RAMP Program Manager

About Us

Abacus Insights is transforming how data works for health plans. Our mission is simple: make healthcare data usable, so the people responsible for care and cost decisions can act faster, with confidence.  
We help health plans break down data silos to create a single, trusted data foundation. That foundation powers better decisions —so plans can improve outcomes, reduce waste, and deliver better experiences for members and providers alike.  

Backed by $100M from top investors, we’re tackling big challenges in an industry that’s ready for change.  Our platform enables GenAI use cases by delivering clean, connected, and reliable healthcare data that can support automation, prioritization, and decision workflows—and it’s why we are leading the way.

Our innovation begins with people. We are bold, curious, and collaborative—because the best ideas come from working together. Ready to make an impact? Join us and let's build the future together.

About the Role

We are seeking a Program Manager to lead the execution and delivery of our RAMP compliance programs, including GovRAMP, StateRAMP, and FedRAMP. This role is responsible for planning, coordinating, and driving all authorization and continuous monitoring activities across engineering, cloud operations, security, and IT teams.

This is not a policy‑authoring or analyst‑only role. Success in this position requires strong program management discipline, the ability to drive cross‑functional delivery, and hands‑on familiarity with RAMP authorization workflows.

This role ensures that our RAMP programs are delivered on time, with quality, and without last‑minute escalation. The Program Manager enables Security leadership to focus on strategy while ensuring execution stays disciplined and transparent.

Your day to day

Program Planning & Execution

• Own the end‑to‑end program plan for GovRAMP, StateRAMP, and/or FedRAMP initiatives
• Develop and maintain detailed schedules, milestones, dependency tracking, and risk registers
• Drive accountability across Security, Engineering, Cloud Ops, Product, and IT

RAMP Delivery Management

• Coordinate authorization activities across:
• Readiness assessments
• Gap remediation
• 3PAO / assessor engagement
• Authorization reviews
• Continuous monitoring operations
• Ensure adoption of NIST SP 800‑53 Rev. 5 control requirements as executable work items

Evidence & Artifact Coordination

• Manage the production, review, and lifecycle of core authorization artifacts, including:
• System Security Plan (SSP)
• Control narratives
• System boundary and data‑flow diagrams
• Inventories and tracking artifacts
• Ensure evidence ownership, refresh cadence, and quality standards are consistently met

Auditor / 3PAO & Stakeholder Coordination

• Serve as the program coordination point for assessors and 3PAOs
• Schedule and manage walkthroughs, evidence reviews, and interviews
• Partner with US‑based leadership during assessments, findings reviews, and status reporting

 POA&M & Issue Management

• Own the POA&M tracking and delivery process
• Work with engineering and operations teams to:
• Define remediation milestones
• Track progress
• Validate closure evidence
• Escalate risks early and propose mitigation plans

Continuous Monitoring Operations

• Operationalize monthly and quarterly continuous monitoring cadence
• Track vulnerability management, patching, access reviews, logging, and required attestations
• Ensure ongoing compliance stability post‑authorization

What you bring to the team

• 5+ years’ experience in program management, ideally supporting compliance, security, or regulatory initiatives
• Experience working with GovRAMP, StateRAMP, FedRAMP, or closely related frameworks (FedRAMP Moderate preferred)
• Strong understanding of NIST SP 800‑53 concepts (implementation knowledge required; deep policy writing not required)
• Demonstrated ability to manage cross‑functional global teams
• Experience coordinating audits, assessments, or external reviews
• Excellent written and verbal communication skills for US stakeholders
• Program planning and execution rigor
• Stakeholder management across time zones
• Clear escalation and decision framing
• Strong documentation and tracking discipline
• Delivery‑oriented mindset with attention to audit detail

What we would like to see, but not required

• Experience with HIPAA, HITRUST and SOC2 compliance
• Prior experience working with US auditors or 3PAOs
• SaaS, cloud, or data‑platform environment experience
• Familiarity with AWS and/or Azure environments (Gov or commercial)
• Experience using Jira, Confluence, and GRC platforms (Hyperproof, Archer, etc.)
• Previous experience supporting US public‑sector customers.

Compensation: Compensation for this role is based on experience, skills, and location, and includes base salary plus eligibility for performance bonuses and equity grants.

What you’ll get in return:

• Unlimited paid time off – recharge when you need it
• Work from anywhere – flexibility to fit your life
• Comprehensive health coverage – multiple plan options to choose from
• Equity for every employee – share in our success
• Growth-focused environment – your development matters here
• Home office setup allowance – one-time support to get you started
• Monthly cell phone allowance – stay connected with ease #LI-MS1 #LI-Remote

Our Commitment as an Equal Opportunity Employer

As a mission-led technology company helping to drive better healthcare outcomes, Abacus Insights believes that the best innovation and value we can bring to our customers comes from diverse ideas, thoughts, experiences, and perspectives. Therefore, we dedicate resources to building diverse teams and providing equal employment opportunities to all applicants. Abacus prohibits discrimination and harassment regarding race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

At the heart of who we are is a commitment to continuously and intentionally building an inclusive culture—one that empowers every team member across the globe to do their best work and bring their authentic selves. We carry that same commitment into our hiring process, aiming to create an interview experience where you feel comfortable and confident showcasing your strengths. If there’s anything we can do to support that—big or small—please let us know.