Program Manager, Public Sector Compliance

The Program Manager / Senior Analyst (Public Sector) is a senior-level individual contributor role responsible for the lifecycle management of our most sensitive US government authorizations. This role acts as a lead for high-stakes workstreams involving FedRAMP High, DoD IL5+, CJIS, and ITAR. Unlike the Analyst level, this role takes full ownership of complex federal assessments and leads the continuous monitoring strategy for our Atlas for Government product. This role is a key resource for interpreting NIST 800-53 controls and translating them into technical requirements for our engineering teams.

Responsibilities:

• Lead the end-to-end execution of federal assessments, coordinating with Third Party Assessment Organizations (3PAOs), agency sponsors, and the FedRAMP PMO
• Manage the federal continuous monitoring (ConMon) program, including the timely analysis and reporting of vulnerabilities and the maintenance of the POA&M
• Lead the annual update and technical review of core FedRAMP artifacts, including the System Security Plan (SSP), Contingency Plan (ISCP), and Incident Response Plan (IRP)
• Act as a technical advisor to Engineering and Operations teams to ensure cloud configurations (e.g., FIPS 140-2/140-3, boundary protection, and access control) meet federal and DoD IL5+ mandates
• Perform deep-dive gap analyses for new public sector requirements (such as CMMC or GovRAMP) and define the roadmap for technical remediation
• Directly support federal sales efforts by serving as a subject matter expert during customer security reviews and explaining our technical compliance posture to agency stakeholders
• Create and maintain high-impact Jira dashboards and presentations to provide leadership with visibility into public sector compliance health and project milestones

Requirements:

• 5+ years in GRC, Technical Writing, or IT Audit, with a heavy focus on US Public Sector frameworks (FedRAMP, DoD SRG, CJIS)
• Deep understanding of NIST 800-53 and NIST 800-171 controls and how they are implemented within cloud architectures (AWS, GCP, or Azure)
• Proven track record of managing federal audits from kickoff through to the issuance of an Authorization to Operate (ATO)
• Exceptional ability to explain complex security configurations to government auditors and internal technical teams
• Advanced proficiency in Jira and Confluence to track control performance data and manage large-scale federal documentation projects
• US Citizenship is required for this role.

Responsibilities & Expectations:

• You are expected to be the primary driver of public sector compliance initiatives
• You move beyond simple task tracking to understand the intent behind federal requirements, ensuring our technical implementation is both compliant and efficient
• You are expected to maintain the highest level of confidentiality and integrity due to the sensitivity of government data

Scope & Complexity:

• The scope is deeply technical and specialized for the US Federal, State, and Local Government markets
• You will navigate the complexity of mapping shared controls across multiple specialized frameworks, ensuring a single remediation effort satisfies FedRAMP, CJIS, and ITAR requirements simultaneously

Authority & Impact:

• This role has the authority to lead federal assessment project streams and represent MongoDB in technical reviews with 3PAOs and federal agencies
• Your work directly enables MongoDB to secure and maintain the authorizations required to serve the Department of Defense and civilian agencies, protecting a critical revenue stream

Expertise:

• You will be recognized as a subject matter expert in public sector cloud security requirements and their implementation in SaaS environments
• You bridge the gap between high-level policy and technical engineering, becoming the go-to resource for how MongoDB Atlas for Government meets the most stringent federal mandates

Leadership:

• Leadership in this role is demonstrated through technical ownership and mentorship. You will lead cross-functional project teams through intense authorization cycles and mentor junior analysts on the nuances of NIST 800-53 and federal audit methodology

About MongoDB