Job Description:
• Lead all aspects of the compliance lifecycle across multiple public sector frameworks (e.g., FedRAMP, GovRAMP), including risk assessments, continuous monitoring, audits, and authorization management
• Drive complex cross-functional program management efforts involving teams across security, legal, engineering, infrastructure, and product functions.
• Serve as a subject matter expert on risk management and regulatory compliance for federal, state, and local government environments.
• Develop and maintain comprehensive security documentation aligned with applicable frameworks, including System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and data flow diagrams.
• Monitor compliance with control requirements (e.g., NIST 800-53, GovRAMP Baselines) and coordinate the implementation of technical and procedural safeguards.
• Engage with third-party assessors (3PAOs or independent assessors), government sponsors, and internal teams to support assessments and audits.
• Lead readiness assessments and support the prioritization of remediation activities across teams.
• Manage timely tracking and closure of vulnerabilities and findings; ensure reporting and documentation obligations are met.
• Provide risk-informed compliance recommendations that influence infrastructure and product development decisions.
• Collaborate with legal and government affairs teams to ensure compliance with emerging federal and state regulatory requirements.
• Stay informed on evolving threats, compliance trends, and guidance updates across FedRAMP, GovRAMP, NIST, and other frameworks.
Requirements:
• 5+ years of experience in information security or compliance, with a focus on government and public sector regulatory frameworks (e.g., FedRAMP, GovRAMP, FISMA, NIST RMF).
• Knowledge of NIST SP 800-53 and experience mapping controls across frameworks.
• Experience with cloud environments like AWS GovCloud or Azure Government, including implementation of compliant architectures.
• Proven ability to manage large-scale compliance programs across diverse stakeholder groups.
• Demonstrated success developing and maintaining regulatory documentation and audit evidence.
• Experience leading engagements with internal teams, assessors, and government partners.
• Strong written and verbal communication skills, including translating between technical and executive audiences.
• Excellent organizational skills and the ability to manage multiple initiatives with competing priorities.
• Self-starter with strong problem-solving abilities in ambiguous, fast-moving environments.
Benefits:
• 100% medical, dental & vision insurance coverage for you
• Partially covered for your dependents
• One Medical annual membership
• 401k (including employer match on contributions made while employed by Ramp)
• Flexible PTO
• Fertility HRA (up to $10,000 per year)
• Parental Leave
• Unlimited AI token usage
• Pet insurance
• Centralized home-office equipment ordering for all employees
• Health and Wellness stipend
• In-office perks: lunch, snacks, drinks, and more
• Budget for intra-office travel
• Relocation support to NYC or SF (as needed)