Program Manager, Security Assurance

Responsibilities: * Own cross-functional relationships with Product, Engineering, Operations, CX, and Legal teams at Ramp to provide recommendations and solutions to achieve security goals and initiatives. * Build upon existing internal partnerships to define, iterate, and enable new initiatives to minimize security risks and mature Ramps security posture. * Perform assessments across internal and external tools used at Ramp to develop configuration baseline recommendations and remediation strategies. * Create and baseline internal metrics to provide upward reporting to management. * Develop and iterate on reporting to drive accountability and reduce operational burden on cross-functional teams. * Support the governance, risk, and compliance management program to achieve reports/certifications such as SOC 2, ISO 27001/2, PCI-DSS, SOX, and others as appropriate. * Perform targeted gap assessments to bridge existing processes with the requirements of additional frameworks critical for business expansion. * Design and implement a common security control framework and ensure that controls are aligned with applicable security standards, regulations, and business objectives. * Support GRC tool implementation and optimization to streamline compliance processes and support security initiatives. * Support and optimize third-party risk management programs to evaluate and monitor vendor security practices. * Work with external auditors, regulators, and customers to ensure compliance with technology risk and compliance initiatives. * Work with the go-to-market team on customer security due diligence, including security questionnaires and resolving current or prospective compliance requests. Job Requirements: A bachelors degree or its foreign equivalent in informatics, information technology, computer science, or a related field, plus 2 years of experience as an information technology project manager, project management specialist, product manager, or in a related role/occupation in information security or cybersecurity. In addition, the required prior experience must include: * 2 years of experience building growth-aligned security programs. * 2 years of experience leading multiple concurrent cybersecurity or information security projects. * 2 years of experience conducting risk assessments and authoring risk reports tailored to organizational business objectives and profiles. * 2 years of experience with cross-functional collaboration across technical and non-technical teams, including contributing to interdepartmental security initiatives, alignment efforts, and cross-team working groups. If interested, send resume or CV to [email protected] and reference PMSA.