- Location
- San Francisco
- Last Published
- Jul. 17, 2025
- Sector
- Security
- Function
- Legal
About Persona Persona is the configurable identity platform built for businesses in a digital-first world. Verifying individuals and organizations is harder — but more important — than ever, with AI enabling fraudsters to launch sophisticated accounts at scale and regulations evolving rapidly. We’ve built Persona to support practically every use case and industry — that’s why we’re able to serve a wide range of leading companies. For example, Coursera uses Persona to ensure the right person is earning each degree. Meanwhile, OpenAI relies on Persona to keep bad actors out, protecting one of the world’s most powerful AI platforms from large-scale abuse in a time when AI is reshaping the way we work and live. We believe that making the internet safer and more human requires a team that reflects the diverse, global nature of the people we aim to serve. We’re growing rapidly and looking for exceptional people to join us. About the role We are seeking a seasoned Federal Compliance Manager with deep expertise in FedRAMP (Federal Risk and Authorization Management Program) to join our team. In this role, you will lead our efforts to achieve and maintain FedRAMP authorization, ensuring that our organization remains compliant with all federal cybersecurity requirements. You will work cross-functionally with product, engineering, legal, and leadership teams to embed compliance practices into our technical and operational infrastructure.
What you'll do at Persona
- FedRAMP Strategy & Execution
- Lead the development, implementation, and continuous improvement of the company’s FedRAMP compliance program.
- Own the end-to-end process of obtaining and maintaining a FedRAMP Authority to Operate (ATO), including liaising with 3PAOs, the Joint Authorization Board (JAB), and agency sponsors.
- Coordinate internal and external audits, assessments, and penetration tests.
- Documentation & Policy Management
- Draft, maintain, and continuously refine required FedRAMP documentation, including the System Security Plan (SSP), POA&M, Incident Response Plan, and contingency plans.
- Ensure that documentation is consistent, thorough, and audit-ready.
- Cross-Functional Compliance Leadership
- Partner with engineering and DevOps teams to implement required security controls (e.g., logging, access controls, vulnerability management).
- Provide training and guidance to internal stakeholders on FedRAMP obligations and security best practices.
- Continuous Monitoring & Reporting
- Oversee the Continuous Monitoring (ConMon) process, including the submission of monthly, quarterly, and annual reports to government agencies.
- Track and respond to emerging federal compliance requirements, and adapt policies and practices accordingly.
- Risk & Incident Management
- Lead risk assessments and gap analyses to identify compliance deficiencies.
- Drive the incident response lifecycle in coordination with the security team to ensure timely and compliant resolution of security incidents.
What you'll bring to Persona
- Experience & Expertise
- 3+ years of experience in federal IT compliance, cybersecurity compliance, or related areas.
- 2+ years of hands-on experience specifically with FedRAMP and related NIST frameworks (e.g., NIST 800-53, 800-171).
- Successful experience leading a company through FedRAMP ATO or JAB certification is strongly preferred.
- Knowledge & Skills
- Deep knowledge of federal IT compliance and risk management concepts, including FISMA, CISA guidance, and cloud service provider security models.
- Familiarity with cloud platforms such as AWS, GCP, or Azure in a regulated context.
- Strong understanding of technical security controls, vulnerability management, access controls, and secure system design.
- Communication & Leadership
- Exceptional communication, organizational, and project management skills.
- Ability to translate complex compliance requirements into clear, actionable items for technical and non-technical audiences.
- Certifications (Preferred)
- CISSP, CISA, CISM, or Certified FedRAMP Practitioner.