Director, FedRAMP Program

Company DescriptionOrganizations everywhere struggle under the crushing costs and complexities of “solutions” that promise to simplify their lives. To create a better experience for their customers and employees. To help them grow. Software is a choice that can make or break a business. Create better or worse experiences. Propel or throttle growth. Business software has become a blocker instead of ways to get work done.There’s another option. Freshworks. With a fresh vision for how the world works.Freshworks Inc. builds uncomplicated service software that delivers exceptional employee and customer experiences. Our people-first approach to AI eliminates friction, helping businesses reduce complexity, lower cost-to-serve, and deliver faster, more human support through enterprise-grade yet easy-to-use CX and IT solutions. Nearly 75,000 companies, including Bridgestone, New Balance, Nucor, S&P Global, and Sony Music, trust Freshworks to power their Employee Experience (EX) and Customer Experience (CX) operations.Fresh vision. Real impact. Come build it with us.Job DescriptionWe are seeking an experienced Director, FedRAMP Program, to lead our federal compliance and authorization program for our SaaS cloud service offerings. This role reports directly to the Chief Information Security Officer and owns the end-to-end FedRAMP journey, from readiness and authorization planning through 3PAO assessment, agency sponsor coordination, Authorization to Operate (ATO), and post-authorization continuous monitoring.The ideal candidate has personally led or played a senior leadership role in bringing a SaaS company through FedRAMP Moderate authorization, with FedRAMP High experience strongly preferred. This is a cross-functional leadership role requiring deep knowledge of FedRAMP, NIST SP 800-53, cloud security, SaaS engineering operations, SSDLC, DevSecOps, audit readiness, executive communication, risk management, and federal customer expectations.This role will serve as the primary program leader connecting Security, Engineering, Product, IT, Legal, GRC, Sales, Customer Success, external advisors, 3PAOs, and federal agency stakeholders. Success requires more than managing checklists. This person must be able to drive real control implementation, unblock engineering dependencies, manage risk tradeoffs, and keep executives aligned on timeline, scope, cost, and residual risk.Key Responsibilities:FedRAMP Program LeadershipOwn and lead the company’s FedRAMP program from readiness (FW has completed RADD for Moderate) through ATO and continuous monitoring.Develop the overall FedRAMP ATO strategy, roadmap, execution plan, work breakdown structure, milestone plan, and executive reporting model.Lead the company through FedRAMP Moderate authorization, with a path to FedRAMP High for future ATO.Define and manage the FedRAMP authorization boundary for the cloud service offering.Partner with Security, Engineering, Product, IT, Legal, Privacy, Compliance, and GTM teams to align FedRAMP requirements with business and customer needs.Translate FedRAMP requirements into clear workstreams, owners, deliverables, deadlines, and measurable outcomes.Maintain executive-level visibility into program status, risks, decisions, blockers, and funding needs.Authorization Package OwnershipOwn the development, maintenance, and quality of the FedRAMP authorization package, including the SSP, SAP, SAR, POA&M, control implementation narratives, policies, standards, procedures, control inheritance documentation, architecture diagrams, data flow diagrams, boundary documentation, and supporting operational evidence.Ensure documentation accurately reflects the real operating environment, not aspirational controls.Build a durable evidence repository and repeatable evidence collection process.Establish documentation quality standards to reduce rework during 3PAO and agency review.3PAO, Advisor, and Agency CoordinationServe as the primary internal program owner for external FedRAMP partners, including advisors, consultants, 3PAOs, and agency stakeholders.Coordinate readiness assessments, gap assessments, formal assessments, evidence requests, control interviews, penetration testing, and remediation validation.Manage 3PAO engagement timelines, dependencies, artifacts, and issue resolution.Support agency sponsor conversations and help prepare materials needed for agency authorization review.Ensure the SAR findings are translated into clear remediation plans and risk decisions.POA&M and Risk ManagementOwn the POA&M process for FedRAMP-related findings, vulnerabilities, control gaps, and residual risks.Drive timely remediation of POA&M items across Engineering, Cloud Infrastructure, Cybersecurity, IT, and Product teams.Establish clear ownership, due dates, severity, risk rationale, evidence requirements, and closure criteria for each POA&M item.Escalate overdue or high-risk items to appropriate leadership forums.Partner with business and technical owners to determine when remediation, mitigation, compensating controls, or formal risk acceptance is appropriate.Maintain a clear view of residual risk for executives and authorizing stakeholders.Control Implementation and Engineering AlignmentPartner with Engineering, Cloud Infrastructure, and Cybersecurity teams to implement FedRAMP-required security controls in a SaaS cloud environment.Drive control maturity across identity and access management, privileged access management, vulnerability management, secure configuration management, logging, monitoring, alerting, incident response, encryption, key management, change management, backup and recovery, contingency planning, asset inventory, boundary protection, software supply chain security, and secure SDLC.Help engineering teams understand not just what is required, but why it matters and how to implement it sustainably.Identify control implementation gaps early and drive resolution before they become audit blockers.Continuous Monitoring and Post-ATO OperationsAssist in building and operating the FedRAMP continuous monitoring program after authorization.Own recurring ConMon deliverables, evidence collection, vulnerability reporting, POA&M updates, significant change analysis, incident reporting coordination, and ongoing agency reporting.Partner with Security Operations, Cybersecurity, Engineering, and Compliance to maintain authorization posture.Establish operational processes to prevent control drift after ATO.Track changes to FedRAMP guidance, NIST requirements, agency expectations, and federal cybersecurity directives.Prepare the organization for annual assessments and ongoing authorization maintenance.Keep abreast of FedRAMP program changes, like 20XX, and how they might impact our FedRAMP program. Executive and Cross-Functional CommunicationProvide clear, concise program updates to executives, steering committees, and board-level stakeholders.Communicate program health, milestone status, material risks, funding needs, staffing constraints, and decision points.Create executive-ready reporting that connects FedRAMP work to customer trust, federal revenue opportunities, risk reduction, and operational maturity.Facilitate cross-functional decision-making when security requirements conflict with product timelines, engineering capacity, or customer commitments.Serve as the internal FedRAMP translator: able to explain complex requirements in business, technical, and executive terms.Federal GTM and Customer SupportPartner with Sales, Legal, Customer Success, and Cybersecurity GTM teams to support federal customer conversations.Help develop accurate FedRAMP-related customer messaging, RFP responses, trust center content, and security collateral.Ensure external claims about FedRAMP status, roadmap, and control maturity are accurate and legally defensible.Support customer security reviews and federal procurement diligence related to FedRAMP.Qualifications10+ years of experience in cybersecurity, compliance, GRC, cloud security, audit, risk management, or security program leadership.Direct experience leading or materially contributing to a FedRAMP Moderate ATO for a SaaS or cloud service provider.Strong working knowledge of the FedRAMP authorization lifecycle, NIST SP 800-53, FedRAMP Rev. 5 requirements, SSP, SAP, SAR, POA&M, continuous monitoring, the 3PAO assessment process, and agency authorization processes.Demonstrated ability to manage complex, cross-functional security programs involving Engineering, Product, Cloud Infrastructure, Cybersecurity, Legal, GRC, and executive stakeholders.Experience building and maintaining audit evidence repositories and compliance operating models.Strong knowledge of SaaS/cloud architecture, preferably AWS, Azure, or multi-cloud environments.Strong understanding of technical security domains, including IAM, vulnerability management, logging/monitoring, encryption, incident response, secure SDLC, change management, and cloud infrastructure security.Proven ability to drive remediation across teams that do not directly report to you.Excellent written and verbal communication skills.Ability to communicate clearly with both technical teams and executive stakeholders.Strong project/program management discipline, including milestone planning, dependency tracking, risk management, and executive reporting.Preferred QualificationsExperience leading or supporting FedRAMP High authorization.Experience with both agency authorization and legacy JAB-style authorization expectations.Experience working directly with FedRAMP advisors, 3PAOs, agency sponsors, and federal customer security teams.Experience with SaaS products serving enterprise and/or public sector customers.Experience with AWS GovCloud, Azure Government, or other government cloud environments.Experience with adjacent and additive frameworks such as CMMC, ITAR, SOC 2, ISO 27001, ISO 42001, HIPAA, PCI DSS, StateRAMP, IRAP, or ISMAP.Experience supporting federal go-to-market, RFP responses, security questionnaires, and customer trust programs.Certifications such as CISSP, CISM, CISA, CRISC, PMP, CCSP, or equivalent experience.Experience in standing up a new FedRAMP program from scratch.Additional InformationThe annual base salary range for this position is $205,000 - $255,000. This role is also eligible for a target bonus.Compensation is based on a variety of factors, including but not limited to location, experience, job-related skills, and level. Freshworks offers multiple options for dental, medical, vision, disability, and life insurance. Equity + ESPP, flexible PTO, flexible spending, commuter benefits, and wellness benefits are also offered. Freshworks also offers adoption and parental leave benefits. At Freshworks, we have fostered an environment that enables everyone to find their true potential, purpose, and passion, welcoming colleagues of all backgrounds, genders, sexual orientations, religions, and ethnicities. We are committed to providing equal opportunity and believe that diversity in the workplace creates a more vibrant, richer environment that boosts the goals of our employees, communities, and business. Fresh vision. Real impact. Come build it with us. Compensation: USD 205000 - USD 255000 - yearly