Senior Security Assurance Controls Manager at ID.me

McLean, Virginia, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Cybersecurity, Identity Verification, Government TechnologyIndustries

Requirements

Bachelor's degree in Information Security, Computer Science, Engineering, Risk Management, or related field—or equivalent practical experience
7–10+ years of experience managing and operating security/compliance programs, including at least one of: FedRAMP, ISO 27001, or SOC 2

Responsibilities

Framework Ownership: Serve as the day-to-day owner for one or more frameworks (e.g., FedRAMP, ISO 27001, SOC 2), ensuring alignment between framework requirements and internal controls
Control Lifecycle Management: Collaborate with control owners to design, implement, document, and monitor controls. Define control objectives, implementation guidance, and assurance requirements
Audit & Assessment Readiness: Coordinate internal and external audits by developing audit plans, preparing walkthroughs, and managing evidence collection activities
Continuous Monitoring: Maintain a recurring schedule of control validations based on framework-specific frequency requirements (e.g., FedRAMP ConMon). Track control health and remediation actions
Gap Analysis & Risk Assessments: Lead gap analyses between new framework requirements and existing control coverage. Facilitate Security Impact Assessments (SIAs) to assess compliance implications of changes and identify risks
Compliance Documentation: Manage organizational policies. Ensure up-to-date, reviewer-approved documentation exists for policies, procedures, and implementation statements. Lead annual reviews and updates
Control Remediation & POA&M Management: Partner with control owners to define corrective actions, manage Plans of Action & Milestones (POA&Ms), and track resolution through closure. Propose and coordinate the design of controls to mitigate risks
Stakeholder Engagement: Act as a trusted partner to engineering, product, infrastructure, and customer-facing teams. Provide clear guidance on what controls are required, why, and how to satisfy them
Tooling & Metrics: Support the use of GRC and data pipelines to automate evidence collection, track control status, and generate metrics for reporting
Internal and External Reporting: Contribute to executive and board-level reporting, as well as external customer reporting such as through Continuous Monitoring reports

Skills

FedRAMP

ISO 27001

SOC 2

Security Controls

Compliance Frameworks

GRC

Continuous Monitoring

Internal Controls

Risk Management

Auditing

NIST 800-63-3

ID.me

Digital identity verification for secure access

About ID.me

ID.me provides a platform for digital identity verification, allowing individuals to prove and share their identity online. Users create a verified digital identity that can be used to access various services and discounts from partner companies. This process helps businesses ensure that only eligible individuals receive specific offers, which reduces fraud and enhances security. ID.me primarily serves military personnel, first responders, students, teachers, nurses, medical professionals, and government employees, making it particularly valuable in sectors like e-commerce, healthcare, government services, and education. Unlike its competitors, ID.me focuses on building trust between businesses and customers by offering a streamlined verification process that complies with regulatory requirements. The company's goal is to simplify identity verification while providing secure access to services and discounts.

McLean, VirginiaHeadquarters

2010Year Founded

$279.5MTotal Funding

SERIES_DCompany Stage

Government & Public Sector, Cybersecurity, HealthcareIndustries

1,001-5,000Employees