More jobs:
Director, FedRAMP Program
Job in
San Mateo, San Mateo County, California, 94401, USA
Listed on 2026-06-19
Listing for:
Freshworks
Full Time
position Listed on 2026-06-19
Job specializations:
-
IT/Tech
Cybersecurity
Job Description & How to Apply Below
Organizations everywhere struggle under the crushing costs and complexities of "solutions" that promise to simplify their lives. To create a better experience for their customers and employees. To help them grow. Software is a choice that can make or break a business. Create better or worse experiences. Propel or throttle growth. Business software has become a blocker instead of ways to get work done.
There's another option. Freshworks. With a fresh vision for how the world works.
Freshworks Inc. builds uncomplicated service software that delivers exceptional employee and customer experiences. Our people-first approach to AI eliminates friction, helping businesses reduce complexity, lower cost-to-serve, and deliver faster, more human support through enterprise-grade yet easy-to-use CX and IT solutions. Nearly 75,000 companies, including Bridgestone, New Balance, Nucor, S&P Global, and Sony Music, trust Freshworks to power their Employee Experience (EX) and Customer Experience (CX) operations.
Fresh vision. Real impact. Come build it with us.
Job Description
We are seeking an experienced Director, FedRAMP Program, to lead our federal compliance and authorization program for our SaaS cloud service offerings. This role reports directly to the Chief Information Security Officer and owns the end-to-end FedRAMP journey, from readiness and authorization planning through 3
PAO assessment, agency sponsor coordination, Authorization to Operate (ATO), and post-authorization continuous monitoring.
The ideal candidate has personally led or played a senior leadership role in bringing a SaaS company through FedRAMP Moderate authorization, with FedRAMP High experience strongly preferred. This is a cross-functional leadership role requiring deep knowledge of FedRAMP, NIST SP 800-53, cloud security, SaaS engineering operations, SSDLC, Dev Sec Ops , audit readiness, executive communication, risk management, and federal customer expectations.
This role will serve as the primary program leader connecting Security, Engineering, Product, IT, Legal, GRC, Sales, Customer Success, external advisors, 3
PAOs, and federal agency stakeholders. Success requires more than managing checklists. This person must be able to drive real control implementation, unblock engineering dependencies, manage risk tradeoffs, and keep executives aligned on timeline, scope, cost, and residual risk.
Key Responsibilities:
FedRAMP Program Leadership
* Own and lead the company's FedRAMP program from readiness (FW has completed RADD for Moderate) through ATO and continuous monitoring.
* Develop the overall FedRAMP ATO strategy, roadmap, execution plan, work breakdown structure, milestone plan, and executive reporting model.
* Lead the company through FedRAMP Moderate authorization, with a path to FedRAMP High for future ATO.
* Define and manage the FedRAMP authorization boundary for the cloud service offering.
* Partner with Security, Engineering, Product, IT, Legal, Privacy, Compliance, and GTM teams to align FedRAMP requirements with business and customer needs.
* Translate FedRAMP requirements into clear work streams, owners, deliverables, deadlines, and measurable outcomes.
* Maintain executive-level visibility into program status, risks, decisions, blockers, and funding needs.
Authorization Package Ownership
* Own the development, maintenance, and quality of the FedRAMP authorization package, including the SSP, SAP, SAR, POA&M, control implementation narratives, policies, standards, procedures, control inheritance documentation, architecture diagrams, data flow diagrams, boundary documentation, and supporting operational evidence.
* Ensure documentation accurately reflects the real operating environment, not aspirational controls.
* Build a durable evidence repository and repeatable evidence collection process.
* Establish documentation quality standards to reduce rework during 3
PAO and agency review.
3
PAO, Advisor, and Agency Coordination
* Serve as the primary internal program owner for external FedRAMP partners, including advisors, consultants, 3
PAOs, and agency stakeholders.
* Coordinate readiness assessments, gap assessments, formal assessments, evidence requests, control interviews, penetration testing, and remediation validation.
* Manage 3
PAO engagement timelines, dependencies, artifacts, and issue resolution.
* Support agency sponsor conversations and help prepare materials needed for agency authorization review.
* Ensure the SAR findings are translated into clear remediation plans and risk decisions.
POA&M and Risk Management
* Own the POA&M process for FedRAMP-related findings, vulnerabilities, control gaps, and residual risks.
* Drive timely remediation of POA&M items across Engineering, Cloud Infrastructure, Cybersecurity, IT, and Product teams.
* Establish clear ownership, due dates, severity, risk rationale, evidence requirements, and closure criteria for each POA&M item.
* Escalate overdue or high-risk items to appropriate leadership forums.
* Partner…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×