Program Manager

Role: Program Manager (FedRAMP – Azure Government Program)

Location: REMOTE (Pittsburgh, PA / Lake Mary, FL / New York City, NY)

Role Overview

We are looking for an experienced Program Manager to lead a large-scale FedRAMP compliance and cloud security program supporting government payment transaction services on an Azure Government platform. This role is responsible for driving end-to-end program execution, including compliance governance, system boundary definition, audit readiness, and continuous monitoring at FedRAMP High standards.

The ideal candidate combines strong program leadership with deep knowledge of cloud security frameworks, regulatory compliance, and enterprise-scale platform operations in highly regulated environments.

Key Responsibilities

1. Program Leadership & Governance

• Lead the overall FedRAMP compliance program roadmap for an Azure Government-based platform supporting secure payment transactions.
• Define program structure including milestones, dependencies, risks, and governance checkpoints.
• Establish cross-functional governance involving engineering, security, cloud operations, risk/compliance, legal, and external assessment partners (3PAOs).
• Track program performance using KPIs such as compliance readiness, vulnerability resolution timelines, control coverage, and audit preparedness metrics.
• Manage change control processes, compliance documentation updates, and control attestation workflows.

2. FedRAMP Authorization & Compliance Execution

• Own development and maintenance of key FedRAMP artifacts including System Security Plan (SSP), POA&M, security policies, system diagrams, and data flow documentation.
• Define and maintain system boundary and data classification models for payment transaction systems under FedRAMP High requirements.
• Ensure alignment with NIST SP 800-53 security controls and drive gap assessments and remediation planning.
• Coordinate implementation and validation of security controls across all required compliance domains.
• Support and manage ATO (Authorization to Operate) lifecycle activities, including preparation, submission, and approval processes.

3. Continuous Monitoring & Operational Compliance

• Establish and manage Continuous Monitoring (ConMon) processes, including vulnerability scanning, patching cycles, configuration monitoring, and security reporting.
• Oversee POA&M lifecycle management, including prioritization, remediation tracking, and closure validation.
• Maintain real-time dashboards for security posture, compliance gaps, and operational risk visibility.
• Ensure documentation is continuously updated to reflect changes in system architecture, services, and controls.
• Coordinate with security operations teams for incident response, root cause analysis, and remediation tracking.

4. Audit & External Stakeholder Management

• Act as the primary interface for auditors, authorizing officials, and third-party assessment organizations (3PAOs).
• Lead audit preparation activities including evidence collection, walkthroughs, and documentation reviews.
• Support remediation planning and risk acceptance discussions during audit findings.
• Facilitate communication between technical teams and compliance stakeholders.

5. Risk & Issue Management

• Maintain a comprehensive program risk register covering technical, operational, and compliance risks.
• Identify and escalate risks with clear impact analysis and mitigation strategies.
• Drive resolution of issues through compensating controls or structured risk acceptance processes.
• Ensure alignment of risks with business and regulatory requirements.

Required Qualifications

• 7+ years of experience in program management within regulated or cloud security environments.
• Minimum 3+ years of direct experience with FedRAMP programs, compliance artifacts, and Continuous Monitoring processes.
• Proven experience managing SSP, POA&M, SAP/SAR documentation and supporting ATO approvals.
• Strong understanding of NIST SP 800-53 controls and FedRAMP High baseline requirements.
• Experience working with Azure Government or highly regulated cloud environments (GCC High or equivalent).
• Ability to coordinate across security, engineering, operations, compliance, and legal teams.
• Strong communication skills for executive reporting, audit discussions, and stakeholder management.
• Bachelor’s degree in Computer Science, Information Security, Information Systems, or related field (or equivalent experience).

Preferred Qualifications

• Experience supporting government payment or financial transaction systems in cloud environments.
• Familiarity with Azure security tools such as Defender for Cloud, Sentinel, Azure Policy, Key Vault, and Private Link.
• Experience working with federal agencies or authorizing bodies during ATO processes.
• Certifications such as PMP, CISSP, CCSP, CISM, or Azure Security certifications.

Key Competencies

• Strong ownership of complex, multi-workstream programs.
• Ability to translate compliance requirements into practical technical and operational controls.
• Risk-based decision-making with structured prioritization.
• Strong stakeholder influence and cross-functional leadership.
• High attention to documentation accuracy and audit readiness.
• Continuous improvement mindset driven by metrics and compliance KPIs.