FedRAMP Senior Compliance Analyst

What You'll Own

• Own the FedRAMP RMF lifecycle, including defining/maintaining the authorization boundary, driving control implementation evidence, writing and reviewing the System Security Plan (SSP), and managing System Assessment Plan (SAP)/System Assessment Report (SAR), Plan of Action & Milestones (POA&M), and Continuous Monitoring submissions.
• Author and maintain security and compliance policies, standards, and procedures, aligning with NIST 800-53r5 and organizational standards.
• Drive vulnerability management, including vulnerability scanning, patching cadence enforcement, and tracking remediation.
• Liaise with external FedRAMP advisors/3PAO and authorizing stakeholders, scheduling walkthroughs, coordinating requests, and resolving findings.
• Serve as the U.S. citizenship compliance focal point for technical operations in the FedRAMP production environment.
• Collaborate with Security (GRC/AppSec/IR), Cloud Engineering/SRE, and IT teams to operationalize NIST 800-53 Rev. 5 controls and ensure traceable evidence.
• Influence engineering best practices by embedding security and compliance requirements into CI/CD pipelines, IaC, and operational processes.
• Report program status, risks, and metrics to the GRC Lead/CISO, and prepare materials for audits, renewals, and leadership reviews.
• Strong English communication skills (oral and written), with the ability to author clear policies, technical documentation, and reports.
• Positive, can-do attitude with proven ability to take ownership and drive complex initiatives to completion.
• Standard U.S. time-zone collaboration is expected, with occasional meetings with external auditors/advisors.

What You Need to Succeed

• Minimum 7 years of compliance experience in FedRAMP
• Prior experience leading a FedRAMP Authorization to Operate (ATO) or renewal, including preparing for agency or JAB authorization
• Prior, hands-on FedRAMP experience in documentation, RMF, POA&M management, Continuous Monitoring, and FIPS-validated cryptography (FIPS 140-3)
• Strong working knowledge of NIST 800-53r5 and RMF (NIST 800-37), with the ability to map technical controls to evidence
• Demonstrated ability to author policies, review SSPs and collaborate effectively with 3PAOs/advisors and engineering teams
• Excellent documentation, communication, and stakeholder management skills
• U.S. citizenship (required due to federal program requirements)
• Positive, can-do attitude with a collaborative approach, and proven ability to take ownership and drive complex initiatives to completion.

What Sets Us Apart

• At WalkMe, we are dedicated to building a workforce that reflects the diversity of our global community and clients we serve through inclusive programs and initiatives including equal pay, employee resource groups, holistic benefits and more.  We are committed to fostering an inclusive culture which celebrates the unique experiences and perspectives each Team Member brings to the workplace.
• Hybrid Work Arrangement: We offer a hybrid work schedule to perfectly combine the benefits of remote work and the essential connections and collaborations of onsite work.
• Supportive Culture: We focus on the whole person, celebrating what makes us unique, and create space for community.
• Professional Development: We encourage continuous learning and offer opportunities for career development through our career compass offering.
• Stay healthy and happy with Wellness@WalkMe! Enjoy quarterly wellness reimbursements, daily BrightBreaks to recharge, and WalkMe’s annual Wellness Month every July—because your well-being matters all year long.
• WalkMe provides health coverage options, where applicable, to ensure employees have access to essential medical benefits. Our offerings are designed to support the well-being and diverse needs of our global workforce.
• WalkMe offers a generous annual leave policy tailored to meet regional standards, ensuring all employees enjoy sufficient time off to rest and recharge.
• WalkMe offers RefreshMe Days throughout the year to further strengthen our commitment to work/life balance.
• Robust Retirement Contributions: Ask HR about the specific offerings for your region!
• SAP's acquisition of WalkMe highlights a commitment to enhancing user experience and streamlining software interactions, offering opportunities to work with cutting-edge technology that drives efficiency and innovation in the workplace.

Nice to have

• Exposure to AWS/Azure/GCP (GovCloud experience a plus), Kubernetes, Terraform, CI/CD, logging/monitoring (Splunk, CloudWatch, ELK, Datadog)
• Familiarity with NIST 800-171/172, ISO 27001, SOC 2, vulnerability management practices, and security testing (BC/DR, IR exercises)
• Experience with GRC/evidence tools (e.g., Jira/Confluence, ServiceNow, Drata/Vanta/Archer/OneTrust)
• Prior SaaS/public-sector or enterprise compliance experience.

Our job titles may span more than one career level. The base salary for this position is between $100,000-$130,000. The actual base pay is dependent upon many factors, such as: location, training, transferable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future. This role may also be eligible for bonus and benefits as part of our competitive total rewards package.

At WalkMe, we approach Diversity, Equity and Inclusion (DEI) with the same level of collaboration, innovation and accountability that we bring to the rest of our business. We believe in the value of diversity and are committed to ensuring an equitable and inclusive workplace where every employee has an equal opportunity to achieve success.