GRC Technical Program Manager
ID.me
GRC Technical Program Manager
ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me's technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to "No Identity Left Behind" to enable all people to have a secure digital identity.
Role Overview
ID.me is seeking a Technical Program Manager – Security Assurance to serve as the operational backbone of our external compliance programs. You will co-own the end-to-end lifecycle of controls, policies, and program-specific documentation for FedRAMP, ISO 27001, and SOC 2, with additional contributions to Kantara accreditation.
You will drive cross-functional alignment independently, owning outcomes rather than tasks. A unique requirement of this role is high proficiency with AI tools; our team utilizes purpose-built AI agents for evidence validation, control evaluation, and finding management. Fluency in AI-assisted workflows is essential.
This role is based out of our Mountain View, CA or McLean, VA offices and requires full-time in-office attendance.
Core Responsibilities
- 3+ years of experience operating security or compliance programs aligned to FedRAMP or NIST 800-53.
- 2+ years leading internal or external audits end-to-end, either as audit manager, program owner, or auditor.
- Experience managing control lifecycles, POA&M remediation, and continuous monitoring in a cloud-native environment (AWS or GCP).
- Hands-on experience with a GRC platform (LogicGate preferred) for control tracking, evidence management, and findings remediation.
- Demonstrated professional use of AI tools to support drafting, analysis, evaluation, or workflow automation within compliance or technical programs.
Preferred Qualifications
- Experience managing FedRAMP Continuous Monitoring and Significant Change Requests.
- Familiarity with NIST SP 800-63, digital identity systems, or Kantara accreditation.
- Certifications such as CISSP, CISA, CCSK, or ISO 27001 Lead Auditor.
- Experience in SaaS, FinTech, GovCloud, or other regulated technology environments.