GRC Program Manager, US Government Compliance

Details

About the Team

Governance, Risk, and Compliance (GRC) is foundational to Security delivering mission outcomes at OpenAI. The GRC team provides security and engineering expertise to ensure our customers' most critical and stringent requirements are met. The team is technical in what it builds and operational in how it works, with a focus on obtaining, expanding, and maintaining Authorizations to Operate (ATOs) for critical systems while fostering a collaborative and execution-driven culture.

About the Role

You will play a pivotal role in achieving US government (USG) ATOs and compliance frameworks (including FedRAMP and Department of War (DoW)) for OpenAI products and support agency-specific ATOs for systems deployed in highly regulated and secure environments. You will work closely with engineers, internal stakeholders, and external assessors to design, document, and implement security controls that meet stringent compliance requirements. Creativity and an execution-focused approach are critical for navigating complex challenges while maintaining stakeholder trust.

This role is based in Washington, DC and uses a hybrid work model of 3 days in the office per week. The company offers relocation assistance to new employees.

Responsibilities

• Drive the ATO process for FedRAMP and across multiple government clients in restricted environments with minimal oversight.
• Collaborate with engineering teams to interpret security requirements and implement controls that balance compliance with operational needs.
• Create clear, concise, and technically accurate documentation, including System Security Plans (SSPs), risk assessments, and architecture diagrams.
• Act as a subject matter expert during audits and assessments, representing the organization with credibility and expertise.
• Continuously refine processes to improve the efficiency and quality of compliance efforts.

Requirements

• Proven experience obtaining and maintaining a FedRAMP ATO and agency-specific ATOs in highly restricted environments, within government or regulated sectors.
• Deep understanding of USG security frameworks and policies (e.g., NIST, RMF, FedRAMP).
• Ability to communicate technical concepts to diverse audiences, including engineers and non-technical stakeholders.
• Exceptional technical program management skills, with the ability to multitask and deliver large complex programs under pressure.
• Experience producing System Security Plans (SSPs), risk assessments, and architecture diagrams.
• Strong familiarity with core security concepts and technologies such as authentication, encryption, vulnerability management, and audit logging.
• Familiarity with deployment models to cloud platforms (Azure, AWS) and underlying infrastructure primitives (Kubernetes, Terraform).
• 5+ years of compliance experience in roles involving information security, data security, or infrastructure/network security.
• An active US security clearance is listed as a desirable qualification.

Compensation and Benefits

• Base salary range: $162,000 - $310,000 (offers equity).
• Benefits include medical, dental, and vision insurance; 401(k) with employer match; paid parental and medical leave; PTO; paid company holidays; mental health and wellness support; employer-paid basic life and disability coverage; learning and development stipend; daily meals in offices and meal delivery credits; and relocation support for eligible employees.

Other Notes

• OpenAI is an equal opportunity employer and conducts background checks in accordance with applicable law.
• Reasonable accommodations for applicants with disabilities are available on request.