Security Program Manager, AI Assurance

About Ramp

At Ramp, we're rethinking how modern finance teams function in the age of AI. We believe AI isn't just the next big wave. It's the new foundation for how business gets done. We're investing in that future - and in the people bold enough to build it.

Ramp is a financial operations platform designed to save companies time and money. Our all-in-one solution combines payments, corporate cards, vendor management, procurement, travel booking, and automated bookkeeping with built-in intelligence to maximize the impact of every dollar and hour spent. More than 50,000 businesses, from family-owned farms to e-commerce giants to space startups, have saved $10B and 27.5M hours with Ramp. Founded in 2019, Ramp powers the fastest-growing corporate card and bill payment platform in America, and enables over $100 billion in purchases each year.

Ramp's investors include Lightspeed Venture Partners, Thrive Capital, Sands Capital, General Catalyst, Founders Fund, Khosla Ventures, Sequoia Capital, Greylock, Redpoint, and ICONIQ, as well as over 100 angel investors who were founders or executives of leading companies. The Ramp team comprises talented leaders from leading financial services and fintech companies-Stripe, Affirm, Goldman Sachs, American Express, Mastercard, Visa, Capital One-as well as technology companies such as Meta, Uber, Netflix, Twitter, Dropbox, and Instacart.

Ramp has been named to Fast Company's Most Innovative Companies list and LinkedIn's Top U.S. Startups for more than 3 years, as well as the Forbes Cloud 100, CNBC Disruptor 50, and TIME Magazine's 100 Most Influential Companies.

About the Role

This business-enabling role will have a direct impact on scaling and strengthening Ramp's security and compliance programs. You will drive initiatives across security compliance, governance, risk management, and assurance to enhance our security posture, support customer, partner, and regulatory due diligence, and advance scalable, business-aligned security practices. You will also help thoughtfully integrate emerging areas such as AI assurance into our broader GRC strategy to enable responsible innovation and sustained growth.

What You'll Do

• Lead and support security and compliance programs to achieve and maintain key certifications and attestations (e.g., SOC 2, ISO 27001, PCI-DSS, SOX, ISO 42001, AIUC-1), while building scalable processes to support future framework expansion and geographic growth.

• Partner cross-functionally with Product, Engineering, IT, Finance, Legal, People, and Go-to-Market teams to translate regulatory, customer, and emerging requirements (including AI governance considerations) into practical, actionable controls.

• Support the design, implementation, and monitoring of IT General Controls (ITGCs), automated controls, and financial system governance processes, including access management, change management, and configuration oversight.

• Support and lead audit and assurance activities, including planning and coordination with external auditors and independent assessors, conducting control walkthroughs, managing evidence collection, and maintaining audit-ready documentation.

• Strengthen customer assurance programs by evaluating vendor security practices, responding to customer due diligence requests, and identifying opportunities for automation and continuous monitoring within GRC workflows.

• Build scalable audit management processes and documentation systems that will support future expansion to additional geographies and compliance frameworks

What You Need

• 5+ years of experience in security, risk, audit, or compliance roles within cloud-based or highly regulated environments (e.g., SaaS, financial services).

• Working knowledge and experience supporting security certifications and regulatory audits (e.g., SOC 2, ISO 27001, PCI-DSS, SOX), including control documentation, testing, evidence collection, and auditor coordination.

• Experience contributing to risk management and/or third-party risk programs, including performing risk assessments, maintaining risk documentation, or evaluating vendor security controls.

• Strong written and verbal communication skills, and demonstrated ability to collaborate across technical and non-technical teams and clearly explain security and compliance requirements, including emerging areas such as AI governance.

• Experience managing time-bound workstreams in fast-paced environments, and serve as a subject matter expert on evolving compliance and emerging risk areas, including AI governance considerations.

Nice-to-Haves

• Experience in AI/ML-driven environments, with an understanding of security and risk considerations related to model development, training data, and deployment pipelines.

• Background in high-growth technology companies where compliance programs needed to scale quickly to support new products, markets, or regulatory requirements.

• Exposure to automation in security and compliance processes, including implementing or supporting programmatic control enforcement ("compliance as code").

• Relevant professional certifications such as CISA, CRISC, CISM, CISSP

Benefits (for U.S.-based full-time employees)

• 100% medical, dental & vision insurance coverage for you

• Partially covered for your dependents

• One Medical annual membership

• 401k (including employer match on contributions made while employed by Ramp)

• Flexible PTO

• Fertility HRA (up to $10,000 per year)

• Parental Leave

• Unlimited AI token usage

• Pet insurance

• Centralized home-office equipment ordering for all employees

• Health and Wellness stipend

• In-office perks: lunch, snacks, drinks, and more

• Budget for intra-office travel

• Relocation support to NYC or SF (as needed)

Referral Instructions

If you are being referred for the role, please contact that person to apply on your behalf.

Other notices

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Ramp Applicant Privacy Notice