Federal Compliance Manager

As the Federal Compliance Manager, you will collaborate with internal stakeholders and product engineering teams to document and implement control requirements, ensuring adherence to Figma’s FedRAMP cloud security standards. Responsibilities include supporting the analysis and remediation of security control implementation review, penetration testing, and vulnerability scan results as well as contributing to Plans of Action and Milestones (POAM) reporting for authorizing agencies. Additionally, you will actively engage with security professionals on cross-department initiatives, participating in projects aimed at fortifying the company's overall security posture.

What you’ll do at Figma:

• Engage with cross-functional collaborators across legal, sales, product/enterprise teams, 3PAO, sponsoring agency, and FedRAMP PMO.

• Analyze information from disparate teams to tackle complex issues, manage risks, and resolve problems.

• Assist in analyzing and preparing for both internal and external audits.

• Recognize, address, communicate, or escalate technical and program risks effectively.

• Collaborate on developing automated capabilities for evidence collection, control validation, and process execution.

• Maintain technical documentation (e.g., System Security Plan or SSP) with expertise in security controls, audits, technical architecture, operational processes, and security protocols.

• Provide strategic insights to internal teams about implementing FedRAMP and other security frameworks, emphasizing their impact on product updates or organizational processes.

• Identify and communicate specific security and configuration requirements to cloud, application, and enterprise teams.

We'd love to hear from you if you have:

• 5+ years of hands-on experience in IT auditing and/or compliance

• Recent hands-on concentration of work with FedRAMP Framework 

• Previous experience leading a Cloud Service Provider through a FedRAMP ATO process

• SaaS-based audit and compliance experience

• Experience working with technologies hosted via cloud computing environments (e.g., AWS)

While not required, it’s an added plus if you also have:

• Understanding of security domains, including application security, infrastructure and cloud security, incident response, and security compliance and certifications

• Hands-on experience with cloud computing technologies

• Established connections in the FedRAMP industry and with various government agencies

• Familiarity with other international regulatory compliance

At Figma, one of our values is Grow as you go. We believe in hiring smart, curious people who are excited to learn and develop their skills. If you’re excited about this role but your past experience doesn’t align perfectly with the points outlined in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.