GRC Program Manager (FedRAMP & Compliance)

About Port

At Port.io, we are building an open and flexible Agentic Engineering Platform for modern engineering organizations. Following our recent $100M Series C funding round, we are in a phase of rapid hypergrowth with strong enterprise momentum.

We act as the central nervous system for engineering, enabling platform teams to unify their stack and expose it as a governed layer through golden paths for developers and AI agents.

By combining rich engineering context, workflows, and actions, we help organizations transition from manual processes to autonomous, AI-assisted engineering workflows while maintaining control and accountability.

As a product-led company, we believe in building world-class platforms that fundamentally shape how modern engineering organizations operate.

Why we're looking for you:

We're looking for a GRC Program Manager to drive Port's FedRAMP authorization and oversee our broader compliance portfolio. You'll be the program's operational backbone - coordinating 3PAO assessments, managing documentation, and ensuring readiness across teams.

FedRAMP authorization is a strategic milestone for Port as we expand into enterprise and federal markets. This is a high-visibility initiative with executive sponsorship, requiring precise coordination across engineering, security, and product. We need a program manager who thrives in complex, cross-functional environments and can translate regulatory frameworks into clear execution plans while managing timelines, budgets, and stakeholder expectations.

Who you'll work with:

You'll report to the CISO and work closely with the Security team, Engineering, DevOps, IT, and Product teams. You'll manage relationships with external partners, including the 3PAO, FedRAMP consultants, and government agency sponsors. You'll also collaborate with Legal and Finance on contracts, budgets, and compliance obligations.

In addition, you'll support the US sales process, compliance and regulatory inquiries, RFIs/RFPs, and other related business processes. 

What you'll do:

• Lead the FedRAMP project from kickoff through ATO: schedule, documentation, 3PAO engagement, and agency coordination.
• Own the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all readiness deliverables.
• Manage the 3PAO relationship, coordinate assessments, and drive remediation efforts.
• Build and maintain the compliance evidence repository and continuous monitoring program.
• Manage cross-team milestones, track control implementation progress, and identify blockers.
• Develop repeatable processes and frameworks to sustain compliance post-authorization.
• Partner with Engineering, Security, IT, and Product to translate NIST 800-53 controls into technical implementations.
• Lead internal readiness assessments and gap analysis. 
• Assist and support GRC initiatives, other compliance frameworks, team processes and systems. 

What we're looking for:

• Direct FedRAMP experience (managing an authorization from start to ATO) - Must have
• 5+ years of experience managing compliance or GRC programs in SaaS or regulated environments.
• Proven track record running complex audits or certification programs (FedRAMP, SOC 2, ISO, etc.).
• Deep understanding of control frameworks (NIST 800-53, ISO 27001) and how they translate to technical implementations.
• Exceptional project management and communication skills - ability to manage timelines, budgets, and complex dependencies.
• Experience managing vendor relationships, including 3PAOs, consultants, and compliance tooling providers.
• Strong stakeholder management skills - comfortable managing multiple workstreams and influencing across technical and non-technical teams.
• Detail-oriented with strong documentation and organizational skills.

Nice to have:

• Experience working with government agency sponsors and understanding FedRAMP agency workflows.
• Hands-on experience with GRC automation platforms (Drata, Tugboat Logic, Vanta, OneTrust).
• Risk Management. 
• Background in technical security controls, cloud infrastructure, or DevSecOps.
• CISSP, CISM, PMP, or FedRAMP-related certifications.
• Experience with continuous monitoring and ongoing compliance management.