Skip to main content
Back to jobs

Director, FedRAMP Program

External
Freshworks logoFreshworks · San Mateo, CA
Full-timeOn-site3d ago
Cloud SecurityComplianceDevSecOpsDocumentationEncryptionIncident Response
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • FedRAMP Program Leadership
  • Own and lead the company's FedRAMP program from readiness (FW has completed RADD for Moderate) through ATO and continuous monitoring.
  • Develop the overall FedRAMP ATO strategy, roadmap, execution plan, work breakdown structure, milestone plan, and executive reporting model.
  • Lead the company through FedRAMP Moderate authorization, with a path to FedRAMP High for future ATO.
  • Define and manage the FedRAMP authorization boundary for the cloud service offering.
  • Partner with Security, Engineering, Product, IT, Legal, Privacy, Compliance, and GTM teams to align FedRAMP requirements with business and customer needs.
  • Translate FedRAMP requirements into clear workstreams, owners, deliverables, deadlines, and measurable outcomes.
  • Maintain executive-level visibility into program status, risks, decisions, blockers, and funding needs.
  • Authorization Package Ownership
  • Ensure documentation accurately reflects the real operating environment, not aspirational controls.
  • Build a durable evidence repository and repeatable evidence collection process.
  • Establish documentation quality standards to reduce rework during 3PAO and agency review.
  • 3PAO, Advisor, and Agency Coordination
  • Serve as the primary internal program owner for external FedRAMP partners, including advisors, consultants, 3PAOs, and agency stakeholders.
  • Coordinate readiness assessments, gap assessments, formal assessments, evidence requests, control interviews, penetration testing, and remediation validation.
  • Manage 3PAO engagement timelines, dependencies, artifacts, and issue resolution.
  • Support agency sponsor conversations and help prepare materials needed for agency authorization review.
  • Ensure the SAR findings are translated into clear remediation plans and risk decisions.
  • POA&M and Risk Management
  • Own the POA&M process for FedRAMP-related findings, vulnerabilities, control gaps, and residual risks.
  • Drive timely remediation of POA&M items across Engineering, Cloud Infrastructure, Cybersecurity, IT, and Product teams.
  • Establish clear ownership, due dates, severity, risk rationale, evidence requirements, and closure criteria for each POA&M item.
  • Escalate overdue or high-risk items to appropriate leadership forums.
  • Partner with business and technical owners to determine when remediation, mitigation, compensating controls, or formal risk acceptance is appropriate.
  • Maintain a clear view of residual risk for executives and authorizing stakeholders.
  • Control Implementation and Engineering Alignment
  • Partner with Engineering, Cloud Infrastructure, and Cybersecurity teams to implement FedRAMP-required security controls in a SaaS cloud environment.
  • Help engineering teams understand not just what is required, but why it matters and how to implement it sustainably.
  • Identify control implementation gaps early and drive resolution before they become audit blockers.
  • Continuous Monitoring and Post-ATO Operations
  • Assist in building and operating the FedRAMP

Additional Information

We are seeking an experienced Director, FedRAMP Program, to lead our federal compliance and authorization program for our SaaS cloud service offerings. This role reports directly to the Chief Information Security Officer and owns the end-to-end FedRAMP journey, from readiness and authorization planning through 3PAO assessment, agency sponsor coordination, Authorization to Operate (ATO), and post-authorization continuous monitoring. The ideal candidate has personally led or played a senior leadership role in bringing a SaaS company through FedRAMP Moderate authorization, with FedRAMP High experience strongly preferred. This is a cross-functional leadership role requiring deep knowledge of FedRAMP, NIST SP 800-53, cloud security, SaaS engineering operations, SSDLC, DevSecOps, audit readiness, executive communication, risk management, and federal customer expectations. This role will serve as the primary program leader connecting Security, Engineering, Product, IT, Legal, GRC, Sales, Customer Success, external advisors, 3PAOs, and federal agency stakeholders. Success requires more than managing checklists. This person must be able to drive real control implementation, unblock engineering dependencies, manage risk tradeoffs, and keep executives aligned on timeline, scope, cost, and residual risk.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Freshworks? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect