Role Overview:

Unison is hiring a Security Governance Manager to manage key activities supporting our federal authorizations, customer assurance obligations, and compliance operations. Reporting directly to the CISO, you will manage security governance activities supporting our authorizations and certifications, including FedRAMP, DoD Impact Level 4 (IL4), CMMC, and others.

You will work as part of the broader Security team to maintain authorization documentation, strengthen evidence quality, coordinate with control owners, support annual assessments, manage customer and vendor assurance activities, and keep audit and authorization work moving with discipline and clarity.

This is a hands-on leadership role for a GRC practitioner who treats compliance as a way to enable the business and earn trust.

Responsibilities

• Lead and mature the Security Governance function as part of the broader Security team, covering strategy, processes, ownership, reporting, and continuous improvement.
• Maintain and strengthen Unison's authorizations and certifications, including FedRAMP, IL4, and CMMC, by managing documentation, SSP updates, evidence quality, control-owner coordination, audit readiness, and annual assessment support.
• Support FedRAMP continuous monitoring activities, including recurring evidence collection, monthly and annual deliverables, risk documentation, remediation commitments, approvals, and deadlines.
• Coordinate with agency Authorizing Officials, 3PAOs, agency stakeholders, auditors, and control owners through assessments and ongoing authorization activity.
• Own the lifecycle of security policies, standards, and procedures, keeping documentation aligned with actual business and technical practice.
• Manage customer trust and assurance activities, including customer security reviews, questionnaires, RFPs, due-diligence responses, and reusable evidence packages.
• Communicate governance, compliance, audit, and risk topics clearly to technical teams, customers, auditors, executives, and business stakeholders

Qualifications

• 6+ years in GRC, security governance, compliance, audit, or risk management.
• Hands-on FedRAMP experience, including authorization, continuous monitoring, SSP maintenance, evidence management, assessments, annual assessment support, and POA&M coordination.
• Exposure to other federal authorizations and certifications such as DoD IL4/IL5 or CMMC.
• Working knowledge of NIST SP 800-53 and the control expectations behind FedRAMP, CMMC, and similar programs, including authorization documentation and audit evidence practices.
• Proven ability to manage people and vendors and to communicate credibly with auditors, technical teams, customers, and executives.
• Strong written communication skills, including the ability to produce clear policies, procedures, control narratives, customer responses, risk summaries, and executive-ready updates.

Preferred Qualifications

• A prior hands-on technical role, such as engineering, security operations, or systems/cloud administration.
• FedRAMP High, agency ATOs, or multiple federal authorization paths.
• DoD IL4/IL5, CMMC, or DISA experience.
• SaaS or GovTech experience serving federal agencies.
• Certifications such as CGRC, CISM, CRISC, CISA, CISSP, or CCSP.

What We're Looking For

We're looking for someone who treats security governance as a way to move the business forward, not a box to check. You understand that security authorizations are a way to earn customer trust.

You're hands-on. You can set direction and mature the program, but you'll also write policy, chase the evidence, sit with the auditor, and answer the hard question on a customer call. You work credibly across our security compliance requirements and can hold your own with engineers without losing the business view.

You bring structure without bureaucracy. You know which controls and processes matter, where to push, and where to keep it simple.

Clearance:Applicants may need to be the subject of a security investigation and may need to meet eligibility requirements for access to classified information, to include U.S. Citizenship.

Compensation:

Base Salary: $155,000 - $190,000

Final compensation will depend on factors such as geographic location, experience, and qualifications.

In-Person Interview:
Our hiring process requires one in-person meeting, typically the final interview. Travel and accommodation will be provided.

Remote Work:
Though predominantly remote, monthly office visits may be required.