Senior Security Program Manager

Summary

Join Ramp as a Senior Security Program Manager, Public Sector and lead the enhancement of our organization’s adherence to U.S. government cybersecurity risk management frameworks like FedRAMP and GovRAMP. Guide compliance strategies for public sector initiatives, working cross-functionally to ensure effective security practices and successful authorizations. Serve as a subject matter expert on risk management and regulatory compliance for government environments. Develop and maintain comprehensive security documentation aligned with applicable frameworks. Monitor compliance with control requirements and coordinate the implementation of technical and procedural safeguards. Engage with third-party assessors and internal teams to support assessments and audits. Lead readiness assessments and support the prioritization of remediation activities. Manage timely tracking and closure of vulnerabilities and findings, ensuring reporting and documentation obligations are met. Provide risk-informed compliance recommendations influencing infrastructure and product development decisions. Collaborate with legal and government affairs teams to ensure compliance with emerging regulatory requirements. Stay informed on evolving threats, compliance trends, and guidance updates across relevant frameworks.

Requirements

• 5+ years of experience in information security or compliance, with a focus on government and public sector regulatory frameworks (e.g., FedRAMP, GovRAMP, FISMA, NIST RMF)
• Knowledge of NIST SP 800-53 and experience mapping controls across frameworks
• Experience with cloud environments like AWS GovCloud or Azure Government, including implementation of compliant architectures
• Proven ability to manage large-scale compliance programs across diverse stakeholder groups
• Demonstrated success developing and maintaining regulatory documentation and audit evidence
• Experience leading engagements with internal teams, assessors, and government partners
• Strong written and verbal communication skills, including translating between technical and executive audiences
• Excellent organizational skills and the ability to manage multiple initiatives with competing priorities
• Self-starter with strong problem-solving abilities in ambiguous, fast-moving environments

Responsibilities

• Lead all aspects of the compliance lifecycle across multiple public sector frameworks (e.g., FedRAMP, GovRAMP), including risk assessments, continuous monitoring, audits, and authorization management
• Drive complex cross-functional program management efforts involving teams across security, legal, engineering, infrastructure, and product functions
• Serve as a subject matter expert on risk management and regulatory compliance for federal, state, and local government environments
• Develop and maintain comprehensive security documentation aligned with applicable frameworks, including System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and data flow diagrams
• Monitor compliance with control requirements (e.g., NIST 800-53, GovRAMP Baselines) and coordinate the implementation of technical and procedural safeguards
• Engage with third-party assessors (3PAOs or independent assessors), government sponsors, and internal teams to support assessments and audits
• Lead readiness assessments and support the prioritization of remediation activities across teams
• Manage timely tracking and closure of vulnerabilities and findings; ensure reporting and documentation obligations are met
• Provide risk-informed compliance recommendations that influence infrastructure and product development decisions
• Collaborate with legal and government affairs teams to ensure compliance with emerging federal and state regulatory requirements
• Stay informed on evolving threats, compliance trends, and guidance updates across FedRAMP, GovRAMP, NIST, and other frameworks

Preferred Qualifications

• Relevant certifications: CISSP, CISA, CRISC, CCAK, CGRC (formerly CAP)
• Experience with automation platforms for GRC and security monitoring (e.g., Wiz, Paramify)
• Familiarity with other public sector compliance programs (CJIS, IRS 1075, DoD IL5, etc.)
• Experience supporting product or infrastructure teams through ATO processes
• Leadership experience or management of small security/GRC teams

Benefits

• 100% medical, dental & vision insurance coverage for you
• Partially covered for your dependents
• One Medical annual membership
• 401k (including employer match on contributions made while employed by Ramp)
• Flexible PTO
• Fertility HRA (up to $5,000 per year)
• WFH stipend to support your home office needs
• Wellness stipend
• Parental Leave
• Relocation support to NYC or SF
• Pet insurance