Senior Public Sector Compliance Manager

Menlo Security's mission is enabling the world to connect, communicate and collaborate securely without compromise. COVID-19 has made our mission all the more real. We support customers across various enterprises including Fortune 500 companies, 9/10 of the largest global banks and the Department of Defense.

The world has fundamentally changed. We are growing from 400 employees into the next phase of our journey, and we need passionate talent filled with empathy and agility. The right candidate for the job is ethical, hyper-organized, fanatical about seeing things through to completion, service-oriented, and humble enough to take feedback and coaching yet confident enough to provide feedback and coaching.

Menlo is well-funded for growth and our investors are second to none. They include Vista Equity Partners (“Vista”), General Catalyst, JPMC, American Express, HSBC, and Ericsson Ventures.

Description

We are seeking a detail-oriented FedRAMP Compliance Manager to support our organization's adherence to the Federal Risk and Authorization Management Program (FedRAMP) requirements. This role is critical to ensuring our cloud services maintain compliance with federal security standards and support continuous monitoring, authorization processes, and audits. The ideal candidate will have experience with NIST SP 800-53, FedRAMP documentation, and working with cloud service providers in a regulatory context.

Responsibilities

• Develop and govern a comprehensive compliance roadmap to maintain CMMC certification, mitigating risks across all internal and external systems.

• Drive strategic initiatives for high-priority federal projects, ensuring all systems and processes meet the rigorous requirements for DoD Impact Level 6 (IL6) authorization

• Serve as the Subject Matter Expert (SME) for FedRAMP High standards.

• Act as a key liaison to the Federal Sales Team, serving as a subject matter expert (SME) to ensure all business development activities align with federal regulatory standards and security compliance frameworks.

• Support the FedRAMP Moderate authorization and reauthorization processes, including development, review, and maintenance of system security documentation (SSP, POA&M, SAP, SAR, etc.).

• Map and analyze security controls against FedRAMP Moderate/High baselines and NIST SP 800-53 controls.

• Assist in implementing and monitoring security controls for FedRAMP-authorized systems.

• Coordinate with internal teams (engineering, operations, DevSecOps) to ensure security requirements are integrated into system design and operation.

• Maintain continuous monitoring documentation and support periodic assessments (e.g., annual assessments, penetration tests, vulnerability scans).

• Interface with Third Party Assessment Organizations (3PAOs), government customers, and internal stakeholders to support audits and assessments.

• Track and manage Plan of Action and Milestones (POA&M) items to closure.

• Manage the Administration, Training and Development of the FedRAMP platform and all associated monthly, quarterly, annual requirements as per the FedRAMP authorization process.

• Provide compliance reporting, metrics, and risk analysis to management.

• Stay up to date with changes in FedRAMP requirements, NIST guidance, and related compliance frameworks (e.g., FISMA, CMMC).

Required Qualifications

• U.S. Citizenship (required for working in GovCloud environments)

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).

• 2–3 years of experience in information security compliance or risk management, preferably in a FedRAMP or FISMA-regulated environment.

• Strong knowledge of NIST SP 800-53, FedRAMP Moderate/High baselines, and the FedRAMP authorization process.

• Experience with security documentation (SSP, POA&M, SAR, SAP, etc.) and governance tools.

• Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys) and interpreting security findings.

• Eligibility to obtain security clearance is required.

Preferred Qualifications:

• Experience working with or in a 3PAO or federal agency.

• FedRAMP or NIST security control implementation experience in AWS, Azure, or Google Cloud environments.

• Security certifications such as:

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Auditor (CISA)

• Certified Authorization Professional (CAP)

• CompTIA Security+ or equivalent

Soft Skills

• Strong analytical and problem-solving skills.

• Ability to work independently and manage multiple priorities in a fast-paced environment.

• Effective written and verbal communication abilities.

• Ability to collaborate across teams and explain technical issues to non-technical stakeholders.

• Self-motivated with the ability to manage multiple priorities.
  

Our Compensation and Benefits

At Menlo Security, Base Salary is one part of our competitive total compensation and benefits package and is determined using a salary range. The base salary range for this role is $165,000 - $275,000.

In accordance with NY, CO, CA, and WA law, the range provided is Menlo Security’s reasonable estimate of the base compensation for this role. The actual amount may be higher or lower, based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. All employees may be eligible to become Menlo Security shareholders through eligibility for stock-based compensation grants, which are awarded to employees based on company and individual performance.

Menlo Security does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of Menlo Security. 

Menlo Security is an equal opportunity employer. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

MSGL-I4

Why Menlo?

Our culture is collaborative, inclusive, and fun! We have five core values: Stay Aligned, Get It Done, Customer Empathy, Think Creatively and Help Each Other Out. We believe in open communication, supporting new ideas, and sharing a mutual mindset of what we’re aiming to achieve together. There are tremendous opportunities to take initiative, implement new ideas, and have a hand in building a legacy.

All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

TO ALL AGENCIES: Please, no phone calls or emails to any employee of Menlo Security outside of the Talent organization. Menlo Security’s policy is to only accept resumes from agencies via Ashby (ATS). Agencies must have a valid services agreement executed and must have been assigned by the Talent team to a specific requisition. Any resume submitted outside of this process will be deemed the sole property of Menlo Security. In the event a candidate submitted outside of this policy is hired, no fee or payment will be paid.