✦ Luna Orbit — Cybersecurity

Director, Information Security Program Manager

at Bank of New York Mellon

📍 Washington, DC, United States Unknown 💰 $310K – $310K USD / year Posted April 16, 2026
Apply Now → ← Browse All Jobs

Position Details

Salary $310K – $310K USD / year
Type Not Specified
Experience executive
Exp. Years Not specified
Education Not specified
Category Cybersecurity

About this role

BNY is seeking a Director, Information Security Program Manager to lead the creation, authorization, and continuous governance of a FedRAMP-compliant Azure Government tenant supporting government payment transaction services. The role owns boundary definition, ATO readiness, ongoing compliance operations, and coordination across security, engineering, risk/compliance, legal, and external partners.

Key Responsibilities

  • Own end-to-end FedRAMP High program for an Azure Government tenant supporting government transactions
  • Lead ATO readiness and maintain FedRAMP artifacts including SSP and POA&M
  • Drive governance and operating mechanisms across engineering, cloud platform, information security, risk/compliance, legal, payment operations, and 3PAOs
  • Manage evidence management, change control, and control attestation workflows aligned to FedRAMP requirements
  • Conduct gap analyses against NIST SP 800-53 and ensure traceability and remediation planning

Technical Overview

This position focuses on FedRAMP High compliance for Azure Government/GCC High constructs, including SSP and associated FedRAMP appendices, POA&M, boundary diagrams, and data flows. It requires performing gap analyses against NIST SP 800-53, driving remediation, and maintaining traceability from control narratives to technical and process evidence while ensuring continuous monitoring and control attestation.

Ideal Candidate

The ideal candidate is a senior information security program leader who has owned FedRAMP compliance end-to-end for an Azure Government tenant, including ATO readiness and continuous monitoring. They bring strong governance experience across security, risk/compliance, engineering, and external assessment partners, with demonstrated control traceability to NIST SP 800-53 evidence.

Must-Have Skills

lead the creationauthorizationand continuous governance of a FedRAMP-compliant Azure Government tenantown the end-to-end program-system boundary definitiondocumentationATO readinessand continuous monitoringmaintain program OKRs/KPIs: POA&M closure velocitycontrol coveragevulnerability SLAsConMon completenessaudit readinessdrive disciplined change controlevidence managementand control attestation workflows aligned to FedRAMP requirementslead authoring and maintenance of FedRAMP artifacts: SSP and associated FedRAMP appendicesPOA&Mpolicies/standards/proceduresboundary diagramsand data flowsconduct gap analyses against NIST SP 800-53 controls and drive remediation plans with traceability

Tools & Platforms

Microsoft Azure GovernmentFedRAMPSSPPOA&MNIST SP 800-53

Required Skills

FedRAMP-compliant Azure Government tenantAzure GovernmentGCC HighFedRAMP HighATO readinesscontinuous monitoringprogram-system boundary definitionprogram OKRsPOA&M closure velocitycontrol coveragevulnerability SLAsConMon completenessaudit readinesschange controlevidence managementcontrol attestation workflowsSSPFedRAMP appendicespolicies/standards/proceduresboundary diagramsdata flowsdata categorizationFedRAMP control familiesgap analysesNIST SP 800-53 controlsremediation planstraceabilityexternal partners3PAO activitiesassessmentsremediation

Hard Skills

FedRAMP-compliant Azure Government tenantAzure GovernmentGCC HighFedRAMP Highprogram-system boundary definitionsystem boundary documentationATO readinesscontinuous governancecontinuous monitoringend-to-end program managementprogram OKRsprogram KPIsPOA&M closure velocitycontrol coveragevulnerability SLAsConMon completenessaudit readinessdisciplined change controlevidence managementcontrol attestation workflowsFedRAMP artifactsSSPPOA&Mpolicies/standards/proceduresboundary diagramsdata flowssystem boundary and data categorizationFedRAMP control familiesgap analysesNIST SP 800-53 controlsremediation planstraceability from control narratives to technical and process evidenceexternal partners3PAO activitiesreadinessassessmentsremediationdocumentationcompliance leadership

Soft Skills

leadershipgovernance facilitationcross-functional collaborationrisk communicationstakeholder managementpartner managementdiscipline and rigordecision-making

Industry & Role

Industry Government/Public Sector
Job Function Lead FedRAMP authorization and continuous compliance governance for an Azure Government tenant supporting government payment transaction services
Role Subtype CISO
Tech Domains Azure

Keywords for Your Resume

DirectorInformation Security Program ManagerFedRAMP-compliant Azure Government tenantAzure GovernmentGCC HighFedRAMP HighATO readinesscontinuous monitoringprogram-system boundarysystem boundary documentationprogram OKRsPOA&M closure velocitycontrol coveragevulnerability SLAsConMon completenessaudit readinesschange controlevidence managementcontrol attestation workflowsFedRAMP artifactsSSPFedRAMP appendicespolicies/standards/proceduresboundary diagramsdata flowsdata categorizationFedRAMP control familiesgap analysesNIST SP 800-53remediation planstraceabilityexternal partners3PAO activitiesreadinessassessmentsremediationFedRAMPPOA&M

Deal Breakers

Must have demonstrated FedRAMP-compliant Azure Government tenant experience with ATO readiness, Must be able to conduct gap analyses against NIST SP 800-53 controls and drive remediation with traceability, Must be comfortable owning SSP, POA&M, and FedRAMP artifact maintenance

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile