FedRamp Program Manager
About the Role
Abnormal Security is looking for a FedRAMP Program Manager to join the Security & Privacy team. As a leading cybersecurity company, it is crucial that we protect our infrastructure, customers, and employees from advanced attacks and threats we face every day. The FedRAMP Program Manager oversees Abnormal’s FedRAMP compliance program from ATO through continuous monitoring. The ideal candidate will have a proven track record in working with federal customers and direct experience with FedRAMP compliance for a SaaS cloud service provider (CSP).
Who you are
- Experienced running a FedRAMP ATO process and compliance program
- High attention to detail, process, and organization
- Demonstrated experience presenting detailed, technical concepts to both technical and non-technical audiences
- Results-oriented, values collaboration, self-motivated, and willing to adapt to change in a fast-moving environment
- Ability to manage multiple priorities and meet deadlines in a fast-paced environment
- Operate within an agile environment and provide leadership to adapt to dynamics in technology, industry, cyber threats, and our own business
- Outstanding analytical and communication (written and verbal) skills and exercises good business judgment
- Strong project management skills to ensure accountability and results
- Ability to take unpopular positions when necessary, influence others to support these decisions, and maintain trust and credibility
What you will do
- Lead the end-to-end FedRAMP compliance process, ensuring alignment with federal security requirements and guidelines.
- Work closely with cross-functional teams, including security, IT, and legal, to implement and maintain FedRAMP controls.
- Act as the primary security contact for the US Government clients
- Responsible for managing and maintaining key security documentation such as System Security Plans (SSP), Policies and Procedures, and Plan of Actions and Milestones (POA&M)
- Generate regular reports on the status of FedRAMP activities and present updates to leadership and relevant stakeholders.
- Serve as the primary point of contact for external assessors during the FedRAMP assessment process.
- Stay abreast of changes in FedRAMP requirements and industry best practices.
- Conduct security control assessments, risk assessments, and continuous monitoring of the Federal products and environments
- Effectively manage and respond to security incidents in Abnormal’s federal environment, coordinating with internal and external stakeholders, to minimize impact and prevent future occurrences
- In-depth understanding of NIST controls including, 800-53 r4, 800-160, 800-171, 800-218 and how to implement them for SaaS cloud service provider (CSP)
- Knowledge of cloud architecture, cloud-native security tools, and best practices for securing cloud environments, given that FedRAMP is focused on cloud service offerings
- At least 3 years of direct experience working with FedRAMP processes, NIST standards (especially NIST SP 800-53), and understanding of the Federal Information Security Management Act (FISMA)
- Deep Expertise: At least 10 years of experience in cybersecurity, compliance, or technology with a focus on security operations, compliance, risk management, and incident response in a federal environment
- Direct experience leading a SaaS CSP through the FedRAMP ATO process
- Strong understanding of application security and cloud security with the ability to effectively communicate cybersecurity risks and recommendations to executives.
- Understanding and practical experience working NIST SP800-53, NIST SP800-171, CMMC, and ISO 27001.
- Bachelor’s degree or equivalent military experience. Prefer a degree in information assurance, computer science, information security, or business.
Nice to Have
- Master of Business Administration, Cybersecurity, or Cybersecurity Law preferred.
- Professional certifications (CISSP, CISM, CISA, or other security-related) are a plus.
At Abnormal Security certain roles are eligible for a bonus, restricted stock units (RSUs), and benefits. Individual compensation packages are based on factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons. We know that benefits are also an important piece of your total compensation package. Learn more about our Compensation and Equity Philosophy on our Benefits & Perks page.