GRC Program Manager, US Government Compliance

Responsibilities

• Drive the ATO process for FedRAMP and across multiple government clients in restricted environments with minimal oversight.
• Collaborate with engineering teams to interpret security requirements and implement controls that balance compliance with operational needs.
• Create clear, concise, and technically accurate documentation, including System Security Plans (SSPs), risk assessments, and architecture diagrams.
• Act as a subject matter expert during audits and assessments, representing the organization with credibility and expertise.
• Continuously refine processes to improve the efficiency and quality of compliance efforts.

Requirements

• Proven experience in obtaining and maintaining a FedRAMP ATO and agency specific ATOs in highly restricted environments, within government or regulated sectors.
• Deep understanding of USG security frameworks and policies (e.g., NIST, RMF, FedRAMP).
• Ability to communicate technical concepts to diverse audiences, including engineers and non-technical stakeholders.
• Exceptional technical program management skills, with the ability to multitask and deliver large complex programs under pressure.

Nice-to-Haves

• Active US security clearance.
• 5+ years of compliance experience in positions involving information security, data security, or infrastructure or network security.
• Familiarity with deployment models, including to cloud platforms (Azure, AWS) and the underlying infrastructure primitives (Kubernetes, Terraform).
• Strong familiarity with core security concepts and technologies, such as authentication, encryption, vulnerability management, and audit logging.
• Ability to work collaboratively and effectively in a cross-functional team environment.
• Thrive in dynamic environments and can navigate ambiguity with ease.