Staff Compliance Analyst - Federal

<div class="content-intro"><p><span style="color: #000000;"><strong>Get to know Okta<br><br></strong></span>Okta is The World’s Identity Company. We free everyone to safely use any technology, anywhere, on any device or app. Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secure access, authentication, and automation, placing identity at the core of business security and growth.<br><br>At Okta, we celebrate a variety of perspectives and experiences. We are not looking for someone who checks every single box - we’re looking for lifelong learners and people who can make us better with their unique experiences. <br><br>Join our team! We’re building a world where Identity belongs to you.</p></div><div class="SingleJob-content"> <h4><strong>Position Overview</strong></h4> <p>As a <strong>Staff Federal Security Compliance Analyst </strong>on the Federal Security and Compliance team, you will serve as a lead of our compliance strategy. Your mission is to safeguard and strengthen our position as a leading Identity-as-a-Service (IDaaS) provider for the public sector.</p> <p>In this staff-level role, you are not just a practitioner but a strategic leader who bridges the gap between engineering, product, and federal regulatory bodies. You will drive the maintenance of our FedRAMP and DoD (IL4/IL5) authorizations, lead complex audits, and mentor junior analysts to ensure a security-first culture.</p> <h4><strong>Job Duties and Responsibilities</strong></h4> <p><em>The responsibilities listed below represent the core functions of this role. While a Staff Analyst is expected to have the capability to lead across all areas, the daily focus will typically involve a dynamic combination of these duties based on current mission priorities and team needs:</em></p> <ul> <li>Strategic Audit Leadership: Lead end-to-end FedRAMP and DoD audits, serving as the primary point of contact for external 3PAOs and government agencies.</li> <li>Continuous Monitoring Strategy: Oversee and evolve the continuous monitoring (ConMon) program. Design sophisticated reporting mechanisms for vulnerability management and risk posture for executive leadership.</li> <li>Engineering Advisory: Act as a senior consultant to Engineering and Product teams, translating complex NIST 800-53 requirements into actionable technical specifications for cloud-native environments.</li> <li>Impact Assessment Risk Management: Lead the assessment of high-impact changes to federal systems. Ensure that system evolutions maintain a rigorous security posture without sacrificing innovation.</li> <li>Cross-Functional Alignment: Drive synchronization between GRC, Security, Marketing, Sales, Engineering, and Product to ensure federal requirements are integrated into the broader corporate roadmap.</li> <li>Programmatic Gap Analysis: Proactively identify and lead initiatives to close gaps between current capabilities and future regulatory requirements (e.g., emerging NIST standards, new DoD mandates, or IL6 requirements).</li> <li>Evidence Automation FedRAMP 20x Readiness: Drive the build-out and support of automated evidence collection and control validation. Lead the transition toward "FedRAMP 2.0" standards (including OSCAL integration), defining and monitoring Key Security Indicators (KSIs) to provide real-time compliance visibility.</li> </ul> <h4><strong>Minimum Required Knowledge, Skills, and Abilities</strong></h4> <ul> <li>Education: Bachelor’s degree in Computer Science, MIS, Cybersecurity, or a related technical field.</li> <li>Experience: 7+ years of experience in security compliance, with at least 4-5 years specifically focused on the FedRAMP/NIST 800-53 framework.</li> <li>Automation Compliance Engineering: Demonstrated experience with automation tools or scripting (e.g., Python, Go, or SQL) for automated evidence collection. Familiarity with API-based control validation and OSCAL-based tooling (e.g., Trestle, LULA, or similar GRC automation frameworks).</l ... (truncated, view full listing at source)