Abacus Insights - RAMP Program Manager
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• 5+ years’ experience in program management, ideally supporting compliance, security, or regulatory initiatives • Experience working with GovRAMP, StateRAMP, FedRAMP, or closely related frameworks (FedRAMP Moderate preferred) • Strong understanding of NIST SP 800‑53 concepts (implementation knowledge required; deep policy writing not required) • Demonstrated ability to manage cross‑functional global teams • Experience coordinating audits, assessments, or external reviews • Excellent written and verbal communication skills for US stakeholders • Program planning and execution rigor • Stakeholder management across time zones • Clear escalation and decision framing • Strong documentation and tracking discipline • Delivery‑oriented mindset with attention to audit detail • What we would like to see, but not required • Experience with HIPAA, HITRUST and SOC2 compliance • Prior experience working with US auditors or 3PAOs • SaaS, cloud, or data‑platform environment experience • Familiarity with AWS and/or Azure environments (Gov or commercial) • Experience using Jira, Confluence, and GRC platforms (Hyperproof, Archer, etc.) • Previous experience supporting US public‑sector customers. • Compensation: Compensation for this role is based on experience, skills, and location, and includes base salary plus eligibility for performance bonuses and equity grants.
Responsibilities
• Program Planning & Execution • Own the end‑to‑end program plan for GovRAMP, StateRAMP, and/or FedRAMP initiatives • Develop and maintain detailed schedules, milestones, dependency tracking, and risk registers • Drive accountability across Security, Engineering, Cloud Ops, Product, and IT • RAMP Delivery Management • Coordinate authorization activities across: • Readiness assessments • Gap remediation • 3PAO / assessor engagement • Authorization reviews • Continuous monitoring operations • Ensure adoption of NIST SP 800‑53 Rev. 5 control requirements as executable work items • Evidence & Artifact Coordination • Manage the production, review, and lifecycle of core authorization artifacts, including: • System Security Plan (SSP) • Control narratives • System boundary and data‑flow diagrams • Inventories and tracking artifacts • Ensure evidence ownership, refresh cadence, and quality standards are consistently met • Auditor / 3PAO & Stakeholder Coordination • Serve as the program coordination point for assessors and 3PAOs • Schedule and manage walkthroughs, evidence reviews, and interviews • Partner with US‑based leadership during assessments, findings reviews, and status reporting • POA&M & Issue Management • Own the POA&M tracking and delivery process • Work with engineering and operations teams to: • Define remediation milestones • Validate closure evidence • Escalate risks early and propose mitigation plans • Operationalize monthly and quarterly continuous monitoring cadence • continuous monitoring cadence • Track vulnerability management, patching, access reviews, logging, and required attestations • Ensure ongoing compliance stability post‑authorization
Benefits
• What you’ll get in return: • Unlimited paid time off – recharge when you need it • Work from anywhere – flexibility to fit your life • Comprehensive health coverage – multiple plan options to choose from • Equity for every employee – share in our success • Growth-focused environment – your development matters here • Monthly cell phone allowance – stay connected with ease #LI-MS1 #LI-Remote
No credit card. Takes 10 seconds.