MongoDB
Overview
Program Manager, Governance, Risk and Compliance role at MongoDB. The GRC Program Manager will lead the maintenance of the Common Controls Framework, optimize and scale GRC processes, and help define roadmaps and capabilities for future GRC programs. This position is based in Princeton, NJ for a hybrid working model. Responsibilities
Manage the Common Controls Framework (CCF) lifecycle, including design, implementation, maintenance, and continuous improvement Lead the quarterly and annual CCF control review processes, coordinate cross-functional input to assess control effectiveness, validate ownership, and capture updates across applicable frameworks; use findings to drive remediation, improve control maturity, and inform audit readiness and program reporting Lead cross-functional coordination with engineering, security, product, legal, privacy, and operations teams to align control implementation and monitoring Serve as the connective tissue across multiple compliance frameworks (e.g., FedRAMP, NIST 800-53, ISO 27001, SOC 2, HIPAA, PCI, GDPR) Drive control harmonization, ensuring all relevant frameworks are mapped and aligned to minimize duplication of effort and audit fatigue Build and maintain a centralized controls library, including ownership assignment, testing cadence, and evidence automation Partner with security and GRC teams to establish and track key performance indicators (e.g., control maturity, testing success rate, audit readiness) Act as the liaison to external auditors and assessors during evidence collection, walkthroughs, and remediation tracking Lead program reviews, reporting status to executive leadership and identifying areas for program enhancement Evangelize a compliance-as-a-service model, helping teams integrate security and compliance into development workflows Feed relevant data points into the information risk assessment process (e.g., identifying gaps that may translate to risks) Collaborate with compliance team leads on defining roadmaps and necessary capabilities for future GRC programs Support operational activities such as control performance assessment via NIST CSF Maturity assessment and monitoring of effectiveness of the GRC Programs Support the GRC functions to help drive ad-hoc deliverables as required Lead efforts to ensure GRC tooling is updated with pertinent information and configured appropriately for scalable growth Perform cross-functional supportive activities related to maintaining standard compliance operations Qualifications
7+ years of experience in program or project management, ideally in security, compliance, or risk-heavy domains Create and maintain procedures and documentation for CCF management, including updates, quarterly control reviews, evidence handling, and stakeholder coordination Strong working knowledge of security frameworks (FedRAMP, NIST 800-53, SOC 2, ISO 27001, etc.) Own and optimize GRC / audit tool, ensuring effective control mapping, evidence management, and automation to support scalable, audit-ready compliance operations Experience designing or operationalizing a centralized/common control framework across multiple compliance obligations Proven ability to run cross-functional programs in a matrixed organization Familiarity with technical control domains: access management, change management, monitoring/logging, vulnerability management, configuration baselines Strong written and verbal communication skills; comfortable presenting to technical and executive stakeholders Experience supporting or managing internal or external audits Success Measures
People: Collaborate with leads to understand customer compliance requests and necessary gaps to address Organization: Ability to manage multiple parallel efforts and prioritize resources based on business need Communication: Effectively communicate recommendations and rationale to technical and non-technical management Research: Gather and analyze feedback from internal stakeholders and develop pragmatic recommendations on compliance initiatives Customer Service: Ensure MongoDB’s GRC Program operates efficiently with minimal disruption to MongoDB teams; provide excellent service when interfacing with other MongoDB teams MongoDB is committed to providing accommodations for individuals with disabilities in our application and interview process. To request an accommodation, please inform your recruiter. MongoDB, Inc. is an equal employment opportunity employer. We prohibit discrimination and harassment of any type and make all hiring decisions without regard to race, color, religion, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law.
#J-18808-Ljbffr
Program Manager, Governance, Risk and Compliance role at MongoDB. The GRC Program Manager will lead the maintenance of the Common Controls Framework, optimize and scale GRC processes, and help define roadmaps and capabilities for future GRC programs. This position is based in Princeton, NJ for a hybrid working model. Responsibilities
Manage the Common Controls Framework (CCF) lifecycle, including design, implementation, maintenance, and continuous improvement Lead the quarterly and annual CCF control review processes, coordinate cross-functional input to assess control effectiveness, validate ownership, and capture updates across applicable frameworks; use findings to drive remediation, improve control maturity, and inform audit readiness and program reporting Lead cross-functional coordination with engineering, security, product, legal, privacy, and operations teams to align control implementation and monitoring Serve as the connective tissue across multiple compliance frameworks (e.g., FedRAMP, NIST 800-53, ISO 27001, SOC 2, HIPAA, PCI, GDPR) Drive control harmonization, ensuring all relevant frameworks are mapped and aligned to minimize duplication of effort and audit fatigue Build and maintain a centralized controls library, including ownership assignment, testing cadence, and evidence automation Partner with security and GRC teams to establish and track key performance indicators (e.g., control maturity, testing success rate, audit readiness) Act as the liaison to external auditors and assessors during evidence collection, walkthroughs, and remediation tracking Lead program reviews, reporting status to executive leadership and identifying areas for program enhancement Evangelize a compliance-as-a-service model, helping teams integrate security and compliance into development workflows Feed relevant data points into the information risk assessment process (e.g., identifying gaps that may translate to risks) Collaborate with compliance team leads on defining roadmaps and necessary capabilities for future GRC programs Support operational activities such as control performance assessment via NIST CSF Maturity assessment and monitoring of effectiveness of the GRC Programs Support the GRC functions to help drive ad-hoc deliverables as required Lead efforts to ensure GRC tooling is updated with pertinent information and configured appropriately for scalable growth Perform cross-functional supportive activities related to maintaining standard compliance operations Qualifications
7+ years of experience in program or project management, ideally in security, compliance, or risk-heavy domains Create and maintain procedures and documentation for CCF management, including updates, quarterly control reviews, evidence handling, and stakeholder coordination Strong working knowledge of security frameworks (FedRAMP, NIST 800-53, SOC 2, ISO 27001, etc.) Own and optimize GRC / audit tool, ensuring effective control mapping, evidence management, and automation to support scalable, audit-ready compliance operations Experience designing or operationalizing a centralized/common control framework across multiple compliance obligations Proven ability to run cross-functional programs in a matrixed organization Familiarity with technical control domains: access management, change management, monitoring/logging, vulnerability management, configuration baselines Strong written and verbal communication skills; comfortable presenting to technical and executive stakeholders Experience supporting or managing internal or external audits Success Measures
People: Collaborate with leads to understand customer compliance requests and necessary gaps to address Organization: Ability to manage multiple parallel efforts and prioritize resources based on business need Communication: Effectively communicate recommendations and rationale to technical and non-technical management Research: Gather and analyze feedback from internal stakeholders and develop pragmatic recommendations on compliance initiatives Customer Service: Ensure MongoDB’s GRC Program operates efficiently with minimal disruption to MongoDB teams; provide excellent service when interfacing with other MongoDB teams MongoDB is committed to providing accommodations for individuals with disabilities in our application and interview process. To request an accommodation, please inform your recruiter. MongoDB, Inc. is an equal employment opportunity employer. We prohibit discrimination and harassment of any type and make all hiring decisions without regard to race, color, religion, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law.
#J-18808-Ljbffr