FedRAMP Senior Compliance Analyst

WalkMe Inc.

Job Overview

Location

New York City

Job Type

Full-time

Full Job Description

📋 Description

• Own the end-to-end FedRAMP Risk Management Framework (RMF) lifecycle for WalkMe’s Digital Adoption Platform, taking the program from its current “Ready” status to full Authorization to Operate (ATO) and beyond into Continuous Monitoring. You will define and maintain the authorization boundary, map every NIST 800-53r5 control to concrete technical evidence, and ensure the System Security Plan (SSP), System Assessment Plan (SAP), System Assessment Report (SAR), and Plan of Action & Milestones (POA&M) are always audit-ready.
• Author, own, and continuously improve the full suite of security and compliance policies, standards, and procedures that govern our FedRAMP environment. Your documents will serve as the single source of truth for engineering, IT, security, and external auditors, translating complex federal mandates into clear, actionable guidance that teams can implement without friction.
• Drive vulnerability management at scale: schedule and validate automated scanning across cloud workloads, enforce patching cadences, track remediation SLAs, and present risk-based metrics to leadership. You will turn raw scan data into executive dashboards that show how security posture is improving quarter over quarter.
• Act as the primary liaison with our FedRAMP Third-Party Assessment Organization (3PAO), agency authorizing officials, and SAP auditors. You will schedule control walkthroughs, coordinate evidence requests, shepherd findings to closure, and negotiate timelines so that assessments finish on or ahead of schedule.
• Serve as the U.S.-citizen compliance focal point for all hands-on technical operations inside the FedRAMP production boundary. When engineers need privileged access, when incidents require root-cause analysis, or when new microservices must be onboarded, you will be the trusted operator who ensures every action meets federal mandates.
• Collaborate daily with Security (GRC, AppSec, Incident Response), Cloud Engineering, SRE, and IT to operationalize NIST 800-53 Rev. 5 controls. You will embed security requirements into CI/CD pipelines, Terraform modules, Kubernetes manifests, and operational runbooks so that compliance is “built-in” rather than “bolted-on.”
• Influence engineering best practices by championing secure-by-design patterns—least-privilege IAM, encryption in transit & at rest, container hardening, secrets management, and immutable infrastructure—then codify those patterns in policy and tooling so they scale across hundreds of services.
• Report program status, emerging risks, and key performance indicators to the GRC Lead and CISO on a weekly cadence. You will prepare crisp slide decks, risk registers, and audit-ready artifacts that allow executives to make fast, informed decisions.
• Maintain a living repository of evidence—screenshots, logs, configuration files, test results—that satisfies both FedRAMP and internal stakeholders. You will leverage GRC tooling (Jira, Confluence, ServiceNow, Drata, or similar) to automate evidence collection and reduce manual overhead.
• Champion a culture of continuous improvement by running tabletop exercises, post-mortems, and control effectiveness reviews. When gaps are discovered, you will write concise remediation plans, secure engineering resources, and track completion to 100%.
• Provide ad-hoc training and office hours for engineering teams, translating “what the control says” into “what you need to change in your Terraform.” Your ability to communicate complex topics in plain English will accelerate adoption and reduce rework.
• Uphold WalkMe’s commitment to diversity, equity, and inclusion by ensuring security policies accommodate a globally distributed workforce and by mentoring junior compliance analysts from under-represented backgrounds.

🎯 Requirements

• Minimum 7 years of hands-on FedRAMP compliance experience, including at least one full ATO or renewal cycle
• Deep, practical knowledge of NIST 800-53 Rev. 5 and NIST 800-37 Risk Management Framework
• Demonstrated ability to author, review, and maintain FedRAMP System Security Plans, POA&M, and Continuous Monitoring deliverables
• U.S. citizenship required for access to federal production environments
• Nice-to-have: AWS, Azure, or GCP GovCloud experience; Kubernetes & Terraform fluency; familiarity with NIST 800-171/172, ISO 27001, SOC 2, or GRC automation tools (Jira, Confluence, ServiceNow, Drata, Vanta, Archer, OneTrust)

🏖️ Benefits

• Hybrid work arrangement—2 days per week in SAP’s NYC office, 3 days wherever you work best
• Quarterly wellness reimbursements, daily BrightBreaks, and an annual Wellness Month every July
• Competitive health coverage and region-specific retirement contributions
• Generous annual leave plus RefreshMe Days to strengthen work-life balance
• Career Compass program for continuous professional development and internal mobility

Skills & Technologies

AWS

Azure

GCP

Kubernetes

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

WalkMe Inc.

Visit Website

About WalkMe Inc.

WalkMe Inc. provides a digital adoption platform that overlays on enterprise software, guiding users step-by-step through on-screen tasks and workflows. The cloud-based system overlays contextual instructions, tips, automation, and analytics on web, desktop, and mobile applications, helping organizations accelerate onboarding, reduce support tickets, and measure user engagement. Customers include Fortune 500 companies across finance, healthcare, technology, and government sectors. The company operates globally with offices in the United States, EMEA, and APAC, and supports integrations with SAP, Salesforce, Microsoft, and other enterprise suites.

View Company Profile