GRC Technical Program Manager

Responsibilities

• Serve as the operational backbone for external compliance programs, managing the end-to-end lifecycle of controls, policies, and documentation.
• Co-own compliance lifecycles for FedRAMP, ISO 27001, and SOC 2, including contributions to Kantara accreditation.
• Drive cross-functional alignment to own program outcomes and manage POA&M remediation and continuous monitoring.
• Utilize AI tools and purpose-built AI agents for evidence validation, control evaluation, and finding management.
• Manage control tracking and evidence through GRC platforms.

Requirements

• 3+ years of experience operating security or compliance programs aligned to FedRAMP or NIST 800-53.
• 2+ years of experience leading internal or external audits end-to-end.
• Experience managing control lifecycles and POA&M remediation in cloud-native environments (AWS or GCP).
• Hands-on experience with GRC platforms (LogicGate preferred).
• Demonstrated professional use of AI tools for workflow automation, analysis, or evaluation.
• Ability to work full-time in-office at our Mountain View, CA or McLean, VA locations.

Preferred Qualifications

• Experience managing FedRAMP Continuous Monitoring and Significant Change Requests.
• Familiarity with NIST SP 800-63, digital identity systems, or Kantara accreditation.
• Relevant certifications such as CISSP, CISA, CCSK, or ISO 27001 Lead Auditor.
• Experience working in SaaS, FinTech, GovCloud, or other highly regulated technology environments.

About the Company

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. With over 152 million users, ID.me provides streamlined identity verification for 20 federal agencies, 45 state government agencies, and over 70 healthcare organizations. We are committed to the mission of "No Identity Left Behind," ensuring everyone has access to a secure digital identity.