Security Program Manager, AI Assurance

About The Position

Requirements

• 5+ years of experience in security, risk, audit, or compliance roles within cloud-based or highly regulated environments (e.g., SaaS, financial services).
• Working knowledge and experience supporting security certifications and regulatory audits (e.g., SOC 2, ISO 27001, PCI-DSS, SOX), including control documentation, testing, evidence collection, and auditor coordination.
• Experience contributing to risk management and/or third-party risk programs, including performing risk assessments, maintaining risk documentation, or evaluating vendor security controls.
• Strong written and verbal communication skills, and demonstrated ability to collaborate across technical and non-technical teams and clearly explain security and compliance requirements, including emerging areas such as AI governance.
• Experience managing time-bound workstreams in fast-paced environments, and serve as a subject matter expert on evolving compliance and emerging risk areas, including AI governance considerations.

Nice To Haves

• Experience in AI/ML-driven environments, with an understanding of security and risk considerations related to model development, training data, and deployment pipelines.
• Background in high-growth technology companies where compliance programs needed to scale quickly to support new products, markets, or regulatory requirements.
• Exposure to automation in security and compliance processes, including implementing or supporting programmatic control enforcement (“compliance as code”).
• Relevant professional certifications such as CISA, CRISC, CISM, CISSP

Responsibilities

• Lead and support security and compliance programs to achieve and maintain key certifications and attestations (e.g., SOC 2, ISO 27001, PCI-DSS, SOX, ISO 42001, AIUC-1), while building scalable processes to support future framework expansion and geographic growth.
• Partner cross-functionally with Product, Engineering, IT, Finance, Legal, People, and Go-to-Market teams to translate regulatory, customer, and emerging requirements (including AI governance considerations) into practical, actionable controls.
• Support the design, implementation, and monitoring of IT General Controls (ITGCs), automated controls, and financial system governance processes, including access management, change management, and configuration oversight.
• Support and lead audit and assurance activities, including planning and coordination with external auditors and independent assessors, conducting control walkthroughs, managing evidence collection, and maintaining audit-ready documentation.
• Strengthen customer assurance programs by evaluating vendor security practices, responding to customer due diligence requests, and identifying opportunities for automation and continuous monitoring within GRC workflows.
• Build scalable audit management processes and documentation systems that will support future expansion to additional geographies and compliance frameworks

Benefits

• 100% medical, dental & vision insurance coverage for you
• Partially covered for your dependents
• One Medical annual membership
• 401k (including employer match on contributions made while employed by Ramp)
• Flexible PTO
• Fertility HRA (up to $10,000 per year)
• Parental Leave
• Unlimited AI token usage
• Pet insurance
• Centralized home-office equipment ordering for all employees
• Health and Wellness stipend
• In-office perks: lunch, snacks, drinks, and more
• Budget for intra-office travel
• Relocation support to NYC or SF (as needed)