Description

You will lead the execution and delivery of GovRAMP, StateRAMP, and FedRAMP compliance programs, planning, coordinating, and driving authorization and continuous monitoring activities across engineering, cloud operations, security, and IT teams. Your role ensures on-time delivery with quality, enabling Security leadership to focus on strategy.

Requirements

• 5+ years in program management, ideally supporting compliance, security, or regulatory initiatives
• Experience with GovRAMP, StateRAMP, FedRAMP, or closely related frameworks (FedRAMP Moderate preferred)
• Strong understanding of NIST SP 800-53 concepts (implementation knowledge required; deep policy writing not required)
• Demonstrated ability to manage cross-functional global teams
• Experience coordinating audits, assessments, or external reviews
• Excellent written and verbal communication skills for US stakeholders
• Program planning and execution rigor
• Stakeholder management across time zones
• Clear escalation and decision framing
• Strong documentation and tracking discipline
• Delivery-oriented mindset with attention to audit detail

Responsibilities

• Own the end-to-end program plan for GovRAMP, StateRAMP, and/or FedRAMP initiatives
• Develop and maintain detailed schedules, milestones, dependency tracking, and risk registers
• Drive accountability across Security, Engineering, Cloud Ops, Product, and IT
• Coordinate authorization activities including readiness assessments, gap remediation, 3PAO/assessor engagement, authorization reviews, and continuous monitoring
• Manage production, review, and lifecycle of core authorization artifacts (SSP, control narratives, system boundary diagrams, inventories)
• Serve as program coordination point for assessors and 3PAOs; schedule walkthroughs, evidence reviews, and interviews
• Own POA&M tracking and delivery process; work with engineering and operations teams to define milestones, track progress, validate closure, escalate risks
• Operationalize monthly and quarterly continuous monitoring cadence; track vulnerability management, patching, access reviews, logging, and attestations