Security Program Manager, AI Assurance
Job Description
About Ramp
Ramp is building the smart infrastructure for finance teams, embedded in the transaction flow of every dollar a business spends. We automate how over $100B in annualized spend flows in and out of 50,000+ companies: authorizing payments, flagging risk, categorizing spend, and closing books.
The problems are high-stakes, data-dense, and unforgiving.
We hire people with high agency and high urgency. We look for slope over intercept. We care less about where you trained and more about what you’ve built. At Ramp, everyone is a builder who owns problems end to end and makes consequential decisions that shape the outcome.
The median Ramp customer saves 5% and grows revenue 16% in their first year – far in excess of businesses operating without Ramp. We believe every ambitious company deserves the same.
If you want to build systems that directly shape how companies move and manage billions, Ramp is the place to do it.
About the Role
This business-enabling role will have a direct impact on scaling and strengthening Ramp’s security and compliance programs. You will drive initiatives across security compliance, governance, risk management, and assurance to enhance our security posture, support customer, partner, and regulatory due diligence, and advance scalable, business-aligned security practices. You will also help thoughtfully integrate emerging areas such as AI assurance into our broader GRC strategy to enable responsible innovation and sustained growth.
What You’ll Do
Lead and support security and compliance programs to achieve and maintain key certifications and attestations (e.g., SOC 2, ISO 27001, PCI-DSS, SOX, ISO 42001, AIUC-1), while building scalable processes to support future framework expansion and geographic growth.
Partner cross-functionally with Product, Engineering, IT, Finance, Legal, People, and Go-to-Market teams to translate regulatory, customer, and emerging requirements (including AI governance considerations) into practical, actionable controls.
Support the design, implementation, and monitoring of IT General Controls (ITGCs), automated controls, and financial system governance processes, including access management, change management, and configuration oversight.
Support and lead audit and assurance activities, including planning and coordination with external auditors and independent assessors, conducting control walkthroughs, managing evidence collection, and maintaining audit-ready documentation.
Strengthen customer assurance programs by evaluating vendor security practices, responding to customer due diligence requests, and identifying opportunities for automation and continuous monitoring within GRC workflows.
Build scalable audit management processes and documentation systems that will support future expansion to additional geographies and compliance frameworks
What You Need
5+ years of experience in security, risk, audit, or compliance roles within cloud-based or highly regulated environments (e.g., SaaS, financial services).
Working knowledge and experience supporting security certifications and regulatory audits (e.g., SOC 2, ISO 27001, PCI-DSS, SOX), including control documentation, testing, evidence collection, and auditor coordination.
Experience contributing to risk management and/or third-party risk programs, including performing risk assessments, maintaining risk documentation, or evaluating vendor security controls.
Strong written and verbal communication skills, and demonstrated ability to collaborate across technical and non-technical teams and clearly explain security and compliance requirements, including emerging areas such as AI governance.
Experience managing time-bound workstreams in fast-paced environments, and serve as a subject matter expert on evolving compliance and emerging risk areas, including AI governance considerations.
Nice-to-Haves
Experience in AI/ML-driven environments, with an understanding of security and risk considerations related to model development, training data, and deployment pipelines.
Background in high-growth technology companies where compliance programs needed to scale quickly to support new products, markets, or regulatory requirements.
Exposure to automation in security and compliance processes, including implementing or supporting programmatic control enforcement (“compliance as code”).
Relevant professional certifications such as CISA, CRISC, CISM, CISSP
Benefits (for U.S.-based full-time employees)
100% medical, dental & vision insurance coverage for you
Partially covered for your dependents
One Medical annual membership
401k (including employer match on contributions made while employed by Ramp)
Flexible PTO
Fertility HRA (up to $10,000 per year)
Parental Leave
Unlimited AI token usage
Pet insurance
Centralized home-office equipment ordering for all employees
Health and Wellness stipend
In-office perks: lunch, snacks, drinks, and more
Budget for intra-office travel
Relocation support to NYC or SF (as needed)
Referral Instructions
If you are being referred for the role, please contact that person to apply on your behalf.
Other notices
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Beware of recruiting scams: Ramp will only contact you through official @Ramp.com email addresses and will never ask for payment or sensitive personal information during the hiring process.