FedRAMP Senior Compliance Analyst

WalkMe, an SAP company, pioneered the Digital Adoption Platform (DAP) to enable business leaders to fully harness technology in today's complex digital landscape. By leveraging WalkMe's features—guidance, engagement, insights, and automation—employees boost efficiency, executives gain greater visibility into digital usage, and organizations maximize their digital assets, driving successful digital transformation.

Together, SAP and WalkMe form a powerful partnership that revolutionizes the digital transformation journey. This collaboration allows businesses to unlock the full potential of SAP's robust ERP solutions while seamlessly enhancing user experience and productivity with WalkMe's intuitive digital adoption platform.

WalkMe is seeking a FedRAMP Senior Compliance Analyst to lead and mature our public-sector FedRAMP program, currently in Ready status, with the goal of achieving full Authorization (ATO) and maintaining Continuous Monitoring. This role involves authoring policies,  maintaining FedRAMP documentation, coordinating evidence across engineering teams, collaborating with FedRAMP advisors and auditors to ensure successful assessments and renewals, and serving as the FedRAMP compliance focal point for R&D where U.S. citizenship is required for hands-on system operations. This position is ideal for a self-starter with a can-do attitude, strong English communication skills (oral and written) and a technical background who excels at translating NIST controls into practical engineering outcomes.

As this role will support our Federal business, US Citizenship is required.

Hybrid role - 2 days a week in our SAP NYC office

What You'll Own

• Own the FedRAMP RMF lifecycle, including defining/maintaining the authorization boundary, driving control implementation evidence, writing and reviewing the System Security Plan (SSP), and managing System Assessment Plan (SAP)/System Assessment Report (SAR), Plan of Action & Milestones (POA&M), and Continuous Monitoring submissions.
• Author and maintain security and compliance policies, standards, and procedures, aligning with NIST 800-53r5 and organizational standards.
• Drive vulnerability management, including vulnerability scanning, patching cadence enforcement, and tracking remediation.
• Liaise with external FedRAMP advisors/3PAO and authorizing stakeholders, scheduling walkthroughs, coordinating requests, and resolving findings.
• Serve as the U.S. citizenship compliance focal point for technical operations in the FedRAMP production environment.
• Collaborate with Security (GRC/AppSec/IR), Cloud Engineering/SRE, and IT teams to operationalize NIST 800-53 Rev. 5 controls and ensure traceable evidence.
• Influence engineering best practices by embedding security and compliance requirements into CI/CD pipelines, IaC, and operational processes.
• Report program status, risks, and metrics to the GRC Lead/CISO, and prepare materials for audits, renewals, and leadership reviews.
• Strong English communication skills (oral and written), with the ability to author clear policies, technical documentation, and reports.
• Positive, can-do attitude with proven ability to take ownership and drive complex initiatives to completion.
• Standard U.S. time-zone collaboration is expected, with occasional meetings with external auditors/advisors.

What You Need to Succeed

• Minimum 7 years of compliance experience in FedRAMP
• Prior experience leading a FedRAMP Authorization to Operate (ATO) or renewal, including preparing for agency or JAB authorization
• Prior, hands-on FedRAMP experience in documentation, RMF, POA&M management, Continuous Monitoring, and FIPS-validated cryptography (FIPS 140-3)
• Strong working knowledge of NIST 800-53r5 and RMF (NIST 800-37), with the ability to map technical controls to evidence
• Demonstrated ability to author policies, review SSPs and collaborate effectively with 3PAOs/advisors and engineering teams
• Excellent documentation, communication, and stakeholder management skills
• U.S. citizenship (required due to federal program requirements)
• Positive, can-do attitude with a collaborative approach, and proven ability to take ownership and drive complex initiatives to completion.

What Sets Us Apart

• At WalkMe, we are dedicated to building a workforce that reflects the diversity of our global community and clients we serve through inclusive programs and initiatives including equal pay, employee resource groups, holistic benefits and more.  We are committed to fostering an inclusive culture which celebrates the unique experiences and perspectives each Team Member brings to the workplace.
• Hybrid Work Arrangement: We offer a hybrid work schedule to perfectly combine the benefits of remote work and the essential connections and collaborations of onsite work.
• Supportive Culture: We focus on the whole person, celebrating what makes us unique, and create space for community.
• Professional Development: We encourage continuous learning and offer opportunities for career development through our career compass offering.
• Stay healthy and happy with View email address on swooped.co! Enjoy quarterly wellness reimbursements, daily BrightBreaks to recharge, and WalkMe’s annual Wellness Month every July—because your well-being matters all year long.
• WalkMe provides health coverage options, where applicable, to ensure employees have access to essential medical benefits. Our offerings are designed to support the well-being and diverse needs of our global workforce.
• WalkMe offers a generous annual leave policy tailored to meet regional standards, ensuring all employees enjoy sufficient time off to rest and recharge.
• WalkMe offers RefreshMe Days throughout the year to further strengthen our commitment to work/life balance.
• Robust Retirement Contributions: Ask HR about the specific offerings for your region!
• SAP's acquisition of WalkMe highlights a commitment to enhancing user experience and streamlining software interactions, offering opportunities to work with cutting-edge technology that drives efficiency and innovation in the workplace.

Nice to have

• Exposure to AWS/Azure/GCP (GovCloud experience a plus), Kubernetes, Terraform, CI/CD, logging/monitoring (Splunk, CloudWatch, ELK, Datadog)
• Familiarity with NIST 800-171/172, ISO 27001, SOC 2, vulnerability management practices, and security testing (BC/DR, IR exercises)
• Experience with GRC/evidence tools (e.g., Jira/Confluence, ServiceNow, Drata/Vanta/Archer/OneTrust)
• Prior SaaS/public-sector or enterprise compliance experience.

Our job titles may span more than one career level. The base salary for this position is between $100,000-$130,000. The actual base pay is dependent upon many factors, such as: location, training, transferable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future. This role may also be eligible for bonus and benefits as part of our competitive total rewards package.

At WalkMe, we approach Diversity, Equity and Inclusion (DEI) with the same level of collaboration, innovation and accountability that we bring to the rest of our business. We believe in the value of diversity and are committed to ensuring an equitable and inclusive workplace where every employee has an equal opportunity to achieve success.

WalkMe does not discriminate. If a candidate requires a reasonable accommodation to complete a job application, pre-employment testing, or a job interview or to otherwise participate in the hiring process, please contact your Talent Acquisition partner immediately.

TO ALL RECRUITMENT AGENCIES: WalkMe does not accept agency resumes. Please do not forward resumes to WalkMe employees or any other company location. WalkMe is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company that does not have a signed agreement with the Company for this specific role.