About the role

Security Program Manager enhancing compliance and security programs within cloud-based finance operations platform at Ramp. Driving initiatives across risk management, assurance and integrating AI governance.

Responsibilities

Lead and support security and compliance programs to achieve and maintain key certifications and attestations (e.g., SOC 2, ISO 27001, PCI-DSS, SOX, ISO 42001, AIUC-1), while building scalable processes to support future framework expansion and geographic growth.
Partner cross-functionally with Product, Engineering, IT, Finance, Legal, People, and Go-to-Market teams to translate regulatory, customer, and emerging requirements (including AI governance considerations) into practical, actionable controls.
Support the design, implementation, and monitoring of IT General Controls (ITGCs), automated controls, and financial system governance processes, including access management, change management, and configuration oversight.
Support and lead audit and assurance activities, including planning and coordination with external auditors and independent assessors, conducting control walkthroughs, managing evidence collection, and maintaining audit-ready documentation.
Strengthen customer assurance programs by evaluating vendor security practices, responding to customer due diligence requests, and identifying opportunities for automation and continuous monitoring within GRC workflows.
Build scalable audit management processes and documentation systems that will support future expansion to additional geographies and compliance frameworks

5+ years of experience in security, risk, audit, or compliance roles within cloud-based or highly regulated environments (e.g., SaaS, financial services).
Working knowledge and experience supporting security certifications and regulatory audits (e.g., SOC 2, ISO 27001, PCI-DSS, SOX), including control documentation, testing, evidence collection, and auditor coordination.
Experience contributing to risk management and/or third-party risk programs, including performing risk assessments, maintaining risk documentation, or evaluating vendor security controls.
Strong written and verbal communication skills, and demonstrated ability to collaborate across technical and non-technical teams and clearly explain security and compliance requirements, including emerging areas such as AI governance.
Experience managing time-bound workstreams in fast-paced environments, and serve as a subject matter expert on evolving compliance and emerging risk areas, including AI governance considerations.