ID.me · 2 days ago
Staff Security Assurance Controls Manager
Mountain View, CA
Full-time
Onsite
Senior Level, Lead/Staff
$195K/yr - $228K/yr
7+ years expID.me is a next-generation digital identity wallet that simplifies online identity verification for consumers. They are seeking a Staff Security Assurance Controls Manager to lead the development and implementation of internal control programs for security and privacy frameworks, ensuring compliance and maintaining customer trust.
Cloud Data ServicesCyber SecurityFraud DetectionIdentity ManagementPrivacySoftware
Hiring Manager
John Sweeney
Responsibilities
Framework Ownership: Serve as the day-to-day owner for one or more frameworks (e.g., NIST 800-63, FedRAMP, ISO 27001, SOC 2), ensuring alignment between framework requirements and internal controls
Control Lifecycle Management: Collaborate with control owners to design, implement, document, and monitor controls. Define control objectives, implementation guidance, and assurance requirements
Audit & Assessment Readiness: Coordinate internal and external audits by developing audit plans, preparing walkthroughs, and managing evidence collection activities
Continuous Monitoring: Maintain a recurring schedule of control validations based on framework-specific frequency requirements (e.g., FedRAMP ConMon). Track control health and remediation actions
Gap Analysis & Risk Assessments: Lead gap analyses between new framework requirements and existing control coverage. Facilitate Security Impact Assessments (SIAs) to assess compliance implications of changes and identify risks
Compliance Documentation: Manage organizational policies. Ensure up-to-date, reviewer-approved documentation exists for policies, procedures, and implementation statements. Lead annual reviews and updates
Control Remediation & POA&M Management: Partner with control owners to define corrective actions, manage Plans of Action & Milestones (POA&Ms), and track resolution through closure. Propose and coordinate the design of controls to mitigate risks
Stakeholder Engagement: Act as a trusted partner to engineering, product, infrastructure, and customer-facing teams. Provide clear guidance on what controls are required, why, and how to satisfy them
Tooling & Metrics: Support the use of GRC and data pipelines to automate evidence collection, track control status, and generate metrics for reporting
Internal and External: Contribute to executive and board-level reporting, as well as external customer reporting such as through Continuous Monitoring reports
Qualification
Required
Bachelor's degree in Information Security, Computer Science, Engineering, Risk Management, or related field—or equivalent practical experience
7–10+ years of experience managing and operating security/compliance programs, including at least one of: FedRAMP, ISO 27001, or SOC 2
3–5+ years of experience managing third-party audits (e.g., ATO, SOC, ISO certs), including evidence preparation, auditor interface, and corrective actions
Proficient in project management: planning, tracking, reporting, and issue resolution
Strong understanding of security control domains (e.g., access control, vulnerability management, encryption, logging, change management)
Experience working in cloud-native environments (AWS, GCP preferred)
Familiarity with GRC platforms such as LogicGate, ServiceNow GRC, or Archer
Preferred
NIST 800-63 experience with identity proofing and authenticator management is preferred
Experience leading or contributing to FedRAMP Continuous Monitoring (ConMon) activities or significant change requests (SCR) / change management
Policy, plan, procedure management
Deep understanding of control implementation across cloud-native and DevOps environments
CISSP, CISA, CCSK, or ISO 27001 Lead Auditor certification
Cloud security certifications (e.g., GCP, AWS, etc.) are a plus
Experience working in SaaS or regulated environments (e.g., healthcare, finance, government)
Benefits
Comprehensive medical
Dental
Vision
Health savings account
Flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts)
Basic and voluntary life and AD&D insurance
401(k) with company match
Parental leave
Ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays
Short and long-term disability insurance
Accident and critical illness insurance
Referral bonus policy
Employee assistance program
Pet insurance
Travel assistant program
Wellbeing and childcare discounts
Benefit advocates
Learning and development benefit
Company
ID.me
ID.me is a digital identity wallet that allows users to securely prove their identity online.
1001-5000 employees
H1B Sponsorship
ID.me has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (12)
2024 (2)
Funding
Current Stage
Late StageTotal Funding
$814.25MKey Investors
Ribbit CapitalAres ManagementViking Global Investors
2025-09-03Series E· $65M
2025-01-30Debt Financing· $275M
2024-11-25Secondary Market· $67M
Leadership Team
Blake Hall
Co-Founder and CEO
Samantha Greenberg
Chief Financial Officer
Recent News
BiometricUpdate.com
2026-01-07
BiometricUpdate.com
2025-12-18
Company data provided by crunchbase