Program Manager, Security Assurance

About RampRamp is a financial operations platform designed to save businesses time and money. Combining corporate cards with expense management, bill payments, vendor management, accounting automation, and more, Ramp's all-in-one solution frees finance teams to do the best work of their lives. More than 25,000 companies, from family-owned farms to e-commerce giants to space startups, have saved $1B and 10M hours with Ramp. Founded in 2019, Ramp powers the fastest-growing corporate card and bill payment platform in America, and enables over 35 billion dollars in purchases each year.Ramp's investors include Sequoia, Founders Fund, Thrive Capital, Khosla Ventures, Greylock, Stripe, Goldman Sachs, Coatue, and Redpoint, as well as over 100 angel investors who were founders or executives of leading companies. The Ramp team comprises talented leaders from leading financial services and fintech companies—Stripe, Affirm, Goldman Sachs, American Express, Mastercard, Visa, Capital One—as well as technology companies such as Meta, Uber, Netflix, Twitter, Dropbox, and Instacart.Ramp has been named to Fast Company's Most Innovative Companies list and LinkedIn's Top U.S. Startups for over 3 years, as well as the Forbes Cloud 100, CNBC Disruptor 50, and TIME Magazine's 100 Most Influential Companies.About the RoleThis business-enabling role, you will have a direct impact on scaling and strengthening Ramp’s security and compliance practices. You will drive initiatives across security compliance, third-party risk management, and assurance, with a focus on enhancing our security posture, supporting due diligence efforts, and advancing overall risk management strategies to support our rapid growth.What You’ll DoSupport the governance risk and compliance management program to achieve reports / certifications such as SOC2, ISO 27001 / 2, PCI-DSS, SOX, and others as appropriatePerform targeted gap assessments to bridge existing processes with the requirements of additional frameworks critical for business expansionManage risk program activities including risk registers, risk identification, tracking, and prioritizationAssess identified security risks and collaborate cross-functionally to create and execute treatment plans aligned with business priorities.Design and implement a common security control framework and ensure that controls are aligned with applicable security standards, regulations, and business objectivesSupport GRC tool implementation and optimization to streamline compliance processes and support security initiatives Support and optimize third-party risk management programs to evaluate and monitor vendor security practices Partner with Product, Engineering, IT, People Operations, and Legal to review existing and new initiatives that could impact compliance requirementsWork with external auditors, regulators, and customers to ensure compliance with technology risk and compliance initiativesWork with the go-to-market team on customer security due diligence, including security questionnaires and resolving current or prospective compliance requests.What You NeedMinimum 5 years of experience with security requirements, standards, and practices, including NIST CSF, NIST 800-53, ISO 27001, PCI, SOC2, etc.Minimum 3 years of experience in supporting business-enabling GRC programs in highly regulated industries (e.g., SaaS, Finance)Ability to lead end-to-end security audits from design and implementation of controls to audit execution and project managementExcellent understanding of risks and ability to prioritize potential gaps and opportunities for improvement based on our business and risk profileExperience supporting and building out a comprehensive third-party risk management programProficient risk management and communication skills to navigate difficult conversations with leadership while driving accountability for risk-based decisionsExperience working with a range of customers to provide assurance on complex security concerns Demonstrated experience working cross-functionally across technical and non-technical teams across a large organization to drive alignment and actionNice to HavesSecurity Certifications (CISSP, CISA, CCAK, CRISC, etc.)Familiarity with GRC tool automation, monitoring, and maintenanceAbout Our TeamOur team’s mission is to enable the business and provide assurance to our customers through the following pillars : Security Governance & Risk focuses on implementing a risk and compliance program that identifies and mitigates risk across the organization.Security Compliance focuses on maintaining a compliance roadmap (SOC 2, ISO 27001, PCI, SOX) based on customer, regulatory, and internal needs.Customer Assurance focuses on owning customer assurance packages (questionnaires, trust site, sales enablement) Third-Party Risk Management focuses on guarding against threats posed by third parties who have access to Ramp dataBenefits (for U.S.-based full-time employees)100% medical, dental & vision insurance coverage for youPartially covered for your dependentsOne Medical annual membership401k (including employer match on contributions made while employed by Ramp)Flexible PTOFertility HRA (up to $5,000 per year)WFH stipend to support your home office needsWellness stipendParental LeaveRelocation support to NYC or SFPet insuranceOther noticesPursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Compensation Range : $131.6K - $181KLocationNew YorkEmployment TypeFull timeDepartmentSecurityCompensation$131.6K – $181K

• Offers Equity

Salary : $131,600 - $181,000