Program Manager, Governance, Risk and Compliance

MongoDB’s mission is to empower innovators to create, transform, and disrupt industries by unleashing the power of software and data. We enable organizations of all sizes to easily build, scale, and run modern applications by helping them modernize legacy workloads, embrace innovation, and unleash AI. Our industry-leading developer data platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available in more than 115 regions across AWS, Google Cloud, and Microsoft Azure. Atlas allows customers to build and run applications anywhere—on premises, or across cloud providers. With offices worldwide and over 175,000 new developers signing up to use MongoDB every month, it’s no wonder that leading organizations, like Samsung and Toyota, trust MongoDB to build next-generation, AI-powered applications.

MongoDB aligns its practices to multiple compliance frameworks in order to support our customer’s needs and help them to meet their regulatory and policy objectives. As we continue to grow and expand our compliance frameworks scope, the GRC team is building a resilient and scalable Program to help MongoDB navigate through the complexity and ambiguity of the compliance, regulatory, financial and technology risk landscape. 

Working closely with Commercial and Public Compliance sector teams, the GRC Program Manager role will lead the maintenance effort of the Common Controls Framework, focus on optimizing and scaling of our GRC compliance processes and help to define roadmaps and necessary capabilities for future GRC programs. 

The GRC Program Manager should be experienced in information security and compliance research, planning and delivering projects and programs, including ‘hands-on’ delivery and transition to Business as Usual and driving process modeling and improvements. The successful candidate should have demonstrated an experience with compliance control mapping, performing gap analysis and capturing, defining and communicating requirements. In addition, experience in process and product development in a Cloud environment would be most beneficial.

This position is a unique opportunity to explore a robust scope of information security frameworks and be innovative in designing our scaling strategy. We’re looking for someone who is excited to take initiative and willing to learn.

We are looking to speak to candidates who are based in Princeton, NJ for our hybrid working model.

• Manage the Common Controls Framework (CCF) lifecycle, including design, implementation, maintenance, and continuous improvement
• Lead the quarterly and annual CCF control review processes, coordinating cross-functional input to assess control effectiveness, validate ownership, and capture updates across all applicable frameworks. Use findings to drive remediation, improve control maturity, and inform audit readiness and program reporting
• Lead cross-functional coordination with engineering, security, product, legal, privacy, and operations teams to align control implementation and monitoring
• Serve as the connective tissue across multiple compliance frameworks (e.g., FedRAMP, NIST 800-53, ISO 27001, SOC 2, HIPAA, PCI, GDPR)
• Drive control harmonization, ensuring all relevant frameworks are mapped and aligned to minimize duplication of effort and audit fatigue
• Build and maintain a centralized controls library, including ownership assignment, testing cadence, and evidence automation
• Partner with security and GRC teams to establish and track key performance indicators (e.g., control maturity, testing success rate, audit readiness)
• Act as the liaison to external auditors and assessors during evidence collection, walkthroughs, and remediation tracking
• Lead program reviews, reporting status to executive leadership and identifying areas for program enhancement
• Evangelize a compliance-as-a-service model, helping teams integrate security and compliance into development workflows
• Feed relevant data points into the information risk assessment process (ex: identifying gaps that may translate to risks; identifying low maturity assessment scores that may translate to risk) 
• Collaborate with compliance team leads on defining roadmaps and necessary capabilities for future GRC programs
• Support operational activities such as control performance assessment via NIST CSF Maturity assessment and monitoring of effectiveness of the GRC Programs
• Support the GRC functions to help drive through ad-hoc deliverables as required 
• Lead efforts to ensure GRC tooling is updated with pertinent information and configured appropriately to allow for scalable growth
• Perform cross functional supportive activities related to maintaining standard compliance operations

• 7+ years of experience in program or project management, ideally in security, compliance, or risk-heavy domains
• Create and maintain procedures and documentation for CCF management, including updates, quarterly control reviews, evidence handling, and stakeholder coordination
• Strong working knowledge of security frameworks (FedRAMP, NIST 800-53, SOC 2, ISO 27001, etc.)
• Own and optimize our GRC / audit tool, ensuring effective control mapping, evidence management, and automation to support scalable, audit-ready compliance operations
• Experience designing or operationalizing a centralized/common control framework across multiple compliance obligations
• Proven ability to run cross-functional programs in a matrixed organization
• Familiarity with technical control domains: access management, change management, monitoring/logging, vulnerability management, configuration baselines
• Strong written and verbal communication skills; comfortable presenting to technical and executive stakeholders
• Experience supporting or managing internal or external audits

The GRC Program Manager will be successful in this role when they can execute the following strategic tasks: 

• People: Collaborate with leads to understand our customer's compliance requests and necessary gaps to address
• Organization: Ability to manage multiple parallel efforts and prioritize resources based upon understanding and interpreting business need
• Communication: Successfully communicate your recommendations and rationale to both technical and non-technical management
• Research: Gather and analyze feedback from internal stakeholders and develop pragmatic recommendations with respect to compliance initiatives
• Customer Service: Ensure MongoDB’s GRC Program operates efficiently with minimal interruption to MongoDB teams. Provide great customer service when interfacing with other MongoDB Teams

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Req ID: 3263225793