Principal Manager - Product Compliance
Position Summary
By joining ExtraHop as the Principal Manager of Product Compliance and as a leader within the Product Security organization, you will directly contribute to strengthening the security and compliance posture of ExtraHop’s market-leading products. Collaborate with top-tier professionals to innovate and uphold the highest standards in cloud security.
You will play a key role in establishing, maintaining and enhancing our compliance with FedRAMP, SOC 2, ISO 27001 and other security and regulatory frameworks. Your expertise will ensure that security controls, monitoring processes, vulnerability management, and risk mitigation strategies meet rigorous standards. Collaborating across teams, you will drive initiatives related to system security planning, vulnerability management and continuous monitoring while supporting audits and responding to compliance requirements.
In this role you will also aid field engagements with current and prospective customers while serving as a liaison with the R&D and Product Security organizations.
Key Responsibilities
Product Compliance
Manage and develop staff members under Product Compliance and fulfill people manager responsibilities
Direct Continuous Monitoring (ConMon) processes and ensure successful monthly reviews with ExtraHop and agency stakeholders in order to maintain FedRAMP authorization
Oversee and contribute to the vulnerability management lifecycle: triage, reporting, coordination with system owners, and remediation tracking
Manage the review of vulnerability findings and provide formal written responses for internal and external stakeholders, including customers
Assess and serve as a subject matter expert for regulatory and compliance requirements and best practices for various standards (e.g., CSA STAR, ISO 27001, FISMA, DORA, FINRA, DoDIN APL, NIAP, FIPS, CMMC, IL4/IL5)
Lead gap assessments and facilitate or support audits (including coordinating evidence collection and submission)
Develop and manage a product security compliance roadmap, incorporating input, feedback and data-driven requirements from Sales, Customer Success, Product Management, and R&D organizations; validate the roadmap with executive leadership; coordinate key activities across the organization to achieve roadmap milestones
Collaborate with Product Security and R&D staff to provide responses to customer and pre-sales inquiries about product security and related items
Collaborate with Product Security team members to develop and improve standards, policies, procedures, documentation, and training
Participate in security incident response activities, representing Product Security and R&D leadership in directing the execution of the IR Plan
Other duties as assigned
Field Technology Liaison
Represent Product Security and R&D to engage with prospective and current customers, particularly in the public sector, in partnership with Sales, Customer Success, and Product Management
Provide verbal and written representation of ExtraHop’s product security practices, posture, and compliance
Clarify and negotiate customer requirements regarding security compliance, security capabilities in the product, and related items
As a subject matter expert, educate and guide ExtraHop teams through the customer procurement and implementation journey
Develop goodwill with prospective and current customers and facilitate successful partnerships
Required Qualifications
12+ years of experience in cybersecurity, with a focus on compliance frameworks like FedRAMP, NIST SP800-53, SOC 2 and ISO 27001
5+ years of which should be hands-on experience specifically managing compliance programs, security assessments, or cloud security initiatives
Bachelor's degree in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical or management discipline
Direct experience with the FedRAMP compliance framework, including security control requirements, documentation and assessment methodologies
Technical knowledge of web application security and cloud security, including best practices and controls for cloud-based environments
Proficient with security tools, including vulnerability scanners, ticketing systems (e.g., Jira), compliance reporting platforms, and SIEM tools
Exceptional analytical skills to effectively manage and resolve security and compliance issues
Proven ability to communicate complex security concepts to technical and non-technical audiences
Strong project management skills with the ability to balance compliance initiatives and security operations
Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum
Work cooperatively with others within the organization and other cross-functional stakeholders.
Work well in fast-paced, high-stress environments.
Has predictable, reliable attendance.
The salary range for this role is $220,000 - $240,000 + bonus + benefits
About the job
Apply for this position
Principal Manager - Product Compliance
Position Summary
By joining ExtraHop as the Principal Manager of Product Compliance and as a leader within the Product Security organization, you will directly contribute to strengthening the security and compliance posture of ExtraHop’s market-leading products. Collaborate with top-tier professionals to innovate and uphold the highest standards in cloud security.
You will play a key role in establishing, maintaining and enhancing our compliance with FedRAMP, SOC 2, ISO 27001 and other security and regulatory frameworks. Your expertise will ensure that security controls, monitoring processes, vulnerability management, and risk mitigation strategies meet rigorous standards. Collaborating across teams, you will drive initiatives related to system security planning, vulnerability management and continuous monitoring while supporting audits and responding to compliance requirements.
In this role you will also aid field engagements with current and prospective customers while serving as a liaison with the R&D and Product Security organizations.
Key Responsibilities
Product Compliance
Manage and develop staff members under Product Compliance and fulfill people manager responsibilities
Direct Continuous Monitoring (ConMon) processes and ensure successful monthly reviews with ExtraHop and agency stakeholders in order to maintain FedRAMP authorization
Oversee and contribute to the vulnerability management lifecycle: triage, reporting, coordination with system owners, and remediation tracking
Manage the review of vulnerability findings and provide formal written responses for internal and external stakeholders, including customers
Assess and serve as a subject matter expert for regulatory and compliance requirements and best practices for various standards (e.g., CSA STAR, ISO 27001, FISMA, DORA, FINRA, DoDIN APL, NIAP, FIPS, CMMC, IL4/IL5)
Lead gap assessments and facilitate or support audits (including coordinating evidence collection and submission)
Develop and manage a product security compliance roadmap, incorporating input, feedback and data-driven requirements from Sales, Customer Success, Product Management, and R&D organizations; validate the roadmap with executive leadership; coordinate key activities across the organization to achieve roadmap milestones
Collaborate with Product Security and R&D staff to provide responses to customer and pre-sales inquiries about product security and related items
Collaborate with Product Security team members to develop and improve standards, policies, procedures, documentation, and training
Participate in security incident response activities, representing Product Security and R&D leadership in directing the execution of the IR Plan
Other duties as assigned
Field Technology Liaison
Represent Product Security and R&D to engage with prospective and current customers, particularly in the public sector, in partnership with Sales, Customer Success, and Product Management
Provide verbal and written representation of ExtraHop’s product security practices, posture, and compliance
Clarify and negotiate customer requirements regarding security compliance, security capabilities in the product, and related items
As a subject matter expert, educate and guide ExtraHop teams through the customer procurement and implementation journey
Develop goodwill with prospective and current customers and facilitate successful partnerships
Required Qualifications
12+ years of experience in cybersecurity, with a focus on compliance frameworks like FedRAMP, NIST SP800-53, SOC 2 and ISO 27001
5+ years of which should be hands-on experience specifically managing compliance programs, security assessments, or cloud security initiatives
Bachelor's degree in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical or management discipline
Direct experience with the FedRAMP compliance framework, including security control requirements, documentation and assessment methodologies
Technical knowledge of web application security and cloud security, including best practices and controls for cloud-based environments
Proficient with security tools, including vulnerability scanners, ticketing systems (e.g., Jira), compliance reporting platforms, and SIEM tools
Exceptional analytical skills to effectively manage and resolve security and compliance issues
Proven ability to communicate complex security concepts to technical and non-technical audiences
Strong project management skills with the ability to balance compliance initiatives and security operations
Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum
Work cooperatively with others within the organization and other cross-functional stakeholders.
Work well in fast-paced, high-stress environments.
Has predictable, reliable attendance.
The salary range for this role is $220,000 - $240,000 + bonus + benefits