Lead all aspects of the compliance lifecycle across multiple public sector frameworks (e.g., FedRAMP, GovRAMP), including risk assessments, continuous monitoring, audits, and authorization management
Drive complex cross-functional program management efforts involving teams across security, legal, engineering, infrastructure, and product functions.
Serve as a subject matter expert on risk management and regulatory compliance for federal, state, and local government environments.
Develop and maintain comprehensive security documentation aligned with applicable frameworks, including System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and data flow diagrams.
Monitor compliance with control requirements (e.g., NIST 800-53, GovRAMP Baselines) and coordinate the implementation of technical and procedural safeguards.
Engage with third-party assessors (3PAOs or independent assessors), government sponsors, and internal teams to support assessments and audits.
Lead readiness assessments and support the prioritization of remediation activities across teams.
Manage timely tracking and closure of vulnerabilities and findings; ensure reporting and documentation obligations are met.
Provide risk-informed compliance recommendations that influence infrastructure and product development decisions.
Collaborate with legal and government affairs teams to ensure compliance with emerging federal and state regulatory requirements.
Stay informed on evolving threats, compliance trends, and guidance updates across FedRAMP, GovRAMP, NIST, and other frameworks.

Requirements

5+ years of experience in information security or compliance, with a focus on government and public sector regulatory frameworks (e.g., FedRAMP, GovRAMP, FISMA, NIST RMF).
Knowledge of NIST SP 800-53 and experience mapping controls across frameworks.
Experience with cloud environments like AWS GovCloud or Azure Government, including implementation of compliant architectures.
Proven ability to manage large-scale compliance programs across diverse stakeholder groups.
Demonstrated success developing and maintaining regulatory documentation and audit evidence.
Experience leading engagements with internal teams, assessors, and government partners.
Strong written and verbal communication skills, including translating between technical and executive audiences.
Excellent organizational skills and the ability to manage multiple initiatives with competing priorities.
Self-starter with strong problem-solving abilities in ambiguous, fast-moving environments.

Benefits

100% medical, dental & vision insurance coverage for you
Partially covered for your dependents
One Medical annual membership
401k (including employer match on contributions made while employed by Ramp)
Flexible PTO
Fertility HRA (up to $10,000 per year)
Parental Leave
Unlimited AI token usage
Pet insurance
Centralized home-office equipment ordering for all employees
Health and Wellness stipend
In-office perks: lunch, snacks, drinks, and more
Budget for intra-office travel
Relocation support to NYC or SF (as needed)

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

risk assessmentscontinuous monitoringauditsauthorization managementSystem Security Plans (SSPs)Security Assessment Reports (SARs)POA&Msdata flow diagramsNIST 800-53compliant architectures

Soft Skills

program managementcommunication skillsorganizational skillsproblem-solving abilitiescollaborationstakeholder managementinfluencingself-starteradaptabilityprioritization