Accelerate Onebrief’s execution of GRC programs supporting NIST RMF, FedRAMP High, CMMC, and SOC2 authorizations.
Develop and manage integrated project plans for control implementation, remediation, and continuous monitoring.
Coordinate cross-functional teams (Infrastructure, Engineering, Product) to ensure timely delivery of compliance requirements.
Track control implementation status, POA&Ms, and remediation efforts to closure.
Support preparation and coordination of Security Control Assessments (SCAs), 3PAOs, and Federal Customer audits.
Coordinate and track development of SSP updates, control narratives, and authorization artifacts in partnership with GRC Architects.
Track risk assessment outputs and ensure identified risks are translated into actionable remediation plans.
Drive the implementation of secure CI/CD practices that meet evolving compliance requirements without blocking velocity.
Support the development and operationalization of scalable governance processes defined by GRC leadership.
Ensure configuration management, vulnerability management, and change control activities align with compliance requirements.
Identify program risks, dependencies, and blockers, and proactively escalate when necessary.
Coach teams on security best practices and contribute to a culture of secure product development.

Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field.
8+ years of experience in cybersecurity, compliance, or technical program management roles.
Demonstrated experience supporting systems under NIST RMF, FedRAMP, or DoD RMF.
Experience managing cross-functional technical programs in cloud-native environments and technologies.
Familiarity with eMASS or similar authorization management systems.
Experience maintaining or coordinating SSPs, POA&Ms, and authorization packages.
Strong understanding of:
AWS Cloud Technologies
NIST SP 800-53 control families
Risk management and continuous monitoring practices
CI/CD and modern DevSecOps workflows.
Experience supporting Security Control Assessments or 3PAO audits.
Certifications (one or more required):
CISSP
CISM
CGRC
PMP or equivalent program management certification
Security+ or equivalent.
Proven ability to drive complex, compliance-focused technical programs across multiple stakeholders.
Experience operating within DoD or federal compliance frameworks (e.g., RMF, FedRAMP).
Experience supporting Security Control Assessments, external audits, and Federal Customers.
Experience managing POA&Ms and remediation efforts in dynamic, cloud-based environments.
Excellent communication skills with the ability to brief engineers, leadership, and federal stakeholders.
Secret Clearance, TS/SCI Eligible.

Equity: Share in the company's success.
Flexible Work Environment: Remote-first organization* with flexible work hours and unlimited PTO.
Comprehensive Health Coverage: Health, dental, vision, and life insurance.
Retirement Plan: 401(k) plan with company match to secure your future.
Parental Leave: 8 weeks at 100% regardless of state.
Company Retreats: Annual company summit trips.
Home Office Budget: $1,000 per year for home office improvements.

Technical Program Manager, Governance Risk & Compliance – Platform

Key skills