Information Systems Security Officer (ISSO)

Artificial Intelligence. Actual Impact.At Docebo, AI isn’t just a buzzword — it’s how we help teams move faster, perform better, and focus on the work that actually matters. Our learning platform is built with smart, time-saving tools that personalize training, cut the busywork, and make learning feel like less of a chore (and more of a superpower).We’re building the future of learning, and we’re doing it with a team that loves to challenge the status quo. If you're excited by the idea of using AI to make work-life better for real people — not just in theory — you're in the right place.Still thinking it over? At Docebo, values aren’t just posters on the wall — they show up in how we work every day. We lead with what we call the Docebo Heart: we trust each other, assume positive intent, and make space for the differences that make our team stronger.So… what are you waiting for? Join 900+ Docebians around the world and help us reinvent the way people learn.About This Opportunity:The Information Systems Security Officer (ISSO) is responsible for safeguarding the confidentiality, integrity, and availability of Docebo’s information assets. This specialized expert role Owns and operates the company’s FedRAMP authorization and maintenance program — end-to-end governance, risk management, continuous monitoring, ATO/ATO-maintenance artifacts, cross-functional coordination, and government/3PAO engagement — to enable and sustain FedRAMP and DoD RMF authorizations required by our customers and contracts. The ISSO ensures compliance with various regulatory frameworks, including FedRAMP, NIST, and DoD guidelines.Reports to: Sr. Director, Governance, Risk & ComplianceResponsibilities:Own the FedRAMP/DoD RMF authorization lifecycle for assigned systems (strategy → authorization → continuous monitoring → ATO maintenance)Define and maintain the FedRAMP program governance model, roles & responsibilities (including Sponsor/Authorizing Official interactions)Create, own, maintain, and version-control the System Security Plan (SSP), Security Assessment Report (SAR), continuous monitoring (ConMon) artifacts, POA&Ms, SSP annexes, and all ATO package deliverablesBuild and run the ConMon program: define telemetry requirements, dashboards, vulnerability ingestion, thresholds, incident feed, and reporting cadenceTriage vulnerabilities, manage POA&Ms (track remediation owners, dates, residual risk), and ensure POA&M closure meets customer and FedRAMP expectationsLead the selection, engagement, and technical coordination with 3PAOs and any external assessors. Ensure assessments, testing, and SAR content are accurate and timelyEvaluate security impact for architectural or operational changes (Security Impact Analysis), own risk acceptance processes, and coordinate Risk Acceptance with Sponsors/Authorizing OfficialsIntegrate change control with the ConMon program to ensure authorized/approved changes are documented and do not break control baselinesAct as the primary internal liaison across Product, Engineering, DevOps, Security, Sales, Legal, and Marketing for anything impacting the FedRAMP posture and ATO timelines. Drive working groups and weekly syncsSupport pre-sales and customer conversations on FedRAMP posture and timelines alongside Sales; maintain the relationship with the government Sponsor/Authorizing Official and the FedRAMP PMO as requiredBuild and manage program timelines (Gantt), identify and mitigate schedule risk, report status to Management and stakeholders, and maintain an issues/risk register for the authorization lifecycleDevelop/update policies, control implementations, and procedures to ensure alignment with FedRAMP Rev (current guidance), NIST SP 800-53/800-37/800-137, and DoD RMF as applicableProvide training for engineers, product managers, and GRC teams on FedRAMP requirements, evidence collection, secure configuration baselines, and artifacts expectationsCoordinate security incidents affecting FedRAMP-scope systems into the ConMon program and ensure incident reporting/lessons learned are reflected in POA&Ms and governanceCapture lessons learned from audits and assessments, refine processes, and drive automation of evidence collection and control attestations to scale the programRequirements:8+ years of experience in information systems security, with a focus on compliance with NIST and DoD guidelinesIn-depth knowledge of FedRAMP, NIST SP 800-37, NIST SP 800-53, and DoD 8510.01 policies and proceduresStrong technical writing skills for developing SOPs, work instructions, and senior-level briefs. Proficient in risk and vulnerability assessment, security infrastructure design, and continuous monitoringPrior experience on obtaining FedRamp ATOBenefits & Perks 😍Generous Vacation Policy, plus extra floating holidays to use for religious or cultural events that matter to youEmployee Share Purchase PlanCareer progression/internal mobility opportunitiesFour employee resource groups to get involved with (the Docebo Women's Alliance, PRIDE, BIDOC, and Green Ambassadors)WeWork partnership and “Work from Anywhere” programHybrid Office Model 🏢We believe when people are together, they develop deeper relationships and accelerate innovation. Because of this, all Docebo employees worldwide are “hybrid.” We encourage in-person collaboration while supporting work-from-home when employees need dedicated focus time, allowing Docebians to do their best every day. Each team leader is able to decide how often their teams come into the office, considering the needs of the team and the employee’s needs. Our Talent Acquisition team will let you know about the role you are applying for and the hybrid details during the first interview.About Docebo 💙Here at Docebo, we power learning experiences for over 3000 customers around the world with our easy-to-use, AI-powered Suite designed to close the enterprise learning loop. We have successfully achieved 2 IPOs (TSX: DCBO & NASDAQ: DCBO), been recognized as a Top SaaS e-learning Solution, and are growing exponentially in the process.Docebo is a global company with offices in North America, EMEA, APAC and more. Our people believe in six core values, simply defined and manifested in everything we do - Innovation, Simplicity, Accountability, Togetherness, Curiosity, and Impact. If this sounds like you, now is your time to join one of the fastest-growing learning technology companies on the market. Apply today!Docebo is an Equal Employment Opportunity employer. We are committed to diversity and inclusion in our workforce. All qualified applicants and employees will receive consideration for employment regardless of their race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, citizenship status, age, disability, genetic information, or any other category protected under applicable law.Any individuals requiring a reasonable accommodation to assist with their job search or application for employment should send an e-mail to recruiting_accommodations(at) docebo.com. The e-mail should include a description of the requested accommodation and the position you’re applying for or interested in.We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.