Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Office of Solutions: FedRAMP Director

Coming soon

Get notified when this position opens.

Basic information

Open to U.S. citizens or nationals (residents of American Samoa and Swains Island). Subject to background check. Full information will be available on USAJOBS.

Supervisory status: Supervisory

Job title: Office of Solutions: FedRAMP Director

Official title in USAJOBS: IT Program Manager PLCYPLN/INFOSEC

Number of vacancies: 1

Location: Anywhere in the U.S. (remote)

Salary range: GS-15 ($143,736 to $191,900)

Your salary, including base and locality, will be determined upon selection, dependent on your actual duty location. Please note the maximum salary available for the GS pay system is $191,900. For specific details on locality pay, please visit OPM’s Salaries & Wages page or for a salary calculator OPM’s 2024 General Schedule (GS) Salary Calculator. You can find more information in our compensation and benefits section.

Travel requirement: Occasional travel may be required up to 15% per year.

Work schedule: Full time.

Appointment type: This is a permanent position.

Learn more about the benefits of working at GSA and TTS.

Role summary

The Director of FedRAMP leads the federal government’s initiative to make it straightforward and safe for Federal agencies to use modern cloud-based software and infrastructure to deliver on their mission.

The position serves as the principal leader and point of contact for the Federal Risk Management and Authorization Program (FedRAMP).

FedRAMP was created in 2011 to accelerate the government’s use of commercial cloud services, by creating a standardized process for security review and authorization and making security information easily available to agencies. More generally, FedRAMP operates as a bridge between the public and private sectors, to help companies that offer innovative services navigate federal security expectations and to bring the best of the private sector into government.

Since its creation, the cloud sector has changed substantially and agency needs have focused more on software-as-a-service products. In recent years, Congress and the White House have updated the program’s mission and authorities, with a mandate to scale and modernize the program, while continuing to ensure the high bar of security that the public expects around government data and operations.

The Director will oversee FedRAMP’s strategy to achieve this. The position is a dynamic role that will engage with government and private sector stakeholders, make key policy and operational decisions affecting government-wide use of cloud products, while supervising program staff and resources. The role will require information security expertise, a vision for change, and entrepreneurial spirit to position the program as a cybersecurity leader, maintain trust in the FedRAMP brand, and operate efficiently and consistently.

Key objectives

1. You will expand the size and diversity of the FedRAMP marketplace.

  • Identify and understand the present and future needs of the federal government, and focus the FedRAMP program on bringing into government the cloud service providers that will safely help agencies meet those needs.

  • Increase the capacity and speed of the FedRAMP ecosystem, including by working collaboratively with federal agencies and others to create more channels and processes for authorizing cloud providers.

  • Serve as the primary spokesperson for the FedRAMP program with industry, government, and the media.

  • Manage relationships and forge partnerships with key government partners, including the FedRAMP Board, the Executive Office of the President, the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and others.

2. You will accelerate and simplify the FedRAMP process for federal agencies and cloud service providers.

  • Orient FedRAMP around agile delivery principles, by enabling cloud providers to operate using secure agile software development practices and rapid delivery of security updates and features.

  • Transition FedRAMP to an automation-first, API-driven program, in its internal operations as well as through customer-facing services for automated self-validation and submission.

  • Establish and publish customer-oriented key performance metrics for the program, and drive program improvements along those metrics to demonstrate visible progress to public and government stakeholders.

  • Continuously optimize the fundamental processes of the FedRAMP program, as well as the processes agencies and third parties operate to participate in FedRAMP.

3. You will grow FedRAMP’s reputation as a trusted independent evaluator of cloud services.

  • Protect and build the FedRAMP brand as a meaningful and rigorous security and risk management process, whose authorizations can consistently be presumed adequate for use by any federal agency.

  • Build the overall technical and information security expertise of the FedRAMP program, through recruitment, training, and ongoing staff development.

  • Keep FedRAMP focused on the biggest security threats to the federal government and the commercial cloud ecosystem.

  • Ensure the program maintains oversight of any third-party organizations involved in the assessment and review of cloud services.

Qualifications

Provide as much detail as possible on your resume so that we can evaluate your previous experience. Follow our guidance on creating a federal style resume.

Failure to provide required information may result in disqualification.

For each job on your resume, provide:

  • The exact dates you held each job (from month/year to month/year or “present”)
  • Number of hours per week you worked (if part time)

SPECIALIZED EXPERIENCE REQUIREMENTS:

To qualify, you must have one (1) year of specialized experience at the next lower GS-grade (or equivalent). Specialized experience is defined as follows:

  • Developing or leading the development of cloud-based infrastructure and software in commercial or government cloud environments.
  • Implementing or leading the implementation of information security design and architecture principles.
  • Working with information security compliance frameworks, such as FedRAMP, FISMA, SOC2, PCI, ISO 27001, or other relevant frameworks used in the public or private sector.
  • Building coalitions across distinct stakeholder groups, such as customers, partners, and oversight or governance bodies.

How to Apply

Get notified when this position is open for applications. Please choose cybersecurity or executive management from the role list of options to be notified about this position.

Join TTS

An official website of the GSA’s Technology Transformation Services

Looking for U.S. government information and services?
Visit USA.gov