GRC Technical Program Manager

Company Overview

ID.me is the next‑generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations.

More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800‑63‑3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity.

To learn more, visit https://network.id.me/.

Role Overview

ID.me is seeking a Technical Program Manager – Security Assurance to serve as the operational backbone of our external compliance programs. You will co‑own the end‑to‑end lifecycle of controls, policies, and program‑specific documentation for FedRAMP, ISO 27001, and SOC 2, with additional contributions to Kantara accreditation.

You will drive cross‑functional alignment independently, owning outcomes rather than tasks. A unique requirement of this role is high proficiency with AI tools; our team utilizes purpose‑built AI agents for evidence validation, control evaluation, and finding management. Fluency in AI‑assisted workflows is essential.

This role is based out of our Mountain View, CA or McLean, VA offices and requires full‑time in‑office attendance.

Core Responsibilities

• 3+ years of experience operating security or compliance programs aligned to FedRAMP or NIST 800‑53.
• 2+ years leading internal or external audits end‑to‑end, either as audit manager, program owner, or auditor.
• Experience managing control lifecycles, POA&M remediation, and continuous monitoring in a cloud‑native environment (AWS or GCP).
• Hands‑on experience with a GRC platform (LogicGate preferred) for control tracking, evidence management, and findings remediation.
• Demonstrated professional use of AI tools to support drafting, analysis, evaluation, or workflow automation within compliance or technical programs.

Preferred Qualifications

• Experience managing FedRAMP Continuous Monitoring and Significant Change Requests.
• Familiarity with NIST SP 800‑63, digital identity systems, or Kantara accreditation.
• Certifications such as CISSP, CISA, CCSK, or ISO 27001 Lead Auditor.
• Experience in SaaS, FinTech, GovCloud, or other regulated technology environments.

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.

ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

ID.me participates in E-Verify.