What are the responsibilities and job description for the GRC Program Manager (Fedramp Focus) position at Port.io?
At Port, we are pioneering a new dimension of the Developer Experience. Our innovative platform for Internal Developer Portals has been designed with the ultimate aim of enhancing developer satisfaction, increasing productivity, and ensuring the highest standards of engineering output.
Port brings everything a developer needs together, encapsulated within a single user-friendly interface. From comprehending the software development lifecycle, executing tasks, to adhering to the organization's development standards, Port ensures that every aspect of software development is within easy reach for every developer.
As a team, we personify the values that underpin our product: openness, transparency, resourcefulness, community orientation, and kindness. We are on the lookout for like-minded individuals who share our ethos to join us on our exciting journey of revolutionizing the platform engineering sector. By joining Port, you'll be a part of a team that's changing how developers collaborate, enabling them to work faster, smarter, and more efficiently. Join us, and be a part of this transformation.
Why we're looking for you 😎
We're looking for a GRC Program Manager to drive Port's FedRAMP authorization and oversee our broader compliance portfolio. You'll be the program's operational backbone - coordinating 3PAO assessments, managing documentation, and ensuring readiness across teams.
FedRAMP authorization is a strategic milestone for Port as we expand into enterprise and federal markets. This is a high-visibility initiative with executive sponsorship, requiring precise coordination across engineering, security, and product. We need a program manager who thrives in complex, cross-functional environments and can translate regulatory frameworks into clear execution plans while managing timelines, budgets, and stakeholder expectations.
Who You'll Work With 👯♀️
You'll report to the CIO and work closely with the Security team (and CISO when hired), Engineering, DevOps, IT, and Product teams. You'll manage relationships with external partners including the 3PAO, FedRAMP consultants, and government agency sponsors. You'll also collaborate with Legal and Finance on contracts, budgets, and compliance obligations.
What You'll Do 💼
What We're Looking For 📝
Port brings everything a developer needs together, encapsulated within a single user-friendly interface. From comprehending the software development lifecycle, executing tasks, to adhering to the organization's development standards, Port ensures that every aspect of software development is within easy reach for every developer.
As a team, we personify the values that underpin our product: openness, transparency, resourcefulness, community orientation, and kindness. We are on the lookout for like-minded individuals who share our ethos to join us on our exciting journey of revolutionizing the platform engineering sector. By joining Port, you'll be a part of a team that's changing how developers collaborate, enabling them to work faster, smarter, and more efficiently. Join us, and be a part of this transformation.
Why we're looking for you 😎
We're looking for a GRC Program Manager to drive Port's FedRAMP authorization and oversee our broader compliance portfolio. You'll be the program's operational backbone - coordinating 3PAO assessments, managing documentation, and ensuring readiness across teams.
FedRAMP authorization is a strategic milestone for Port as we expand into enterprise and federal markets. This is a high-visibility initiative with executive sponsorship, requiring precise coordination across engineering, security, and product. We need a program manager who thrives in complex, cross-functional environments and can translate regulatory frameworks into clear execution plans while managing timelines, budgets, and stakeholder expectations.
Who You'll Work With 👯♀️
You'll report to the CIO and work closely with the Security team (and CISO when hired), Engineering, DevOps, IT, and Product teams. You'll manage relationships with external partners including the 3PAO, FedRAMP consultants, and government agency sponsors. You'll also collaborate with Legal and Finance on contracts, budgets, and compliance obligations.
What You'll Do 💼
- Lead the FedRAMP project from kickoff through ATO: schedule, documentation, 3PAO engagement, and agency coordination.
- Own the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all readiness deliverables.
- Manage the 3PAO relationship, coordinate assessments, and drive remediation efforts.
- Build and maintain the compliance evidence repository and continuous monitoring program.
- Manage cross-team milestones, track control implementation progress, and identify blockers.
- Develop repeatable processes and frameworks to sustain compliance post-authorization.
- Partner with Engineering, Security, IT, and Product to translate NIST 800-53 controls into technical implementations.
- Lead internal readiness assessments and gap analyses.
What We're Looking For 📝
- 5 years of experience managing compliance or GRC programs in SaaS or regulated environments.
- Proven track record running complex audits or certification programs (FedRAMP, SOC 2, ISO, etc.).
- Deep understanding of control frameworks (NIST 800-53, ISO 27001) and how they translate to technical implementations.
- Exceptional project management and communication skills - ability to manage timelines, budgets, and complex dependencies.
- Experience managing vendor relationships, including 3PAOs, consultants, and compliance tooling providers.
- Strong stakeholder management skills - comfortable managing multiple workstreams and influencing across technical and non-technical teams.
- Detail-oriented with strong documentation and organizational skills.
- Direct FedRAMP experience (managing an authorization from start to ATO).
- Experience working with government agency sponsors and understanding FedRAMP agency workflows.
- Hands-on experience with GRC automation platforms (Drata, Tugboat Logic, Vanta, OneTrust).
- Background in technical security controls, cloud infrastructure, or DevSecOps.
- CISSP, CISM, PMP, or FedRAMP-related certifications.
- Experience with continuous monitoring and ongoing compliance management.