About Ramp

Ramp is building the smart infrastructure for finance teams, embedded in the transaction flow of every dollar a business spends. We automate how over $100B in annualized spend flows in and out of 50,000+ companies: authorizing payments, flagging risk, categorizing spend, and closing books.

The problems are high-stakes, data-dense, and unforgiving.

We hire people with high agency and high urgency. We look for slope over intercept. We care less about where you trained and more about what you’ve built. At Ramp, everyone is a builder who owns problems end to end and makes consequential decisions that shape the outcome.

The median Ramp customer saves 5% and grows revenue 16% in their first year – far in excess of businesses operating without Ramp. We believe every ambitious company deserves the same.

If you want to build systems that directly shape how companies move and manage billions, Ramp is the place to do it.

About the Role

We are seeking a skilled and detail-oriented Senior Security Program Manager, Public Sector to lead and enhance our organization’s adherence to U.S. government cybersecurity risk management frameworks, including but not limited to FedRAMP and GovRAMP. In this role, you will play a key part in guiding compliance strategies for our public sector initiatives, working cross-functionally to ensure effective security practices and successful authorizations across jurisdictions.

What You’ll Do

Lead all aspects of the compliance lifecycle across multiple public sector frameworks (e.g., FedRAMP, GovRAMP), including risk assessments, continuous monitoring, audits, and authorization management
Drive complex cross-functional program management efforts involving teams across security, legal, engineering, infrastructure, and product functions.
Serve as a subject matter expert on risk management and regulatory compliance for federal, state, and local government environments.
Develop and maintain comprehensive security documentation aligned with applicable frameworks, including System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and data flow diagrams.
Monitor compliance with control requirements (e.g., NIST 800-53, GovRAMP Baselines) and coordinate the implementation of technical and procedural safeguards.
Engage with third-party assessors (3PAOs or independent assessors), government sponsors, and internal teams to support assessments and audits.
Lead readiness assessments and support the prioritization of remediation activities across teams.
Manage timely tracking and closure of vulnerabilities and findings; ensure reporting and documentation obligations are met.
Provide risk-informed compliance recommendations that influence infrastructure and product development decisions.
Collaborate with legal and government affairs teams to ensure compliance with emerging federal and state regulatory requirements.
Stay informed on evolving threats, compliance trends, and guidance updates across FedRAMP, GovRAMP, NIST, and other frameworks.

What You Need

5+ years of experience in information security or compliance, with a focus on government and public sector regulatory frameworks (e.g., FedRAMP, GovRAMP, FISMA, NIST RMF).
Knowledge of NIST SP 800-53 and experience mapping controls across frameworks.
Experience with cloud environments like AWS GovCloud or Azure Government, including implementation of compliant architectures.
Proven ability to manage large-scale compliance programs across diverse stakeholder groups.
Demonstrated success developing and maintaining regulatory documentation and audit evidence.
Experience leading engagements with internal teams, assessors, and government partners.
Strong written and verbal communication skills, including translating between technical and executive audiences.
Excellent organizational skills and the ability to manage multiple initiatives with competing priorities.
Self-starter with strong problem-solving abilities in ambiguous, fast-moving environments.

Nice-to-Haves

Relevant certifications: CISSP, CISA, CRISC, CCAK, CGRC (formerly CAP).
Experience with automation platforms for GRC and security monitoring (e.g., Wiz, Paramify).
Familiarity with other public sector compliance programs (CJIS, IRS 1075, DoD IL5, etc.).
Experience supporting product or infrastructure teams through ATO processes.
Experience with FedRAMP 20x initiatives.
Leadership experience or management of small security/GRC teams.

Benefits available to all full-time Ramp employees (Global)

• Flexible PTO

• Unlimited AI token usage

• Centralized home-office equipment ordering

• Health and wellness stipend

• Budget for intra-office travel

• Weekly coffee stipend

United States

• 100% medical, dental & vision insurance coverage for you, with partial coverage for dependents

• One Medical annual membership

• 401(k), including employer match on contributions made while employed by Ramp

• Fertility HRA (up to $10,000 per year)

• Parental leave: up to 16 weeks (80 days) at 100% pay

• Pet insurance

• In-office perks: lunch, snacks, drinks, and more

• Relocation support to NYC or SF (as needed)

Canada

• Group medical, dental, and vision coverage through Sun Life

• Life, AD&D, and disability coverage

• Fertility drug coverage (up to $4,000 lifetime)

• Group Retirement Plan with employer match (RRSP + DPSP)

• Parental leave: up to 16 weeks (80 days) at 100% pay, with additional time available at reduced pay

• Employee Assistance Program and virtual care through Lumino Health

United Kingdom

• Private medical insurance through Freedom Elite

• Virtual GP and at-home care via eMed x Livi

• Workplace pension through Penfold, with salary sacrifice option

• Parental leave: up to 16 weeks (80 days) at 100% pay, with additional time available at reduced pay

Referral Instructions

If you are being referred for the role, please contact that person to apply on your behalf.

Other notices

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Beware of recruiting scams: Ramp will only contact you through official @_Ramp.com__ email addresses and will never ask for payment or sensitive personal information during the hiring process._

Ramp Applicant Privacy Notice

About Ramp

The problems are high-stakes, data-dense, and unforgiving.

The median Ramp customer saves 5% and grows revenue 16% in their first year – far in excess of businesses operating without Ramp. We believe every ambitious company deserves the same.

If you want to build systems that directly shape how companies move and manage billions, Ramp is the place to do it.

About the Role

What You’ll Do

Lead all aspects of the compliance lifecycle across multiple public sector frameworks (e.g., FedRAMP, GovRAMP), including risk assessments, continuous monitoring, audits, and authorization management
Drive complex cross-functional program management efforts involving teams across security, legal, engineering, infrastructure, and product functions.
Serve as a subject matter expert on risk management and regulatory compliance for federal, state, and local government environments.
Develop and maintain comprehensive security documentation aligned with applicable frameworks, including System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and data flow diagrams.
Monitor compliance with control requirements (e.g., NIST 800-53, GovRAMP Baselines) and coordinate the implementation of technical and procedural safeguards.
Engage with third-party assessors (3PAOs or independent assessors), government sponsors, and internal teams to support assessments and audits.
Lead readiness assessments and support the prioritization of remediation activities across teams.
Manage timely tracking and closure of vulnerabilities and findings; ensure reporting and documentation obligations are met.
Provide risk-informed compliance recommendations that influence infrastructure and product development decisions.
Collaborate with legal and government affairs teams to ensure compliance with emerging federal and state regulatory requirements.
Stay informed on evolving threats, compliance trends, and guidance updates across FedRAMP, GovRAMP, NIST, and other frameworks.

What You Need

5+ years of experience in information security or compliance, with a focus on government and public sector regulatory frameworks (e.g., FedRAMP, GovRAMP, FISMA, NIST RMF).
Knowledge of NIST SP 800-53 and experience mapping controls across frameworks.
Experience with cloud environments like AWS GovCloud or Azure Government, including implementation of compliant architectures.
Proven ability to manage large-scale compliance programs across diverse stakeholder groups.
Demonstrated success developing and maintaining regulatory documentation and audit evidence.
Experience leading engagements with internal teams, assessors, and government partners.
Strong written and verbal communication skills, including translating between technical and executive audiences.
Excellent organizational skills and the ability to manage multiple initiatives with competing priorities.
Self-starter with strong problem-solving abilities in ambiguous, fast-moving environments.

Nice-to-Haves

Relevant certifications: CISSP, CISA, CRISC, CCAK, CGRC (formerly CAP).
Experience with automation platforms for GRC and security monitoring (e.g., Wiz, Paramify).
Familiarity with other public sector compliance programs (CJIS, IRS 1075, DoD IL5, etc.).
Experience supporting product or infrastructure teams through ATO processes.
Experience with FedRAMP 20x initiatives.
Leadership experience or management of small security/GRC teams.

Benefits available to all full-time Ramp employees (Global)

• Flexible PTO

• Unlimited AI token usage

• Centralized home-office equipment ordering

• Health and wellness stipend

• Budget for intra-office travel

• Weekly coffee stipend

United States

• 100% medical, dental & vision insurance coverage for you, with partial coverage for dependents

• One Medical annual membership

• 401(k), including employer match on contributions made while employed by Ramp

• Fertility HRA (up to $10,000 per year)

• Parental leave: up to 16 weeks (80 days) at 100% pay

• Pet insurance

• In-office perks: lunch, snacks, drinks, and more

• Relocation support to NYC or SF (as needed)

Canada

• Group medical, dental, and vision coverage through Sun Life

• Life, AD&D, and disability coverage

• Fertility drug coverage (up to $4,000 lifetime)

• Group Retirement Plan with employer match (RRSP + DPSP)

• Parental leave: up to 16 weeks (80 days) at 100% pay, with additional time available at reduced pay

• Employee Assistance Program and virtual care through Lumino Health

United Kingdom

• Private medical insurance through Freedom Elite

• Virtual GP and at-home care via eMed x Livi

• Workplace pension through Penfold, with salary sacrifice option

• Parental leave: up to 16 weeks (80 days) at 100% pay, with additional time available at reduced pay

Referral Instructions

If you are being referred for the role, please contact that person to apply on your behalf.

Other notices

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Beware of recruiting scams: Ramp will only contact you through official @_Ramp.com__ email addresses and will never ask for payment or sensitive personal information during the hiring process._

Ramp Applicant Privacy Notice

Senior Security Program Manager | Public Sector

What you'd actually do

Skills

Required

Nice to have

What the JD emphasized

About Ramp

About the Role

What You’ll Do

What You Need

Nice-to-Haves

Benefits available to all full-time Ramp employees (Global)

United States

Canada

United Kingdom

Referral Instructions

Other notices

About Ramp

About the Role

What You’ll Do

What You Need

Nice-to-Haves

Benefits available to all full-time Ramp employees (Global)

United States

Canada

United Kingdom

Referral Instructions

Other notices