Federal Compliance Specialist
Persona
Legal
San Francisco, CA, USA
Posted on Jun 24, 2025
About Persona
Persona is the configurable identity platform built for businesses in a digital-first world. Verifying individuals and organizations is harder — but more important — than ever, with AI enabling fraudsters to launch sophisticated accounts at scale and regulations evolving rapidly.
We’ve built Persona to support practically every use case and industry — that’s why we’re able to serve a wide range of leading companies. For example, Coursera uses Persona to ensure the right person is earning each degree. Meanwhile, OpenAI relies on Persona to keep bad actors out, protecting one of the world’s most powerful AI platforms from large-scale abuse in a time when AI is reshaping the way we work and live.
We believe that making the internet safer and more human requires a team that reflects the diverse, global nature of the people we aim to serve. We’re growing rapidly and looking for exceptional people to join us.
About the role
We are seeking a seasoned Federal Compliance Manager with deep expertise in FedRAMP (Federal Risk and Authorization Management Program) to join our team. In this role, you will lead our efforts to achieve and maintain FedRAMP authorization, ensuring that our organization remains compliant with all federal cybersecurity requirements. You will work cross-functionally with product, engineering, legal, and leadership teams to embed compliance practices into our technical and operational infrastructure.
What you'll do at Persona
- FedRAMP Strategy & Execution
- Lead the development, implementation, and continuous improvement of the company’s FedRAMP compliance program.
- Own the end-to-end process of obtaining and maintaining a FedRAMP Authority to Operate (ATO), including liaising with 3PAOs, the Joint Authorization Board (JAB), and agency sponsors.
- Coordinate internal and external audits, assessments, and penetration tests.
- Documentation & Policy Management
- Draft, maintain, and continuously refine required FedRAMP documentation, including the System Security Plan (SSP), POA&M, Incident Response Plan, and contingency plans.
- Ensure that documentation is consistent, thorough, and audit-ready.
- Cross-Functional Compliance Leadership
- Partner with engineering and DevOps teams to implement required security controls (e.g., logging, access controls, vulnerability management).
- Provide training and guidance to internal stakeholders on FedRAMP obligations and security best practices.
- Continuous Monitoring & Reporting
- Oversee the Continuous Monitoring (ConMon) process, including the submission of monthly, quarterly, and annual reports to government agencies.
- Track and respond to emerging federal compliance requirements, and adapt policies and practices accordingly.
- Risk & Incident Management
- Lead risk assessments and gap analyses to identify compliance deficiencies.
- Drive the incident response lifecycle in coordination with the security team to ensure timely and compliant resolution of security incidents.
What you'll bring to Persona
- Experience & Expertise
- 3+ years of experience in federal IT compliance, cybersecurity compliance, or related areas.
- 2+ years of hands-on experience specifically with FedRAMP and related NIST frameworks (e.g., NIST 800-53, 800-171).
- Successful experience leading a company through FedRAMP ATO or JAB certification is strongly preferred.
- Knowledge & Skills
- Deep knowledge of federal IT compliance and risk management concepts, including FISMA, CISA guidance, and cloud service provider security models.
- Familiarity with cloud platforms such as AWS, GCP, or Azure in a regulated context.
- Strong understanding of technical security controls, vulnerability management, access controls, and secure system design.
- Communication & Leadership
- Exceptional communication, organizational, and project management skills.
- Ability to translate complex compliance requirements into clear, actionable items for technical and non-technical audiences.
- Certifications (Preferred)
- CISSP, CISA, CISM, or Certified FedRAMP Practitioner.
Compensation & equity
This salary range is the estimated base salary range. Base salaries are just one component of the total compensation package and are determined by a number of factors such as years of experience, expertise, qualifications and more. In addition to base salary, we offer competitive equity packages that play a big part in recognizing you for the huge impact you will have on helping us achieve our mission. Please note, the salary range is a guideline based on market data for roles located in the San Francisco Bay Area, and may vary depending on location. Salary ranges are subject to change without notice.
Benefits and perks
Persona offers a wide range of thoughtful and inclusive benefits for this role, including medical, dental, and vision, 3% 401(k) contribution, unlimited PTO, quarterly mental health days, family planning benefits, professional development stipends, wellness benefits, unlimited paid time off, among others. While we believe competitive compensation and benefits are a critical aspect of you deciding to join us, we do hope you consider why our core values and culture are right for you. If you’d like to better understand what it’s like working at Persona, feel free to check out our reviews on Glassdoor.
Diversity, equity, inclusion and belonging
At Persona, we strive to put diversity and inclusion at the forefront of everything we do, reflecting our core values. Our DEIB Employee Resource Group seeks to build a diverse and inclusive team that fosters an environment where each Personerd feels empowered to bring their unique differences to work and achieve their full innovative potential. Our hope is that by fostering such an environment, we strengthen our business and relationships by putting people first.
We strive to promote a culture that celebrates diversity and inclusiveness regardless of, but not limited to, race, gender, sexual orientation, family status, religion, ethnicity, national origin, physical disability, veteran status, or age.