy Law in China
- Good writing skills; both within a technical and within a corporate environment
- Lead Auditing Certifications (ISO, CISA, CISM, SSCP, CCSP)
- 8 years of related experience with a Bachelor’s degree; or 6 years with a Master’s degree; or equivalent Information Security and compliance experience
- Lead the refinement of Medidata process documentation, and maintenance of security procedures and standards, to ensure compliance with FedRAMP
- Analytical skills to analyze security requirements and relate them to appropriate security controls
- Expert in developing and documenting security plans, including tactical project plans
- Broad knowledge of Information Technology architecture, both in a Data Center and Cloud environment
- Manage the Information Security Plan of Action and Milestones (POA&M) for FedRAMP
As with all roles, Medidata sets ranges based on a number of factors including function, level, candidate expertise and experience, and geographic location.
The salary range for positions that will be physically based in the NYC Metro Area is $114,750-153,000.
The salary range for positions that will be physically based in the California Bay Area is $121,500-162,000.
The salary range for positions that will be physically based in the Boston Metro Area is $113,250-151,000.
The salary range for positions that will be physically based in Texas or Ohio is $101,250-135,000.
The salary range for positions that will be physically based in all other locations within the United States is $102,750-137,000.
Base pay is one part of the Total Rewards that Medidata provides to compensate and recognize employees for their work. Most sales positions are eligible for a commission on the terms of applicable plan documents, and many of Medidata’s non-sales positions are eligible for annual bonuses. Medidata believes that benefits should connect you to the support you need when it matters most and provides best-in-class benefits, including medical, dental, life and disability insurance; 401(k) matching; unlimited paid time off (subject to management discretion); and 10 paid holidays per year.