Senior Security Assurance Controls Manager (Falls Church)

Senior Security Assurance Controls Manager

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 140 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 44 state government agencies, and 66 healthcare organizations. More than 600 consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me's technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to No Identity Left Behind to enable all people to have a secure digital identity.

Role Overview

ID.me is seeking a Senior Security Assurance Controls Manager to lead the development, implementation, and ongoing operation of our internal control program for external security and privacy frameworks including FedRAMP, ISO 27001, and SOC 2.

This role is critical to maintaining the trust of our customers and regulatory stakeholders by ensuring that security and compliance requirements are met across ID.me's rapidly evolving product and infrastructure landscape. You will work cross-functionally with Engineering, Product, Security, GRC, and external auditors to design scalable control strategies, validate control effectiveness, and operationalize continuous monitoring.

Responsibilities

• Framework Ownership : Serve as the day-to-day owner for one or more frameworks (e.g., FedRAMP, ISO 27001, SOC 2), ensuring alignment between framework requirements and internal controls.
• Control Lifecycle Management : Collaborate with control owners to design, implement, document, and monitor controls. Define control objectives, implementation guidance, and assurance requirements.
• Audit & Assessment Readiness : Coordinate internal and external audits by developing audit plans, preparing walkthroughs, and managing evidence collection activities.
• Continuous Monitoring : Maintain a recurring schedule of control validations based on framework-specific frequency requirements (e.g., FedRAMP ConMon). Track control health and remediation actions.
• Gap Analysis & Risk Assessments : Lead gap analyses between new framework requirements and existing control coverage. Facilitate Security Impact Assessments (SIAs) to assess compliance implications of changes and identify risks.
• Compliance Documentation : Manage organizational policies. Ensure up-to-date, reviewer-approved documentation exists for policies, procedures, and implementation statements. Lead annual reviews and updates.
• Control Remediation & POA&M Management : Partner with control owners to define corrective actions, manage Plans of Action & Milestones (POA&Ms), and track resolution through closure. Propose and coordinate the design of controls to mitigate risks.
• Stakeholder Engagement : Act as a trusted partner to engineering, product, infrastructure, and customer-facing teams. Provide clear guidance on what controls are required, why, and how to satisfy them.
• Tooling & Metrics : Support the use of GRC and data pipelines to automate evidence collection, track control status, and generate metrics for reporting.
• Internal and External : Contribute to executive and board-level reporting, as well as external customer reporting such as through Continuous Monitoring reports.

Basic Qualifications

Preferred Qualifications

The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role.

ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.

The above represents the anticipated total rewards package for this job requisition. Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors.