Description

Introduction

At IBM Software, we transform client challenges into solutions. Building the world's leading AI-powered, cloud-native products that shape the future of business and society. Our legacy of innovation creates endless opportunities for IBMers to learn, grow, and make an impact on a global scale. Working in Software means joining a team fueled by curiosity and collaboration. You'll work with diverse technologies, partners, and industries to design, develop, and deliver solutions that power digital transformation. With a culture that values innovation, growth, and continuous learning, IBM Software places you at the heart of IBM's product and technology landscape. Here, you'll have the tools and opportunities to advance your career while creating software that changes the world.

Your role and responsibilities

1. Leadership & People Management
   • Lead the Security GRC program for Apptio's Commercial, FedRAMP, and DoD offerings within IBM Software GRC.
   • Manage, coach, and develop a high-performing team; set goals, prioritize work, and provide continuous feedback.
   • Oversee additional team members in performing routine activities (evidence collection, access reviews, ticket triage, control run-books), ensuring quality and timeliness.
   • Communicate program status, audit outcomes, key risks, POA&M progress, and control maturity to IBM Software leadership through dashboards and executive briefings.
2. ISSO Responsibilities (FedRAMP & DoD)
   • Serve as ISSO for Apptio's FedRAMP Moderate and DoD IL systems; steward the security authorization boundary and control inheritance.
   • Own and maintain SSP, POA&M, Continuous Monitoring Plan, Configuration Management Plan, Incident Response Plan, and other required artifacts.
   • Review and approve security-relevant changes; ensure security impact analyses are performed prior to implementation.
   • Coordinate annual assessments with the 3PAO and interface with government Authorizing Officials and stakeholders as required.
3. Continuous Monitoring Oversight (FedRAMP & DoD)
   • Provide governance oversight of Continuous Monitoring (ConMon) activities performed by platform, SRE, vulnerability management, and other partner teams.
   • Define and monitor SLAs/SLOs for scanning cadence, patch timelines, configuration baseline drift, account reviews, and log/alert review frequency.
   • Ensure monthly/quarterly ConMon submissions are complete, accurate, and timely (vulnerability scans, inventory, POA&M updates, plans of action closures).
   • Consolidate ConMon evidence, validate control effectiveness, and escalate risks; drive remediation and risk acceptance decisions.
   • Track metrics (e.g., mean time to remediate, findings of aging, control exceptions) and lead operational reviews with accountable owners.
4. Engineering & Change Management Engagement (FedRAMP Environment)
   • Engage directly with respective engineering and platform teams to plan and execute audit/compliance activities within the FedRAMP environment.
   • Embed security-by-design guidance in engineering backlogs; ensure user stories map to required controls and evidence.
   • Partner on secure change management: perform security impact analyses, maintain control traceability, and verify completion of pre/post-implementation validation.
   • Facilitate control walkthroughs, tabletop exercises, and technical deep-dives for auditors and assessors with engineering SMEs.
5. Governance, Risk & Compliance (Commercial + Federal)
   • Oversee compliance programs for SOC 2, ISO 27001, PCI-DSS, HIPAA, data privacy, and internal IBM standards.
   • Establish and maintain unified control mappings to reduce duplication across frameworks and environments.
   • Maintain risk registers, track exceptions, and manage corrective action plans to closure.
   • Implement automation and tooling for evidence management, control validation, and reporting where feasible.
6. Audit & Assessment Management
   • Direct internal and external assessments (SOC 2, ISO 27001, PCI-DSS, HIPAA, FedRAMP) and customer due diligence.
   • Serve as primary contact for 3PAOs, external auditors, internal audit, and customer assurance teams.
   • Oversee evidence collection, control testing, documentation completeness, and timely remediation.
   • Validate control design and operating effectiveness; drive sustainable corrective actions.
7. Business Continuity & Disaster Recovery (BCDR)
   • Oversee development, maintenance, and periodic testing of BCDR plans for Apptio SaaS offerings.
   • Document test results, lessons learned, and corrective actions; ensure alignment with regulatory requirements and IBM standards.
8. Policy, Documentation & Reporting
   • Maintain high-quality policy documents, standards, procedures, SSPs, and audit artifacts.
   • Produce leadership reports on compliance status, risk posture, audit outcomes, and ConMon metrics.
   • Ensure documentation quality, versioning, and approvals meet federal and IBM Software GRC requirements.

Required education

High School Diploma/GED

Preferred education

Bachelor's Degree

Required technical and professional expertise

• Extensive experience in Information Security, GRC, or IT Audit with experience in FedRAMP Moderate, NIST SP 800-53, SOC 2, ISO 27001, PCI-DSS, and HIPAA.
• Hands-on experience with external audits, customer assessments, and collaboration with 3PAOs.
• Strong communication skills with the ability to tailor content for executives, engineers, and auditors.
• Ability to work hybrid onsite in Austin, TX, or Washington, DC, with up to 10% travel.

Preferred technical and professional experience

• Prior ISSO experience for FedRAMP or DoD cloud environments.
• Professional certifications: CISA, CRISC, CISSP, CCSP, CISM, CIA.
• Experience with automated GRC and compliance orchestration tools and dashboards.

ABOUT BUSINESS UNIT

IBM Software infuses core business operations with intelligence—from machine learning to generative AI—to help make organizations more responsive, productive, and resilient. IBM Software helps clients put AI into action now to create real value with trust, speed, and confidence across digital labor, IT automation, application modernization, security, and sustainability. Critical to this is the ability to make use of all data, because AI is only as good as the data that fuels it. In most organizations data is spread across multiple clouds, on premises, in private datacenters, and at the edge. IBM's AI and data platform scales and accelerates the impact of AI with trusted data, and provides leading capabilities to train, tune and deploy AI across business. IBM's hybrid cloud platform is one of the most comprehensive and consistent approach to development, security, and operations across hybrid environments—a flexible foundation for leveraging data, wherever it resides, to extend AI deep into a business.

YOUR LIFE @ IBM

In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.

Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.

Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.

Are you ready to be an IBMer?

ABOUT IBM

IBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.

Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 500 companies relying on the IBM Cloud to run their business.

At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.

IBM is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

OTHER RELEVANT JOB DETAILS

IBM offers a competitive and comprehensive benefits program. Eligible employees may have access to:

- Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being

- Financial programs such as 401(k), cash balance pension plan, the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long- term disability coverage, and opportunities for performance based salary incentive programs

- Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. IBM also offers paid family leave benefits to eligible employees where required by applicable law

- Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals

- Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences

We consider qualified applicants with criminal histories, consistent with applicable law.

This position was posted on the date cited in the key job details section and is anticipated to remain posted for 21 days from this date or less if not needed to fill the role.

US Citizenship Required.

The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year.

Job Title

Manager, Security Risk & Compliance.

Date posted

19-Mar-2026

Job ID

99601

City / Township / Village

Austin

State / Province

Texas, Washington

Country

United States

Work arrangement

Hybrid

Area of work

Security

Employment type

Regular

Contract type

Regular

Projected Minimum Salary per year

114,000.00

Projected Maximum Salary per year

196,000.00

Position type

Professional

Travel required

Some travel may be required based on business demand

Company

(0147) International Business Machines Corporation

Shift

General (daytime)

Is this role a commissionable/sales incentive based position?

No



erp5z7ybl