Back to jobs

Security Compliance ConMon Specialist

PagerDuty empowers teams of all kinds to do the critical work that moves business forward through the PagerDuty Operations Cloud.

Visit our careers site to explore life at PagerDuty, discover opportunities, and sign-up for job alerts!

PagerDuty is seeking a Security Compliance ConMon Specialist to join our diverse, customer-focused team! As a Security Compliance ConMon Specialist, you will report to the Senior Manager of Customer Trust & GRC, partnering across the business to play a crucial role in ensuring ongoing compliance with the Federal Risk and Authorization Management (FedRAMP) and SOC 2 programs for PagerDuty. You will be responsible for monitoring, assessing, and reporting on the security posture of our cloud services, ensuring adherence to established security controls and regulations. This is an exciting opportunity to support the development of our FedRAMP program and will play a key role in Customer Trust and Security Compliance. The ideal candidate will be a true team player, demonstrate expertise with security compliance programs such as SOC 2, FedRAMP, NIST, etc., know how to establish security compliance best practices, and possess great written and verbal communication skills.

KEY RESPONSIBILITIES

  • Establish and operate a FedRAMP Vulnerability Management program, including objectives, goals, and metrics. 
  • Serve as the primary author for updating, maintaining, and submitting the monthly FedRAMP Continuous Monitoring Package: Plan of Actions and Milestones (POA&M), Deviation Request Forms, inventory workbook, and supporting evidence for POA&M closures. 
  • Perform continuous monitoring activities in accordance with FedRAMP requirements to ensure ongoing compliance with 800-53 r5 security controls.
  • Lead the development and improvement and scalability of processes, procedures, and documentation related to FedRAMP and SOC 2 compliance.
  • Debrief external stakeholders on the monthly Continuous Monitoring Package, including, but not limited to, Third-Party Assessment Organizations (3PAO), Federal Agencies, and the FedRAMP Program Management Office.
  • Participate and support FedRAMP assessment activities, including Significant Change Requests (SCR), feature onboarding, annual assessments, and agency Authority to Operate (ATO) Reviews.
  • Support customer trust programs, including the Third-Party Risk Program and play to role of SME in external audits
  • Supports information security risk assessments and compliance audits; directing the development and operational effectiveness of IT security controls.
  • Review information security risk findings and non-compliance with business leaders and propose solutions to mitigate risks.
  • Actively drives automation and the continuous improvement of team processes to ensure minimal SLAs for each process.

BASIC QUALIFICATIONS

  • 3+ years of FedRAMP experience; 6 years of Security & Compliance experience in a tech/security environment, leading at least one compliance program such as SOC 2, HITECH or similar.
  • Experience establishing, creating and managing audit workflows across multiple teams.
  • Strong analytical and organizational skills with the ability to successfully manage multiple priorities and deadlines.
  • Metrics driven, with a strong bias towards action and getting stuff done.
  • A focus on process improvement (automation, single pane of glass, continuous improvement).

PREFERRED QUALIFICATIONS

Deep understanding of relevant information security frameworks, including FedRAMP, NIST 800-53, Cybersecurity Maturity Model Certification (CMMC), and DoD Cloud Security Requirements Guide (SRG).

  • Experience in managing a FedRAMP continuous monitoring program within a Software as a Service (SaaS) company.

Past experience in a FedRAMP assessment, having participated either as an assessor or as a Cloud Service Provider (CSP) throughout the entire audit process, from initiation to completion. 

  • Knowledgeable with FedRAMP requirements, processes, templates, and guidance.
  • Familiar with SaaS security tools (such as Sumo Logic, Datadog, Crowdstrike, Wiz, Snyk, and Qualys). Familiarity with contemporary risk and issue management tools (such as JIRA, Lucidchart, UpGuard and Hyperproof).
  • Proficient in utilizing Excel or Google Sheets to manipulate, analyze, and visualize vulnerability report data.
  • Familiarity with Cloud Native and SaaS constructs including architectures, DevOps, CI/CD, SecOps disciplines.

The base salary range for this position is 99,000 - 160,000 USD. This role may also be eligible for bonus, commission, equity, and/or benefits.

Our base salary ranges are determined by role, level, and location. The range, which is subject to change based on primary work location, reflects the minimum and maximum base salary we expect to pay newly hired employees for the position. Within the range, we determine pay for an individual based on a number of factors including market location, job-related knowledge, skills/competencies and experience.

Your recruiter can share more about the specific offerings for this role, as well as the salary range for your primary work location during the hiring process.

Not sure if you qualify?

Apply anyway! We extend opportunities to a broad array of candidates, including those with diverse workplace experiences and backgrounds. Whether you're new to the corporate world, returning to work after a gap in employment, or simply looking to take the next step in your career path, we are excited to connect with you.

Where we work

PagerDuty currently has offices in Atlanta, Lisbon, London, San Francisco, Santiago, Sydney, Tokyo, and Toronto. We offer a hybrid, flexible workplace. We also provide ample opportunities for in-person and virtual connection, like team offsites and volunteering events.

How we work

Our values are deeply embedded in how we operate and the people we bring on board. You will see our values ingrained in how we support our customers, collaborate with our colleagues, develop our products and foster an inclusive and empathetic work culture.

  • Champion the Customer | Put users first to design great products and experiences.
  • Run Together | Build strong teams that amplify our impact on users.
  • Take the Lead | Disrupt and invent to be the first choice for users.
  • Ack + Own | Take ownership and action to deliver more efficiently to users. 
  • Bring Your Self | Bring your best self to build empathy and trust with users.

What we offer

One way we ensure our employees are inspired to do their best is through a comprehensive total rewards approach that supports them and their loved ones. As a global organization, our programs are competitive with industry standards and aligned with local laws and regulations. Learn more, including country-specific offerings, on our benefits site.

Your package may include:

  • Competitive salary
  • Comprehensive benefits package from day one
  • Flexible work arrangements
  • Generous paid vacation time
  • Paid holidays and sick leave
  • Dutonian Wellness Days - scheduled company-wide paid days off in addition to PTO
  • Company equity*
  • ESPP (Employee Stock Purchase Program)*
  • Retirement or pension plan*
  • Paid parental leave - up to 22 weeks for pregnant parent, up to 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)*
  • HibernationDuty - an annual company paid week off when everyone at PagerDuty, with the exception of a small, coverage crew, is asked to take a much needed break to truly disconnect and recharge
  • Paid volunteer time off - 20 hours per year
  • Company-wide hack weeks
  • Mental wellness programs

*Eligibility may vary by role, region, and tenure

About PagerDuty

PagerDuty, Inc. (NYSE:PD) is a global leader in digital operations management. The PagerDuty Operations Cloud revolutionizes how critical work gets done, and powers the agility that drives digital transformation. Customers rely on the PagerDuty Operations Cloud to compress costs, accelerate productivity, win revenue, sustain seamless digital experiences, and earn customer trust. More than half of the Fortune 500 and more than two thirds of the Fortune 100 trust PagerDuty including Cisco, Cox Automotive, DoorDash, Electronic Arts, Genentech, Shopify, Zoom and more.

Led by CEO Jennifer Tejada, PagerDuty’s Board of Directors is 50% female and 62% URP representation. We strive to build a more equitable world by investing 1% each of company equity, product, and employee volunteer time.

PagerDuty is Great Place to Work-certified™, a Fortune Best Workplace for Millennials, a Fortune Best Medium Workplace, a Fortune Best Workplace in Technology, and a top rated product on TrustRadius and G2. 

Go behind-the-scenes on our careers site and @pagerduty on Instagram.

Additional Information

PagerDuty is committed to creating a diverse environment and is an equal opportunity employer. PagerDuty does not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, parental status, veteran status, or disability status.

PagerDuty is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application process. Should you require accommodation, please email accommodation@pagerduty.com and we will work with you to meet your accessibility needs.

PagerDuty uses the E-Verify employment verification program.

Apply for this job

*

indicates a required field

Resume/CV*
,,Google Drive,or

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter
,,Google Drive,or

Accepted file types: pdf, doc, docx, txt, rtf

Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in PagerDuty’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.