Program Manager, Security Assurance
New York
Full Time Mid-level / Intermediate USD 1K - 181K
Ramp
Make expense management easy with Ramp's spend management platform. Combine global corporate cards, travel, expenses and accounts payable to automate finance operations and improve efficiency.Ramp is a financial operations platform designed to save businesses time and money. Combining corporate cards with expense management, bill payments, vendor management, accounting automation, and more, Ramp's all-in-one solution frees finance teams to do the best work of their lives. More than 25,000 companies, from family-owned farms to e-commerce giants to space startups, have saved $1B and 10M hours with Ramp. Founded in 2019, Ramp powers the fastest-growing corporate card and bill payment platform in America, and enables over 35 billion dollars in purchases each year.
Ramp's investors include Sequoia, Founders Fund, Thrive Capital, Khosla Ventures, Greylock, Stripe, Goldman Sachs, Coatue, and Redpoint, as well as over 100 angel investors who were founders or executives of leading companies. The Ramp team comprises talented leaders from leading financial services and fintech companies—Stripe, Affirm, Goldman Sachs, American Express, Mastercard, Visa, Capital One—as well as technology companies such as Meta, Uber, Netflix, Twitter, Dropbox, and Instacart.
Ramp has been named to Fast Company's Most Innovative Companies list and LinkedIn's Top U.S. Startups for over 3 years, as well as the Forbes Cloud 100, CNBC Disruptor 50, and TIME Magazine's 100 Most Influential Companies.
About the Role
This business-enabling role, you will have a direct impact on scaling and strengthening Ramp’s security and compliance practices. You will drive initiatives across security compliance, third-party risk management, and assurance, with a focus on enhancing our security posture, supporting due diligence efforts, and advancing overall risk management strategies to support our rapid growth.
What You’ll Do
Support the governance risk and compliance management program to achieve reports/certifications such as SOC2, ISO 27001/2, PCI-DSS, SOX, and others as appropriate
Perform targeted gap assessments to bridge existing processes with the requirements of additional frameworks critical for business expansion
Manage risk program activities including risk registers, risk identification, tracking, and prioritization
Assess identified security risks and collaborate cross-functionally to create and execute treatment plans aligned with business priorities.
Design and implement a common security control framework and ensure that controls are aligned with applicable security standards, regulations, and business objectives
Support GRC tool implementation and optimization to streamline compliance processes and support security initiatives
Support and optimize third-party risk management programs to evaluate and monitor vendor security practices
Partner with Product, Engineering, IT, People Operations, and Legal to review existing and new initiatives that could impact compliance requirements
Work with external auditors, regulators, and customers to ensure compliance with technology risk and compliance initiatives
Work with the go-to-market team on customer security due diligence, including security questionnaires and resolving current or prospective compliance requests.
What You Need
Minimum 5 years of experience with security requirements, standards, and practices, including NIST CSF, NIST 800-53, ISO 27001, PCI, SOC2, etc.
Minimum 3 years of experience in supporting business-enabling GRC programs in highly regulated industries (e.g., SaaS, Finance)
Ability to lead end-to-end security audits from design and implementation of controls to audit execution and project management
Excellent understanding of risks and ability to prioritize potential gaps and opportunities for improvement based on our business and risk profile
Experience supporting and building out a comprehensive third-party risk management program
Proficient risk management and communication skills to navigate difficult conversations with leadership while driving accountability for risk-based decisions
Experience working with a range of customers to provide assurance on complex security concerns
Demonstrated experience working cross-functionally across technical and non-technical teams across a large organization to drive alignment and action
Nice to Haves
Security Certifications (CISSP, CISA, CCAK, CRISC, etc.)
Familiarity with GRC tool automation, monitoring, and maintenance
About Our Team
Our team’s mission is to enable the business and provide assurance to our customers through the following pillars:
Security Governance & Risk focuses on implementing a risk and compliance program that identifies and mitigates risk across the organization.
Security Compliance focuses on maintaining a compliance roadmap (SOC 2, ISO 27001, PCI, SOX) based on customer, regulatory, and internal needs.
Customer Assurance focuses on owning customer assurance packages (questionnaires, trust site, sales enablement)
Third-Party Risk Management focuses on guarding against threats posed by third parties who have access to Ramp data
Benefits (for U.S.-based full-time employees)
100% medical, dental & vision insurance coverage for you
Partially covered for your dependents
One Medical annual membership
401k (including employer match on contributions made while employed by Ramp)
Flexible PTO
Fertility HRA (up to $5,000 per year)
WFH stipend to support your home office needs
Wellness stipend
Parental Leave
Relocation support to NYC or SF
Pet insurance
Other notices
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Tags: Audits Automation CISA CISSP Cloud Compliance CRISC E-commerce Finance FinTech Governance ISO 27001 Monitoring NIST NIST 800-53 Risk management SaaS SOC SOC 2 SOX Vendor management
Perks/benefits: 401(k) matching Fertility benefits Flex hours Flex vacation Health care Home office stipend Medical leave Parental leave Relocation support Startup environment Team events Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.