Compliance Analyst, Public Sector

Remote North America, New York City

The database market is massive (IDC estimates it to be $121B+ by 2025!) and MongoDB is at the head of its disruption. At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.

The MongoDB security team is looking for a Compliance Analyst - Public Sector. This role will be responsible for analyzing, documenting and monitoring risk and compliance posture across our existing program. This role will report to the FedRAMP Technical Compliance Program Manager.

MongoDB aligns its practices to multiple compliance frameworks in order to support our customer’s needs. As we continue to grow, MongoDB is expanding to support more public sector compliance frameworks. The Compliance Analyst - Public Sector role will provide support to MongoDB’s public sector compliance team by assisting in maintenance of comprehensive public sector compliance documentation, arranging meetings, liaising with internal stakeholders to communicate compliance requirements and gather feedback, preparing data for further analysis and reporting, tracking meeting minutes and actions and providing general administrative support to enable continuous growth of the Governance, Risk and Compliance Program. Familiarity with compliance programs or technical audits in public sector Information Security related frameworks (i.e. NIST 800-53, NIST 800-171, etc.) is a plus. 

This role will support building out an internal compliance program and help scale MongoDB Inc. to support our customer’s needs. MongoDB is a breakthrough company that is disrupting a $40B market. This position has significant growth potential and we’re looking for someone who is excited to take initiative and eager to learn. 

This role can be based out of our New York City office or remotely in the US.

Responsibilities

  • Assist with ongoing public sector compliance maintenance for a leading database as a service compliance team 
  • Perform policy and procedure remediation and analysis as part of a MongoDB’s governance, risk, and compliance organization
  • Develop, review, and update documentation for MongoDB’s public sector cloud customers
  • Monitor internal compliance against information security governance frameworks by conducting routine testing and internal control reviews, and gap assessments
  • Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring through resolution 
  • Assist in building dashboards and presentations for various audiences (executive, business unit, ops, etc.)
  • Support assessment activities as required to maintain compliance or evaluate the system by potential sponsors, 3PAO, PMO, or the JAB 
  • Work cross functionally with organizational stakeholders to provide guidance on effectiveness of security controls
  • Help to ensure audit readiness by engaging with internal stakeholders and providing guidance on  relevant processes and requirements
  • Communicate effectively and proactively with ideas and recommendations for optimizing business operations, resources and capacity to meet internal and external compliance goals
  • Work within ticketing flows to ensure various projects remain on target

Qualifications

  • BA or BS in a technical field or equivalent experience
  • Experience with security and major compliance audits such as  ISO27001, PCI, HIPAA, SOC2
  • Working knowledge of cloud controls and environments
  • Experience in assessing, implementing, and documenting security controls in cloud environments
  • Practical understanding of cloud security compliance, risk management and information security principles
  • Strong knowledge of leading practices and associated tools in a cloud environment
  • Ability to proactively collaborate across internal, customer, and key partner teams
  • Strong analytical, diagnostic, and critical thinking skills
  • Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences
  • Effectively articulate escalations and communicate progress to stakeholders

Desired Qualifications

  • Specific knowledge of FedRAMP, NIST 800-53, and NIST 800-171 or other highly regulated security standards
  • CCSP, CISSP, CISA, and similar certifications are a plus
  • Working knowledge of common practices and POA&M documentation
  • Experience reviewing and editing SSPs, IRPs, ISCPs, and other FedRAMP related documentation.

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

To applicants in the European Union and California: Please find our European Union and California Recruitment Privacy Notice.

To all recruitment agencies: MongoDB does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias or MongoDB employees. MongoDB is not responsible for any fees related to unsolicited resumes.