Program Manager - FedRAMP (New York)

Job Title: Program ManagerDuration: 12+ Months (Possible extension)Location: Washington, DC 20005Onsite Role (4 days a week)Responsibilities:Seeking a seasoned Program Manager to lead the creation, authorization, and continuous governance of a FedRAMP-compliant Azure Government tenant underpinning government payment transaction services.You will own the end-to-end program—system boundary definition, documentation, ATO readiness, and continuous monitoring—ensuring sustained compliance at FedRAMP HighThe ideal candidate blends rigorous compliance leadership with strong cloud security and platform enablement skills and has demonstrated success in -system subject to federal compliance.Program Leadership and Governance:Own the multi-year FedRAMP roadmap for an Azure Government tenant supporting government transactions; define milestones, risks, dependencies, and decision gates.Establish governance forums and operating mechanisms across engineering, cloud platform, information security, risk/compliance, legal, payment operations, and 3PAOs.Maintain program OKRs/KPIs: POA&M closure velocity, control coverage, vulnerability SLAs, ConMon completeness, audit readiness, andDrive disciplined change control, evidence management, , and control attestation workflows aligned to FedRAMP requirements.Manage external partners and 3PAO activities (readiness, assessments, remediation).FedRAMP Authorization (ATO) Readiness:Lead authoring and maintenance of FedRAMP artifacts: SSP and associated FedRAMP appendices, POA&M, policies/standards/procedures, boundary diagrams, and data flows tailored to Azure Government/GCC High constructs.Define and maintain the system boundary and data categorization supporting payment transactions; align to FedRAMP High baseline.Coordinate control implementation across all FedRAMP control families.Conduct gap analyses against NIST SP 800-53 controls; drive remediation plans and ensure traceability from control narratives to technical and process evidence.Continuous Monitoring & Operations:Stand up and run Continuous Monitoring, in alignment with FedRAMP High guidelines, for the Azure Government tenant: scanning cadence, patch cycles, configuration baseline monitoring, control effectiveness checks, incident handling, and change compliance.Own POA&M lifecycle: triage findings, prioritize by risk, execute corrective actions, validate closure, reporting outstanding actions, and update artifacts.Coordinate security incident response processes with SOC teams and act as interface with the client throughout the incident lifecycle including root cause analysis and closure.Risk Management and Issue Resolution:Maintain a program risk register spanning control gaps, architectural changes, data flows, vendor dependencies, and operational risks in payment services.Escalate issues with quantified impact; drive compensating controls or risk acceptance decisions in partnership with risk/compliance.Education/Experience:Bachelor's degree in Information Security, Computer Science, Information Systems, or related field; equivalent experience considered.7+ years of program management in regulated cloud environments; 3+ years directly owning FedRAMP programs, artifacts, and Continuous Monitoring.Hands-on oversight, authorship, maintenance, and response experience with SSP, POA&M, SAP/SAR; proven track record achieving/maintaining ATO for cloud services.Deep knowledge of NIST SP 800-53 control families, FedRAMP Moderate/High baselines, ConMon processes, and 3PAO engagements.Strong familiarity with Azure Government or GCC High and core security capabilities: identity/access, logging/monitoring, encryption, policy enforcement, landing zone patterns.Demonstrated success orchestrating cross-functional teams (security, cloud/platform, payments, operations, compliance, legal) to deliver complex regulatory programs.Preferred:Direct experience enabling government payment transactions on cloud platforms and aligning control implementations to transactional risk profiles.Azure-focused security experience (Defender for Cloud, Sentinel, Azure Policy/Blueprints, Key Vault, Private Link, Purview).Prior experience collaborating with federal agencies, sponsoring organizations, or authorizing officials for ATOs.Experience with security compliance to IRS 1075 requirementsCertifications: PMP, CISSP, CCSP, CISM, Azure Security Engineer Associate, or equivalent.