Senior Program Manager - Governance, Risk, and Compliance

MongoDB’s mission is to empower innovators to create, transform, and disrupt industries by unleashing the power of software and data. We enable organizations of all sizes to easily build, scale, and run modern applications by helping them modernize legacy workloads, embrace innovation, and unleash AI. Our industry-leading developer data platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available in more than 115 regions across AWS, Google Cloud, and Microsoft Azure. Atlas allows customers to build and run applications anywhere—on premises, or across cloud providers. With offices worldwide and over 175,000 new developers signing up to use MongoDB every month, it’s no wonder that leading organizations, like Samsung and Toyota, trust MongoDB to build next-generation, AI-powered applications.

The MongoDB security team is looking for a Program Manager - Governance, Risk, and Compliance. This role will be responsible for analyzing, documenting and monitoring risk and compliance posture across our existing program.

MongoDB aligns its practices to multiple compliance frameworks in order to support our customer’s needs. The Senior Program Manager - Governance, Risk, and Compliance role will provide support for MongoDB’s compliance team by creating and maintaining comprehensive public sector compliance documentation, arranging meetings, liaising with internal stakeholders to communicate compliance requirements and gather feedback, preparing data for further analysis and reporting, tracking meeting minutes and actions and providing general administrative support to enable continuous growth of the Governance, Risk and Compliance Program.

The ideal Senior Program Manager - Governance, Risk, and Compliance candidate should have demonstrated experience with documents and data handling, proven general administration, be familiar with change management enabling organizations to improve and/or establish efficient and effective processes and drive forward change. Familiarity with compliance programs or technical audits in public sector Information Security related frameworks (i.e. NIST 800-53, NIST 800-171, etc.) is a plus. 

This role will support building out an internal compliance program and help scale MongoDB Inc. to support our customer’s needs. MongoDB is a breakthrough company that is disrupting a $40B market. This position has significant growth potential and we’re looking for someone who is excited to take initiative and eager to learn. 

This role can be based remotely in the Central or Eastern time zones.

Responsibilities

• Assist with the development of the annual roadmap, including communicating timelines, managing dependencies, and coordinating resource requirements
• Manage program timelines and proactively communicate obstacles that may impact milestones and key delivery dates
• Facilitate productive meetings by developing goal-oriented agendas, documenting meeting minutes, and following up on action items in a timely manner
• Lead engagements with external auditors by scheduling meetings, drafting relevant communications, and reporting on assessment results
• Lead compliance efforts ensure compliance with various frameworks, FedRAMP High, IL-4 & IL-5
• Support assessment activities to achieve and/or maintain compliance certifications or evaluate the system for potential sponsors, 3PAO and PMO
• Plan, schedule, and perform internal gap analyses and maturity assessments
• Manage findings and coordinate remediation efforts for both internal and external audits
• Analyze program data to develop informative presentations for communicating performance metrics to Governance, Risk, and Compliance stakeholders
• Utilize ticketing systems and workflows to monitor internal Governance, Risk, and Compliance activities to maintain project timelines and objectives
• Develop, update, and maintain documentation for MongoDB’s public sector cloud customers
• Provide guidance and training to team members
• Educate employees on cybersecurity best practices and compliance requirements
• Address inquiries regarding security attestations and compliance
• Act as a trusted advisor to stakeholders and customers, providing insights into risk strategies, compliance requirements, and mitigation plans
• Guide stakeholders through regulatory landscapes, ensuring adherence to security standards

Qualifications

• Bachelor's degree or equivalent practical experience
• Possess a practical understanding of cloud security compliance, risk management, information security principles, including a working knowledge of cloud controls and environments
• Experience with security and major compliance standards such as ISO 27001, SOC 2, PCI NIST 800-53
• Possess extensive experience in internal governance, risk, and compliance functions, along with a deep understanding of policies, procedures, and governance frameworks within highly regulated industries
• Practical experience performing gap analysis, maturity assessments, and risk assessments
• Experience managing projects and work streams at the enterprise level
• Experience implementing compliance technology and associated tools
• Ability to engage organizational levels simultaneously, leading to solutions/sustainable programs
• Knowledge of compliance and regulatory processes, including aligning policies to regulatory and business requirements
• Demonstrate an exceptional level of attention to detail coupled with strong organizational skills
• Possess strong presentation building, communication, analytical, diagnostic, and critical thinking skills
• Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences
• Demonstrate an adept skill in navigating uncertainties and formulating clear plan of actions
• Take proactive ownership of tasks and autonomously drive them to successful completion

Preferred Qualifications

• Experience with FedRAMP revision 5 Moderate, experience with FedRAMP High, IL-4, and IL-5 frameworks is a plus
• Experience working with Jira
• Experience reviewing and editing SSPs, IRPs, ISCPs, and other FedRAMP related documentation
• Project management experience including:  
• process, metrics and dashboard reporting
• drafting communications
• drafting meeting minutes
• rollout of information security training and awareness program
• project management support and reporting
• An understanding of the common and fundamental project management processes e.g. scoping, planning, risk management, change control, communication etc.

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Req ID: 2263139354