Program Manager

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team.

Job Title: Program Manager

Location(s): Pittsburgh, PA, Lake Mary, FL, or New York , NY / Remote is an option

Role Overview
Seeking a seasoned Program Manager to lead the creation, authorization, and continuous governance of a FedRAMP-compliant Azure Government tenant supporting government payment transaction services.

This role owns the end-to-end FedRAMP program, including system boundary definition, documentation, ATO readiness, and continuous monitoring, ensuring sustained compliance at the FedRAMP High baseline.

The ideal candidate combines strong compliance leadership with deep cloud security expertise and has a proven track record delivering systems subject to federal regulatory requirements.

Key Responsibilities

• Own and drive the multi-year FedRAMP roadmap for an Azure Government tenant; define milestones, risks, dependencies, and decision gates.
• Establish governance forums across engineering, cloud platform, information security, risk/compliance, legal, payment operations, and 3PAOs.
• Define and track program KPIs/OKRs including POA&M closure velocity, control coverage, vulnerability SLAs, continuous monitoring completeness, and audit readiness.
• Enforce disciplined change control, evidence management, and control attestation workflows aligned with FedRAMP requirements.
• Manage external partners and 3PAO engagements including readiness assessments, formal audits, and remediation cycles.

• Lead authoring and maintenance of FedRAMP artifacts including SSP, SAP, SAR, POA&M, policies, standards, procedures, boundary diagrams, and data flows aligned to Azure Government/GCC High.
• Define and maintain the system boundary and data categorization for payment transaction systems in alignment with FedRAMP High.
• Coordinate implementation of controls across all NIST SP 800-53 control families.
• Conduct gap assessments against FedRAMP High baseline and drive remediation with clear traceability from control requirements to technical and procedural evidence.

• Establish and operate Continuous Monitoring (ConMon) aligned to FedRAMP High requirements, including vulnerability scanning, patch management, configuration baseline monitoring, and control effectiveness validation.
• Own the POA&M lifecycle: intake, risk prioritization, remediation tracking, validation, and reporting.
• Develop dashboards for real-time visibility into control posture, exceptions, residual risk, and operational health.
• Ensure SSP and supporting documentation remain current with all material changes to system boundary, architecture, and controls.
• Coordinate with SOC teams on incident response and serve as the primary interface with stakeholders throughout the incident lifecycle.

• Act as the primary point of contact for internal audits, 3PAO assessments, and authorizing officials.
• Lead audit readiness activities including evidence collection, walkthroughs, control demonstrations, and remediation tracking.
• Enable engineering and operations teams through training and embedded processes to sustain ongoing compliance.

• Maintain a comprehensive program risk register covering control gaps, architectural changes, vendor dependencies, and operational risks.
• Escalate issues with quantified impact and drive mitigation through compensating controls or formal risk acceptance.

• 7+ years of program management experience in regulated cloud environments.
• 3+ years of direct ownership of FedRAMP programs, including ATO lifecycle and Continuous Monitoring.
• Hands-on experience authoring and maintaining SSP, POA&M, SAP, and SAR, with a proven record of achieving and maintaining ATO.
• Deep knowledge of NIST SP 800-53, FedRAMP Moderate/High baselines, Continuous Monitoring, and 3PAO processes.
• Strong experience with Azure Government or GCC High, including identity and access management, logging and monitoring, encryption, and policy enforcement.
• Demonstrated ability to lead cross-functional programs across security, engineering, compliance, legal, and operations teams.
• Strong written and verbal communication skills, including executive reporting and audit response.
• Bachelor's degree in Information Security, Computer Science, Information Systems, or related field (or equivalent experience).

• Experience supporting government payment transaction systems in regulated cloud environments.
• Hands-on experience with Azure security tools such as Defender for Cloud, Sentinel, Azure Policy, Key Vault, Private Link, and Purview.
• Experience working with federal agencies, sponsoring organizations, or authorizing officials
• Familiarity with IRS 1075 compliance requirements.
• Relevant certifications such as PMP, CISSP, CISM, CCSP, or Azure Security Engineer Associate.

• End-to-end ownership of complex, multi-workstream programs.
• Ability to translate regulatory requirements into implementable technical and process controls.
• Strong risk-based decision-making and prioritization.
• Influencing and stakeholder alignment across matrixed organizations.
• High standards for documentation quality and audit readiness.
• Continuous improvement mindset driven by measurable outcomes.

• Flexible work arrangements in line with company policies.
• Limited travel required for audits, assessments, and stakeholder engagements.

• POA&M closure: 30 days (High), 60 days (Moderate)
• Continuous Monitoring: 100% monthly reporting completeness.
• Configuration drift: 5% variance from baseline.
• Vulnerability remediation: meet or exceed FedRAMP SLAs by severity.
• Audit readiness: full evidence completeness and control effectiveness prior to 3PAO assessments.

Ampcus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.