Job Specifications
Artificial Intelligence. Actual Impact.
At Docebo, AI isn’t just a buzzword — it’s how we help teams move faster, perform better, and focus on the work that actually matters. Our learning platform is built with smart, time-saving tools that personalize training, cut the busywork, and make learning feel like less of a chore (and more of a superpower).
We’re building the future of learning, and we’re doing it with a team that loves to challenge the status quo. If you're excited by the idea of using AI to make work-life better for real people — not just in theory — you're in the right place.
Still thinking it over? At Docebo, values aren’t just posters on the wall — they show up in how we work every day. We lead with what we call the Docebo Heart: we trust each other, assume positive intent, and make space for the differences that make our team stronger.
So… what are you waiting for? Join 900+ Docebians around the world and help us reinvent the way people learn.
About This Opportunity:
The Information Systems Security Officer (ISSO) is responsible for safeguarding the confidentiality, integrity, and availability of Docebo’s information assets. This specialized expert role Owns and operates the company’s FedRAMP authorization and maintenance program — end-to-end governance, risk management, continuous monitoring, ATO/ATO-maintenance artifacts, cross-functional coordination, and government/3PAO engagement — to enable and sustain FedRAMP and DoD RMF authorizations required by our customers and contracts. The ISSO ensures compliance with various regulatory frameworks, including FedRAMP, NIST, and DoD guidelines.
Reports to: Sr. Director, Governance, Risk & Compliance
Responsibilities:
Own the FedRAMP/DoD RMF authorization lifecycle for assigned systems (strategy → authorization → continuous monitoring → ATO maintenance)
Define and maintain the FedRAMP program governance model, roles & responsibilities (including Sponsor/Authorizing Official interactions)
Create, own, maintain, and version-control the System Security Plan (SSP), Security Assessment Report (SAR), continuous monitoring (ConMon) artifacts, POA&Ms, SSP annexes, and all ATO package deliverables
Build and run the ConMon program: define telemetry requirements, dashboards, vulnerability ingestion, thresholds, incident feed, and reporting cadence
Triage vulnerabilities, manage POA&Ms (track remediation owners, dates, residual risk), and ensure POA&M closure meets customer and FedRAMP expectations
Lead the selection, engagement, and technical coordination with 3PAOs and any external assessors. Ensure assessments, testing, and SAR content are accurate and timely
Evaluate security impact for architectural or operational changes (Security Impact Analysis), own risk acceptance processes, and coordinate Risk Acceptance with Sponsors/Authorizing Officials
Integrate change control with the ConMon program to ensure authorized/approved changes are documented and do not break control baselines
Act as the primary internal liaison across Product, Engineering, DevOps, Security, Sales, Legal, and Marketing for anything impacting the FedRAMP posture and ATO timelines. Drive working groups and weekly syncs
Support pre-sales and customer conversations on FedRAMP posture and timelines alongside Sales; maintain the relationship with the government Sponsor/Authorizing Official and the FedRAMP PMO as required
Build and manage program timelines (Gantt), identify and mitigate schedule risk, report status to Management and stakeholders, and maintain an issues/risk register for the authorization lifecycle
Develop/update policies, control implementations, and procedures to ensure alignment with FedRAMP Rev (current guidance), NIST SP 800-53/800-37/800-137, and DoD RMF as applicable
Provide training for engineers, product managers, and GRC teams on FedRAMP requirements, evidence collection, secure configuration baselines, and artifacts expectations
Coordinate security incidents affecting FedRAMP-scope systems into the ConMon program and ensure incident reporting/lessons learned are reflected in POA&Ms and governance
Capture lessons learned from audits and assessments, refine processes, and drive automation of evidence collection and control attestations to scale the program
Requirements:
8+ years of experience in information systems security, with a focus on compliance with NIST and DoD guidelines
In-depth knowledge of FedRAMP, NIST SP 800-37, NIST SP 800-53, and DoD 8510.01 policies and procedures
Strong technical writing skills for developing SOPs, work instructions, and senior-level briefs. Proficient in risk and vulnerability assessment, security infrastructure design, and continuous monitoring
Prior experience on obtaining FedRamp ATO
Benefits & Perks
Generous Vacation Policy, plus extra floating holidays to use for religious or cultural events that matter to you
Employee Share Purchase Plan
Career progression/internal mobility opportunities
Four employee resource g
About the Company
Docebo is the world's most powerful learning platform, built for the business of learning. Docebo helps organizations around the world deliver scalable, personalized learning to customers, partners, and employees, driving productivity, engagement, revenue, and growth.
The Docebo platform is stable and intuitive, with innovative technology for content generation, automation, and analytics, along with the industry's most advanced AI capabilities. This enables businesses to create and manage content, effectively train diverse ...
Know more