Program Manager - FedRAMP

Job Title: Program Manager

Duration: 12+ Months (Possible extension)

Location: New York, NY 10286

Onsite Role (4 days a week)

Responsibilities:

• Seeking a seasoned Program Manager to lead the creation, authorization, and continuous governance of a FedRAMP-compliant Azure Government tenant underpinning government payment transaction services.
• You will own the end-to-end program—system boundary definition, documentation, ATO readiness, and continuous monitoring—ensuring sustained compliance at FedRAMP High
• The ideal candidate blends rigorous compliance leadership with strong cloud security and platform enablement skills and has demonstrated success in -system subject to federal compliance.

Program Leadership and Governance:

• Own the multi-year FedRAMP roadmap for an Azure Government tenant supporting government transactions; define milestones, risks, dependencies, and decision gates.
• Establish governance forums and operating mechanisms across engineering, cloud platform, information security, risk/compliance, legal, payment operations, and 3PAOs.
• Maintain program OKRs/KPIs: POA&M closure velocity, control coverage, vulnerability SLAs, ConMon completeness, audit readiness, and
• Drive disciplined change control, evidence management, , and control attestation workflows aligned to FedRAMP requirements.
• Manage external partners and 3PAO activities (readiness, assessments, remediation).

FedRAMP Authorization (ATO) Readiness:

• Lead authoring and maintenance of FedRAMP artifacts: SSP and associated FedRAMP appendices, POA&M, policies/standards/procedures, boundary diagrams, and data flows tailored to Azure Government/GCC High constructs.
• Define and maintain the system boundary and data categorization supporting payment transactions; align to FedRAMP High baseline.
• Coordinate control implementation across all FedRAMP control families.
• Conduct gap analyses against NIST SP 800-53 controls; drive remediation plans and ensure traceability from control narratives to technical and process evidence.

Continuous Monitoring & Operations:

• Stand up and run Continuous Monitoring, in alignment with FedRAMP High guidelines, for the Azure Government tenant: scanning cadence, patch cycles, configuration baseline monitoring, control effectiveness checks, incident handling, and change compliance.
• Own POA&M lifecycle: triage findings, prioritize by risk, execute corrective actions, validate closure, reporting outstanding actions, and update artifacts.
• Coordinate security incident response processes with SOC teams and act as interface with the client throughout the incident lifecycle including root cause analysis and closure.

Risk Management and Issue Resolution:

• Maintain a program risk register spanning control gaps, architectural changes, data flows, vendor dependencies, and operational risks in payment services.
• Escalate issues with quantified impact; drive compensating controls or risk acceptance decisions in partnership with risk/compliance.

Education/Experience:

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field; equivalent experience considered.
• 7+ years of program management in regulated cloud environments; 3+ years directly owning FedRAMP programs, artifacts, and Continuous Monitoring.
• Hands-on oversight, authorship, maintenance, and response experience with SSP, POA&M, SAP/SAR; proven track record achieving/maintaining ATO for cloud services.
• Deep knowledge of NIST SP 800-53 control families, FedRAMP Moderate/High baselines, ConMon processes, and 3PAO engagements.
• Strong familiarity with Azure Government or GCC High and core security capabilities: identity/access, logging/monitoring, encryption, policy enforcement, landing zone patterns.
• Demonstrated success orchestrating cross-functional teams (security, cloud/platform, payments, operations, compliance, legal) to deliver complex regulatory programs.

Preferred:

• Direct experience enabling government payment transactions on cloud platforms and aligning control implementations to transactional risk profiles.
• Azure-focused security experience (Defender for Cloud, Sentinel, Azure Policy/Blueprints, Key Vault, Private Link, Purview).
• Prior experience collaborating with federal agencies, sponsoring organizations, or authorizing officials for ATOs.
• Experience with security compliance to IRS 1075 requirements
• Certifications: PMP, CISSP, CCSP, CISM, Azure Security Engineer Associate, or equivalent.