Security Governance Manager (Remote / DC Metro)

Overview

About Unison:Unison's products power the business of government to work smoother and smarter, making critical federal processes and acquisitions simpler and more effective. Trusted by over 200,000 federal employees and government contractors, our AI-infused software and deep domain expertise help contract shops, cost engineers, 1102s, program managers, and budgeting professionals cut through friction, keep compliance airtight, and sharpen decisions. Our federal focus brings efficiency, transparency, and clarity to complex data, regulations, and workflows, empowering agencies and executives to spend more minutes on mission and achieve strategic objectives. Unison is how federal business gets done.

Unison is proud to be recognized as a 2026 Quantum Certified Workplace in Washington D.C., reflecting our continued focus on building a workplace where people feel supported and teams thrive.

Role Overview:

Unison is hiring a Security Governance Manager to manage key activities supporting our federal authorizations, customer assurance obligations, and compliance operations. Reporting directly to the CISO, you will manage security governance activities supporting our authorizations and certifications, including FedRAMP, DoD Impact Level 4 (IL4), CMMC, and others.

You will work as part of the broader Security team to maintain authorization documentation, strengthen evidence quality, coordinate with control owners, support annual assessments, manage customer and vendor assurance activities, and keep audit and authorization work moving with discipline and clarity.

This is a hands-on leadership role for a GRC practitioner who treats compliance as a way to enable the business and earn trust.

Responsibilities

• Lead and mature the Security Governance function as part of the broader Security team, covering strategy, processes, ownership, reporting, and continuous improvement.
• Maintain and strengthen Unison's authorizations and certifications, including FedRAMP, IL4, and CMMC, by managing documentation, SSP updates, evidence quality, control-owner coordination, audit readiness, and annual assessment support.
• Support FedRAMP continuous monitoring activities, including recurring evidence collection, monthly and annual deliverables, risk documentation, remediation commitments, approvals, and deadlines.
• Coordinate with agency Authorizing Officials, 3PAOs, agency stakeholders, auditors, and control owners through assessments and ongoing authorization activity.
• Own the lifecycle of security policies, standards, and procedures, keeping documentation aligned with actual business and technical practice.
• Manage customer trust and assurance activities, including customer security reviews, questionnaires, RFPs, due-diligence responses, and reusable evidence packages.
• Communicate governance, compliance, audit, and risk topics clearly to technical teams, customers, auditors, executives, and business stakeholders

Qualifications

• 6+ years in GRC, security governance, compliance, audit, or risk management.
• Hands-on FedRAMP experience, including authorization, continuous monitoring, SSP maintenance, evidence management, assessments, annual assessment support, and POA&M coordination.
• Exposure to other federal authorizations and certifications such as DoD IL4/IL5 or CMMC.
• Working knowledge of NIST SP 800-53 and the control expectations behind FedRAMP, CMMC, and similar programs, including authorization documentation and audit evidence practices.
• Proven ability to manage people and vendors and to communicate credibly with auditors, technical teams, customers, and executives.
• Strong written communication skills, including the ability to produce clear policies, procedures, control narratives, customer responses, risk summaries, and executive-ready updates.

Preferred Qualifications

• A prior hands-on technical role, such as engineering, security operations, or systems/cloud administration.
• FedRAMP High, agency ATOs, or multiple federal authorization paths.
• DoD IL4/IL5, CMMC, or DISA experience.
• SaaS or GovTech experience serving federal agencies.
• Certifications such as CGRC, CISM, CRISC, CISA, CISSP, or CCSP.

What We're Looking For

We're looking for someone who treats security governance as a way to move the business forward, not a box to check. You understand that security authorizations are a way to earn customer trust.

You're hands-on. You can set direction and mature the program, but you'll also write policy, chase the evidence, sit with the auditor, and answer the hard question on a customer call. You work credibly across our security compliance requirements and can hold your own with engineers without losing the business view.

You bring structure without bureaucracy. You know which controls and processes matter, where to push, and where to keep it simple.

Clearance:Applicants may need to be the subject of a security investigation and may need to meet eligibility requirements for access to classified information, to include U.S. Citizenship.

Compensation:

Base Salary: $155,000 - $190,000

Final compensation will depend on factors such as geographic location, experience, and qualifications.

In-Person Interview:Our hiring process requires one in-person meeting, typically the final interview. Travel and accommodation will be provided.

Remote Work:Though predominantly remote, monthly office visits may be required.

Why Join Unison:Unison has pioneered the creation of innovative software for federal agencies, program offices, and government contractors worldwide. We believe that there is power in moving in unison. Our culture and values reflect this belief and are central to achieving our mission of powering the business of government. Rather than chasing short-lived tech trends, Unison delivers proven software that simplifies the complexities of federal business. Our technology combines innovative thinking with precise federal know-how, addressing critical details others overlook. Designed with purpose and engineered to endure, our software provides consistent performance, allowing federal agencies and contractors to stay focused on their missions.

Unison provides equal employment opportunities to all employees and applicants for employment without regard to race, color, national origin, sex, gender identity, sexual orientation, religion, disability status, age, genetics, veteran status, or any other characteristic protected by federal, state, or local laws.