Senior Manager of Information Security Public Compliance, CrowdStrike

• 12+ years of experience in information security, governance, risk, and compliance (GRC) with a focus on cloud security and public-sector regulatory frameworks
• Deep expertise in government compliance programs, including FedRAMP Moderate & High, StateRAMP, CMMC (Levels 2 & 3), DoD SRG IL4/IL5, ISMAP (Japan), IRAP (Australia), and other international security frameworks
• Strong knowledge of NIST 800-53, RMF, DFARS, FISMA, ISO 27001, SOC 2, and cloud security best practices
• Experience leading compliance assessments, managing third-party audits, and achieving security certifications for cloud environments
• Ability to effectively engage with U.S. government agencies, AOs, and compliance assessors to drive compliance approvals
• Hands-on experience with security documentation, including SSPs, POA&Ms, control matrices, and compliance automation tools
• Strong leadership and collaboration skills, with the ability to work across teams, regions, and organizational levels
• Excellent communication and stakeholder management skills, including experience briefing executives and government entities on compliance status and security risks
• Technical understanding of cloud security architectures, operating systems, networks, and application security in cloud environments (AWS, Azure, GCP)
• Project management experience, including scoping, risk assessment, resource planning, and compliance reporting

Desirable

• CrowdStrike is seeking a Senior Manager, Information Security Public Compliance to lead and manage compliance efforts for our GovCloud environments, ensuring adherence to U.S. and international government security compliance standards.
• This role will drive strategy, execution, and continuous improvement of compliance programs related to FedRAMP Moderate and High, StateRAMP, CMMC, DoD SRG IL4 & IL5, ISMAP (Japan), IRAP (Australia), and other U.S. and global regulatory requirements
• As a key leader within CrowdStrike’s Governance, Risk, and Compliance (GRC) program, you will be responsible for managing compliance assessments, certifications, and audits, as well as ensuring that our cloud security posture aligns with evolving government regulations.
• You will collaborate closely with internal stakeholders, external auditors, and government entities to maintain the highest levels of security compliance
• This is an exciting opportunity to shape the future of CrowdStrike’s GovCloud security and compliance programs, ensuring we meet the most stringent government security standards while driving innovation and efficiency in compliance management
• Lead and manage compliance initiatives for CrowdStrike GovCloud environments, ensuring adherence to FedRAMP, DoD SRG IL4/IL5, StateRAMP, CMMC, and international frameworks (ISMAP, IRAP, etc.)
• Drive certification efforts by managing internal and external audits, risk assessments, and security documentation submissions
• Develop and maintain compliance strategies that align with federal and international security mandates, working closely with engineering, security, and legal teams
• Oversee the implementation of controls based on NIST 800-53, RMF, CMMC, and DoD SRG standards, ensuring continuous monitoring and compliance readiness
• Serve as a subject matter expert (SME) on public-sector security compliance, providing guidance to internal teams and engaging with government agencies, assessors, and third-party auditors
• Manage relationships with regulatory bodies and compliance assessors, advocating for compliance best practices while ensuring business agility
• Maintain and enhance security compliance documentation, including System Security Plans (SSPs), policies, procedures, and risk assessments
• Support customers and Authorizing Officials (AO) by providing necessary compliance documentation and guidance for their security evaluations
• Stay ahead of evolving regulatory landscapes, interpreting new policies and their impact on cloud security compliance
• Drive continuous improvement by identifying areas for automation, efficiency, and optimization in security compliance processes
• Other responsibilities as requested by leadership