Senior Program Manager

Summary

Join MongoDB's security team as a Program Manager - Governance, Risk, and Compliance! This role involves analyzing, documenting, and monitoring the risk and compliance posture of our programs, aligning with multiple compliance frameworks to support customer needs. You will create and maintain compliance documentation, liaise with stakeholders, prepare data for analysis and reporting, and provide general administrative support. The ideal candidate has experience with document and data handling, general administration, and change management. Familiarity with public sector Information Security frameworks is a plus. This role supports building an internal compliance program and scaling MongoDB to meet customer demands. This position offers significant growth potential and can be based remotely in the Central or Eastern time zones.

Requirements

• Bachelor's degree or equivalent practical experience
• Possess a practical understanding of cloud security compliance, risk management, information security principles, including a working knowledge of cloud controls and environments
• Experience with security and major compliance standards such as ISO 27001, SOC 2, PCI NIST 800-53
• Possess extensive experience in internal governance, risk, and compliance functions, along with a deep understanding of policies, procedures, and governance frameworks within highly regulated industries
• Practical experience performing gap analysis, maturity assessments, and risk assessments
• Experience managing projects and work streams at the enterprise level
• Experience implementing compliance technology and associated tools
• Ability to engage organizational levels simultaneously, leading to solutions/sustainable programs
• Knowledge of compliance and regulatory processes, including aligning policies to regulatory and business requirements
• Demonstrate an exceptional level of attention to detail coupled with strong organizational skills
• Possess strong presentation building, communication, analytical, diagnostic, and critical thinking skills
• Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences
• Demonstrate an adept skill in navigating uncertainties and formulating clear plan of actions
• Take proactive ownership of tasks and autonomously drive them to successful completion

Responsibilities

• Assist with the development of the annual roadmap, including communicating timelines, managing dependencies, and coordinating resource requirements
• Manage program timelines and proactively communicate obstacles that may impact milestones and key delivery dates
• Facilitate productive meetings by developing goal-oriented agendas, documenting meeting minutes, and following up on action items in a timely manner
• Lead engagements with external auditors by scheduling meetings, drafting relevant communications, and reporting on assessment results
• Lead compliance efforts ensure compliance with various frameworks, FedRAMP High, IL-4 & IL-5
• Support assessment activities to achieve and/or maintain compliance certifications or evaluate the system for potential sponsors, 3PAO and PMO
• Plan, schedule, and perform internal gap analyses and maturity assessments
• Manage findings and coordinate remediation efforts for both internal and external audits
• Analyze program data to develop informative presentations for communicating performance metrics to Governance, Risk, and Compliance stakeholders
• Utilize ticketing systems and workflows to monitor internal Governance, Risk, and Compliance activities to maintain project timelines and objectives
• Develop, update, and maintain documentation for MongoDB’s public sector cloud customers
• Provide guidance and training to team members
• Educate employees on cybersecurity best practices and compliance requirements
• Address inquiries regarding security attestations and compliance
• Act as a trusted advisor to stakeholders and customers, providing insights into risk strategies, compliance requirements, and mitigation plans
• Guide stakeholders through regulatory landscapes, ensuring adherence to security standards

Preferred Qualifications

• Experience with FedRAMP revision 5 Moderate, experience with FedRAMP High, IL-4, and IL-5 frameworks is a plus
• Experience working with Jira
• Experience reviewing and editing SSPs, IRPs, ISCPs, and other FedRAMP related documentation
• Process, metrics and dashboard reporting
• Drafting communications
• Drafting meeting minutes
• Rollout of information security training and awareness program
• Project management support and reporting
• An understanding of the common and fundamental project management processes e.g. scoping, planning, risk management, change control, communication etc

Benefits

• Flexible paid time off
• 20 weeks fully-paid gender-neutral parental leave
• Fertility and adoption assistance
• 401(k) plan
• Mental health counseling
• Access to transgender-inclusive health insurance coverage
• Health benefits offerings