Senior Trust Assurance Specialist at DigiCert

United StatesFull-timeTrust Assurance and SecurityPosted 27 days ago

About the Role

<div class="content-intro">Who we are DigiCert is a global leader in intelligent trust. We protect the digital world by ensuring the security, privacy, and authenticity of every interaction. Our AI-powered DigiCert ONE platform unifies PKI, DNS, and certificate lifecycle management, to secure infrastructure, software, devices, messages, AI content and agents. Learn why more than 100,000 organizations, including 90% of the Fortune 500, choose DigiCert to stop today’s threats and prepare for a quantum-safe future at <a href="http://www.digicert.com/">www.digicert.com</a></div>  Job summary We are seeking a Senior Trust Assurance Specialist (FedRAMP Focus) to join the Trust Office team at DigiCert. This role is responsible for leading complex compliance and assurance activities, with a particular focus on FedRAMP and U.S. public sector regulatory requirements, while also contributing broadly across DigiCert’s global compliance program. The successful candidate will have 6–7+ years of experience in compliance, risk management, or audit, with strong experience in FedRAMP / FISMA environments and a solid understanding of broader cybersecurity frameworks. This individual will operate with a high degree of autonomy, acting as a key liaison for audits, regulatory engagements, and FedRAMP-related activities. This role reports to the Head of Compliance and works closely with cross-functional teams across Security, IT, Legal, and Operations.   What you will do Level Expectations <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Leads complex compliance domains, audit engagements, or regulatory areas</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Provides subject matter expertise, particularly in FedRAMP and NIST-based frameworks</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Influences stakeholders and drives alignment on compliance and control decisions</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Operates with a high degree of autonomy and accountability</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Acts as a key escalation point for complex compliance or audit issues</li> </ul> Audit & Assurance Leadership <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Lead external and customer audit engagements (e.g., SOC 2, WebTrust, FedRAMP), including planning, execution, and stakeholder coordination</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Act as a primary point of contact for auditors and assessors, ensuring effective communication and successful audit outcomes</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Oversee audit evidence preparation, walkthroughs, and issue resolution</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Ensure timely and effective remediation of audit findings</li> </ul> FedRAMP & Regulatory Compliance (Core Focus) <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Lead and support FedRAMP authorization and continuous monitoring activities, including coordination of security documentation, control implementation, and audit readiness</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Support the maintenance and accuracy of key FedRAMP artifacts (e.g., SSP, POA&M, control evidence)</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Act as a key liaison with authorizing agencies, 3PAOs, and external stakeholders</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Interpret and apply NIST 800-53 and related FedRAMP requirements within DigiCert’s environment</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Ensure alignment between FedRAMP requirements and broader compliance frameworks</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Support maintaining audit readiness and authorization posture, including ongoing monitoring and POA&M oversight</li> </ul> Regulatory Compliance & Advisory (Broader Scope) <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Interpret and apply regulatory and industry standards (e.g., WebTrust for CAs, ISO 27001, NIST, SOC 2) across the organization</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Ensure alignment between regulatory requirements, internal policies, and control design across the organization</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Stay informed of emerging regulatory changes and assess their impact on DigiCert</li> </ul> Control Design & Oversight <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Lead the design, evaluation, and enhancement of controls to ensure effectiveness and alignment with regulatory requirements</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Provide guidance on complex control issues, particularly in NIST/FedRAMP environments</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Identify systemic control gaps and drive remediation strategies</li> </ul> Risk & Compliance Integration <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Provide guidance on risk assessments and ensure alignment between compliance and risk management activities</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Drive integration of compliance requirements into broader risk frameworks</li> </ul> Stakeholder Leadership <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Build and maintain strong relationships with senior stakeholders across Security, IT, Legal, HR, and Operations</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Influence decision-making to ensure compliance objectives are met without unnecessary friction</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Provide mentorship and guidance to Analysts and Specialists</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Act as an escalation point for complex compliance, audit, or FedRAMP-related issues</li> </ul> Continuous Improvement <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Identify and drive improvements in compliance processes, tools, and reporting</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Contribute to the maturity and scalability of DigiCert’s compliance program</li> </ul>   What you will have <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Bachelor’s degree in Law, Compliance, Information Security, Computer Science, or a related field</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">6–7+ years of experience in compliance, risk management, audit, or related roles</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong experience with FedRAMP (Authorization and/or Continuous Monitoring)</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience working with NIST frameworks (e.g., 800-53, 800-63)</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience engaging with external auditors, assessors (e.g., 3PAOs), or regulatory bodies</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience leading audits or compliance activities across one or more frameworks</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong understanding of control design, evaluation, and regulatory interpretation</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience working with frameworks such as SOC 2, ISO 27001, WebTrust, or similar</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Ability to operate across multiple compliance domains, not limited to FedRAMP</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong analytical and problem-solving capabilities</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Excellent written and verbal communication skills</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Ability to influence and challenge stakeholders constructively</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">High degree of ownership and accountability</li> </ul>   Nice to have <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience in PKI, digital certificates, or cryptographic security environments</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Certifications such as CISSP, CISM, CISA, or CRISC</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience with FedRAMP High or Moderate environments</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Familiarity with FISMA, ATO processes, or public sector compliance environments</li> </ul>   Benefits <ul> <li>Competitive compensation and comprehensive health, dental, and vision coverage </li> <li>Retirement savings programs with company matching (401(k) or RRSP) </li> <li>Generous paid time off, including holidays, and vacation </li> <li>Paid parental leave and family support benefits </li> <li>Life and disability coverage </li> <li>Flexible spending and health savings options (where applicable) </li> <li>Health and wellness support, including gym reimbursement and wellness programs </li> <li>Employee Assistance Program with 24/7confidential support for employees and families </li> <li>Education assistance and professional development opportunities </li> <li>Access to LinkedIn Learning and continuous learning resources </li> <li>Employee referral bonus program and additional company perks and discounts </li> <li>Business travel insurance and global employee support programs </li> </ul>   DigiCert is an Equal Opportunity employer and is committed to diversity in its workforce. In compliance with applicable federal and state laws, DigiCert prohibits discrimination on the basis of race or ethnicity, religion, color, national origin, sex, age, sexual orientation, gender identity/expression, veteran’s status, status as a qualified person with a disability, or genetic information. Individuals from historically underrepresented groups, such as minorities, women, qualified person with disabilities, and protected veterans are strongly encouraged to apply.   #LI-KK1<div class="content-pay-transparency"><div class="pay-input"><div class="description">Compensation Transparency:   The annualized base salary range for this position is outlined below.  Each candidate’s compensation offer will be determined based on factors including experience, skills, qualifications, job duties, business needs, and location. For roles that include additional compensation components, total compensation may include base pay, bonus, equity, or other incentives.  This role may also be eligible for benefits, which will be discussed during the hiring process. We are committed to fair and transparent pay practices and comply with all applicable pay transparency requirements. If you would like more information about compensation or benefits, we are happy to provide additional details during the hiring process.  For more information regarding our comprehensive benefits, see the benefits section. </div><div class="title">Base Salary</div><div class="pay-range">$130,000—$160,000 USD</div></div></div>

About the Role

About the Role

Related Roles

About the Role

Related Roles