RAMP Program Manager at Abacusinsights

About Us Abacus Insights is transforming how data works for health plans. Our mission is simple: make healthcare data usable, so the people responsible for care and cost decisions can act faster, with confidence. We help health plans break down data silos to create a single, trusted data foundation. That foundation powers better decisions —so plans can improve outcomes, reduce waste, and deliver better experiences for members and providers alike. Backed by $100M from top investors, we’re tackling big challenges in an industry that’s ready for change. Our platform enables GenAI use cases by delivering clean, connected, and reliable healthcare data that can support automation, prioritization, and decision workflows—and it’s why we are leading the way. Our innovation begins with people. We are bold, curious, and collaborative—because the best ideas come from working together. Ready to make an impact? Join us and let's build the future together. About the Role We are seeking a Program Manager to lead the execution and delivery of our RAMP compliance programs, including GovRAMP, StateRAMP, and FedRAMP. This role is responsible for planning, coordinating, and driving all authorization and continuous monitoring activities across engineering, cloud operations, security, and IT teams. This is not a policy‑authoring or analyst‑only role. Success in this position requires strong program management discipline, the ability to drive cross‑functional delivery, and hands‑on familiarity with RAMP authorization workflows. This role ensures that our RAMP programs are delivered on time, with quality, and without last‑minute escalation. The Program Manager enables Security leadership to focus on strategy while ensuring execution stays disciplined and transparent. Your day to day Program Planning & Execution • Own the end‑to‑end program plan for GovRAMP, StateRAMP, and/or FedRAMP initiatives • Develop and maintain detailed schedules, milestones, dependency tracking, and risk registers • Drive accountability across Security, Engineering, Cloud Ops, Product, and IT RAMP Delivery Management • Coordinate authorization activities across: • Readiness assessments • Gap remediation • 3PAO / assessor engagement • Authorization reviews • Continuous monitoring operations • Ensure adoption of NIST SP 800‑53 Rev. 5 control requirements as executable work items Evidence & Artifact Coordination • Manage the production, review, and lifecycle of core authorization artifacts, including: • System Security Plan (SSP) • Control narratives • System boundary and data‑flow diagrams • Inventories and tracking artifacts • Ensure evidence ownership, refresh cadence, and quality standards are consistently met Auditor / 3PAO & Stakeholder Coordination • Serve as the program coordination point for assessors and 3PAOs • Schedule and manage walkthroughs, evidence reviews, and interviews • Partner with US‑based leadership during assessments, findings reviews, and status reporting POA&M & Issue Management • Own the POA&M tracking and delivery process • Work with engineering and operations teams to: • Define remediation milestones • Track progress • Validate closure evidence • Escalate risks early and propose mitigation plans Continuous Monitoring Operations • Operationalize monthly and quarterly continuous monitoring cadence • Track vulnerability management, patching, access reviews, logging, and required attestations • Ensure ongoing compliance stability post‑authorization What You Bring to the Team • 5+ years’ experience in program management, ideally supporting compliance, security, or regulatory initiatives • Experience working with GovRAMP, StateRAMP, FedRAMP, or closely related frameworks (FedRAMP Moderate preferred) • Strong understanding of NIST SP 800‑53 concepts (implementation knowledge required; deep policy writing not required) • Demonstrated ability to manage cross‑functional global teams • Experience coordinating audits, assessments, or external reviews • Excellent written and verbal communication skills for US stakeholders • Program planning and execution rigor • Stakeholder management across time zones • Clear escalation and decision framing • Strong documentation and tracking discipline • Delivery‑oriented mindset with attention to audit detail What we would like to see, but not required • Experience with HIPAA, HITRUST and SOC2 compliance • Prior experience working with US auditors or 3PAOs • SaaS, cloud, or data‑platform environment experience • Familiarity with AWS and/or Azure environments (Gov or commercial) • Experience using Jira, Confluence, and GRC platforms (Hyperproof, Archer, etc.) • Previous experience supporting US public‑sector customers. What you’ll get in return • Competitive Leave & Benefits • Comprehensive health coverage • Equity for every employee – share in our success • Growth-focused environment – your development matters here Work arrangements • Standard hours: 8 hours/day, 5 days/week • Location: Pune, Hybrid (3 days a week in office) • Shift: 1 PM - 10 PM IST Our Commitment as an Equal Opportunity Employer As a mission-led technology company helping to drive better healthcare outcomes, Abacus Insights believes that the best innovation and value we can bring to our customers comes from diverse ideas, thoughts, experiences, and perspectives. Therefore, we dedicate resources to building diverse teams and providing equal employment opportunities to all applicants. Abacus prohibits discrimination and harassment regarding race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. At the heart of who we are is a commitment to continuously and intentionally building an inclusive culture—one that empowers every team member across the globe to do their best work and bring their authentic selves. We carry that same commitment into our hiring process, aiming to create an interview experience where you feel comfortable and confident showcasing your strengths. If there’s anything we can do to support that—big or small—please let us know.