Job Description

About Ramp

Ramp is a financial operations platform designed to save businesses time and money. Combining corporate cards with expense management, bill payments, vendor management, accounting automation, and more, Ramp's all-in-one solution frees finance teams to do the best work of their lives. More than 25,000 companies, from family-owned farms to e-commerce giants to space startups, have saved $1B and 10M hours with Ramp. Founded in 2019, Ramp powers the fastest-growing corporate card and bill payment platform in America, and enables over 35 billion dollars in purchases each year.

Ramp's investors include Sequoia, Founders Fund, Thrive Capital, Khosla Ventures, Greylock, Stripe, Goldman Sachs, Coatue, and Redpoint, as well as over 100 angel investors who were founders or executives of leading companies. The Ramp team comprises talented leaders from leading financial services and fintech companies—Stripe, Affirm, Goldman Sachs, American Express, Mastercard, Visa, Capital One—as well as technology companies such as Meta, Uber, Netflix, Twitter, Dropbox, and Instacart.

Ramp has been named to Fast Company's Most Innovative Companies list and LinkedIn's Top U.S. Startups for over 3 years, as well as the Forbes Cloud 100 , CNBC Disruptor 50 , and TIME Magazine's 100 Most Influential Companies .

About the Role

This business-enabling role, you will have a direct impact on scaling and strengthening Ramp’s security and compliance practices. You will drive initiatives across security compliance, third-party risk management, and assurance, with a focus on enhancing our security posture, supporting due diligence efforts, and advancing overall risk management strategies to support our rapid growth.

What You’ll Do

• Support the governance risk and compliance management program to achieve reports/certifications such as SOC2, ISO 27001/2, PCI-DSS, SOX, and others as appropriate

• Perform targeted gap assessments to bridge existing processes with the requirements of additional frameworks critical for business expansion

• Manage risk program activities including risk registers, risk identification, tracking, and prioritization

• Assess identified security risks and collaborate cross-functionally to create and execute treatment plans aligned with business priorities.

• Design and implement a common security control framework and ensure that controls are aligned with applicable security standards, regulations, and business objectives

• Support GRC tool implementation and optimization to streamline compliance processes and support security initiatives 

• Support and optimize third-party risk management programs to evaluate and monitor vendor security practices 

• Partner with Product, Engineering, IT, People Operations, and Legal to review existing and new initiatives that could impact compliance requirements

• Work with external auditors, regulators, and customers to ensure compliance with technology risk and compliance initiatives

• Work with the go-to-market team on customer security due diligence, including security questionnaires and resolving current or prospective compliance requests.

What You Need

• Minimum 5 years of experience with security requirements, standards, and practices, including NIST CSF, NIST 800-53, ISO 27001, PCI, SOC2, etc.

• Minimum 3 years of experience in supporting business-enabling GRC programs in highly regulated industries (e.g., SaaS, Finance)

• Ability to lead end-to-end security audits from design and implementation of controls to audit execution and project management

• Excellent understanding of risks and ability to prioritize potential gaps and opportunities for improvement based on our business and risk profile

• Experience supporting and building out a comprehensive third-party risk management program

• Proficient risk management and communication skills to navigate difficult conversations with leadership while driving accountability for risk-based decisions

• Experience working with a range of customers to provide assurance on complex security concerns 

• Demonstrated experience working cross-functionally across technical and non-technical teams across a large organization to drive alignment and action

Nice to Haves

• Security Certifications (CISSP, CISA, CCAK, CRISC, etc.)

• Familiarity with GRC tool automation, monitoring, and maintenance

About Our Team

Our team’s mission is to enable the business and provide assurance to our customers through the following pillars:

• Security Governance & Risk focuses on implementing a risk and compliance program that identifies and mitigates risk across the organization.

• Security Compliance focuses on maintaining a compliance roadmap (SOC 2, ISO 27001, PCI, SOX) based on customer, regulatory, and internal needs.

• Customer Assurance focuses on owning customer assurance packages (questionnaires, trust site, sales enablement) 

• Third-Party Risk Management focuses on guarding against threats posed by third parties who have access to Ramp data

Benefits (for U.S.-based full-time employees)

• 100% medical, dental & vision insurance coverage for you

• 401k (including employer match on contributions made while employed by Ramp)

• Flexible PTO

• Fertility HRA (up to $5,000 per year)

• WFH stipend to support your home office needs

• Wellness stipend

• Parental Leave

• Relocation support to NYC or SF

• Pet insurance

Other notices

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Compensation

$131.6K – $181K • Offers Equity

Job Tags

Similar Jobs