GRC Program Manager, US Government Compliance

About the Role

As a member of the GRC team, you will be responsible for driving the ATO process for FedRAMP and other government clients, working closely with internal stakeholders and external assessors to ensure compliance with stringent security requirements. You will also be expected to act as a subject matter expert during audits and assessments, representing Openai with credibility and expertise.

What You Will Do

• Drive the ATO process for FedRAMP and other government clients, including creating and implementing security controls and documentation
• Collaborate with engineering teams to interpret security requirements and implement controls that balance compliance with operational needs
• Create clear, concise, and technically accurate documentation, including System Security Plans (SSPs), risk assessments, and architecture diagrams
• Act as a subject matter expert during audits and assessments, representing Openai with credibility and expertise
• Continuously refine processes to improve the efficiency and quality of compliance efforts
• Develop and maintain relationships with key stakeholders, including government agencies and external assessors
• Stay up-to-date with changes to US government security policies and procedures, ensuring Openai remains compliant with all relevant requirements
• Provide training and guidance to internal teams on security and compliance best practices
• Participate in the development of Openai's overall security strategy, ensuring compliance with US government requirements

What We Are Looking For

• Proven experience in obtaining and maintaining a FedRAMP ATO and agency-specific ATOs in highly restricted environments
• A deep understanding of US government security frameworks and policies, including NIST and FedRAMP
• Ability to communicate technical concepts to diverse audiences, including engineers and non-technical stakeholders
• Exceptional technical program management skills, with the ability to multitask and deliver large complex programs under pressure
• Active US security clearance
• 5+ years of compliance experience in positions involving information security, data security, or infrastructure or network security
• Familiarity with deployment models, including to cloud platforms (Azure, AWS) and the underlying infrastructure primitives (Kubernetes, Terraform)
• Strong familiarity with core security concepts and technologies, such as authentication, encryption, vulnerability management, and audit logging

Nice to Have

• Experience working with AI and machine learning technologies
• Familiarity with agile development methodologies and DevOps practices
• Certification in a relevant field, such as CISSP or CISM

Benefits and Perks

• Competitive salary and benefits package
• Opportunity to work with a cutting-edge AI company
• Collaborative and dynamic work environment
• Professional development opportunities, including training and education programs
• Flexible work arrangements, including remote work options
• Access to the latest technologies and tools
• Recognition and reward programs for outstanding performance

• Be prepared to provide specific examples of your experience with FedRAMP and NIST frameworks, and how you have applied them in previous roles
• Develop a strong understanding of Openai's products and services, and be able to articulate how your skills and experience align with the company's mission and goals
• Make sure your resume and online profiles are up-to-date, and highlight your relevant experience and certifications
• Practice your communication skills, as the ability to explain technical concepts to non-technical stakeholders is crucial in this role
• Research the current state of US government security policies and procedures, and be prepared to discuss how you would ensure compliance with these requirements