RAMP Program Manager

About The Position

Requirements

• 5+ years’ experience in program management, ideally supporting compliance, security, or regulatory initiatives
• Experience working with GovRAMP, StateRAMP, FedRAMP, or closely related frameworks (FedRAMP Moderate preferred)
• Strong understanding of NIST SP 800‑53 concepts (implementation knowledge required; deep policy writing not required)
• Demonstrated ability to manage cross‑functional global teams
• Experience coordinating audits, assessments, or external reviews
• Excellent written and verbal communication skills for US stakeholders
• Program planning and execution rigor
• Stakeholder management across time zones
• Clear escalation and decision framing
• Strong documentation and tracking discipline
• Delivery‑oriented mindset with attention to audit detail

Nice To Haves

• Experience with HIPAA, HITRUST and SOC2 compliance
• Prior experience working with US auditors or 3PAOs
• SaaS, cloud, or data‑platform environment experience
• Familiarity with AWS and/or Azure environments (Gov or commercial)
• Experience using Jira, Confluence, and GRC platforms (Hyperproof, Archer, etc.)
• Previous experience supporting US public‑sector customers.

Responsibilities

• Own the end‑to‑end program plan for GovRAMP, StateRAMP, and/or FedRAMP initiatives
• Develop and maintain detailed schedules, milestones, dependency tracking, and risk registers
• Drive accountability across Security, Engineering, Cloud Ops, Product, and IT
• Coordinate authorization activities across:
• Readiness assessments
• Gap remediation
• 3PAO / assessor engagement
• Authorization reviews
• Continuous monitoring operations
• Ensure adoption of NIST SP 800‑53 Rev. 5 control requirements as executable work items
• Manage the production, review, and lifecycle of core authorization artifacts, including:
• System Security Plan (SSP)
• Control narratives
• System boundary and data‑flow diagrams
• Inventories and tracking artifacts
• Ensure evidence ownership, refresh cadence, and quality standards are consistently met
• Serve as the program coordination point for assessors and 3PAOs
• Schedule and manage walkthroughs, evidence reviews, and interviews
• Partner with US‑based leadership during assessments, findings reviews, and status reporting
• Own the POA&M tracking and delivery process
• Work with engineering and operations teams to:
• Define remediation milestones
• Track progress
• Validate closure evidence
• Escalate risks early and propose mitigation plans
• Operationalize monthly and quarterly continuous monitoring cadence
• Track vulnerability management, patching, access reviews, logging, and required attestations
• Ensure ongoing compliance stability post‑authorization

Benefits

• Unlimited paid time off – recharge when you need it
• Work from anywhere – flexibility to fit your life
• Comprehensive health coverage – multiple plan options to choose from
• Equity for every employee – share in our success
• Growth-focused environment – your development matters here
• Home office setup allowance – one-time support to get you started
• Monthly cell phone allowance – stay connected with ease