<div class="content-intro"><p><span style="font-size: 12pt;"><strong><span style="font-family: helvetica, arial, sans-serif;">About Us</span></strong></span></p><p><span style="font-size: 12pt;">Abacus Insights is transforming how data works for health plans. Our mission is simple: make healthcare data usable, so the people responsible for care and cost decisions can act faster, with confidence. </span><br><span style="font-size: 12pt;">We help health plans break down data silos to create a single, trusted data foundation. That foundation powers better decisions —so plans can improve outcomes, reduce waste, and deliver better experiences for members and providers alike. </span></p><p><span style="font-size: 12pt;">Backed by $100M from top investors, we’re tackling big challenges in an industry that’s ready for change. Our platform enables GenAI use cases by delivering clean, connected, and reliable healthcare data that can support automation, prioritization, and decision workflows—and it’s why we are leading the way. </span></p><p><span style="font-size: 12pt;">Our innovation begins with people. We are bold, curious, and collaborative—because the best ideas come from working together. Ready to make an impact? Join us and let's build the future together.</span></p></div><p><span style="font-size: 12pt;"><strong>About the Role</strong></span></p><p><span style="font-size: 12pt;">We are seeking a Program Manager to lead the execution and delivery of our RAMP compliance programs, including GovRAMP, StateRAMP, and FedRAMP. This role is responsible for planning, coordinating, and driving all authorization and continuous monitoring activities across engineering, cloud operations, security, and IT teams.</span></p><p><span style="font-size: 12pt;">This is not a policy‑authoring or analyst‑only role. Success in this position requires strong program management discipline, the ability to drive cross‑functional delivery, and hands‑on familiarity with RAMP authorization workflows.</span></p><p><span style="font-size: 12pt;">This role ensures that our RAMP programs are delivered on time, with quality, and without last‑minute escalation. The Program Manager enables Security leadership to focus on strategy while ensuring execution stays disciplined and transparent.</span></p><p><span style="font-size: 12pt;"><strong>Your day to day</strong></span></p><p><span style="font-size: 12pt;"><strong>Program Planning & Execution</strong></span></p><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Own the end‑to‑end program plan for GovRAMP, StateRAMP, and/or FedRAMP initiatives</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Develop and maintain detailed schedules, milestones, dependency tracking, and risk registers</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Drive accountability across Security, Engineering, Cloud Ops, Product, and IT</span></li></ul><p><span style="font-size: 12pt;"><strong>RAMP Delivery Management</strong></span></p><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Coordinate authorization activities across:</span></li><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Readiness assessments</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Gap remediation</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">3PAO / assessor engagement</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Authorization reviews</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Continuous monitoring operations</span></li></ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Ensure adoption of NIST SP 800‑53 Rev. 5 control requirements as executable work items</span></li></ul><p><span style="font-size: 12pt;"><strong>Evidence & Artifact Coordination</strong></span></p><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Manage the production, review, and lifecycle of core authorization artifacts, including:</span></li><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">System Security Plan (SSP)</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Control narratives</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">System boundary and data‑flow diagrams</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Inventories and tracking artifacts</span></li></ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Ensure evidence ownership, refresh cadence, and quality standards are consistently met</span></li></ul><p><span style="font-size: 12pt;"><strong>Auditor / 3PAO & Stakeholder Coordination</strong></span></p><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Serve as the program coordination point for assessors and 3PAOs</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Schedule and manage walkthroughs, evidence reviews, and interviews</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Partner with US‑based leadership during assessments, findings reviews, and status reporting</span></li></ul><p><span style="font-size: 12pt;"><strong> </strong><strong>POA&M & Issue Management</strong></span></p><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Own the POA&M tracking and delivery process</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Work with engineering and operations teams to:</span></li><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Define remediation milestones</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Track progress</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Validate closure evidence</span></li></ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Escalate risks early and propose mitigation plans</span></li></ul><p><span style="font-size: 12pt;"><strong>Continuous Monitoring Operations</strong></span></p><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Operationalize monthly and quarterly <strong>continuous monitoring cadence</strong></span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Track vulnerability management, patching, access reviews, logging, and required attestations</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Ensure ongoing compliance stability post‑authorization</span></li></ul><p><span style="font-size: 12pt;"><strong>What you bring to the team</strong></span></p><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">5+ years’ experience in program management, ideally supporting compliance, security, or regulatory initiatives</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience working with GovRAMP, StateRAMP, FedRAMP, or closely related frameworks (FedRAMP Moderate preferred)</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Strong understanding of NIST SP 800‑53 concepts (implementation knowledge required; deep policy writing not required)</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Demonstrated ability to manage cross‑functional global teams</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience coordinating audits, assessments, or external reviews</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Excellent written and verbal communication skills for US stakeholders</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Program planning and execution rigor</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Stakeholder management across time zones</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Clear escalation and decision framing</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Strong documentation and tracking discipline</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Delivery‑oriented mindset with attention to audit detail</span></li></ul><p><span style="font-size: 12pt;"><strong>What we would like to see, but not required</strong></span></p><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience with HIPAA, HITRUST and SOC2 compliance</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Prior experience working with US auditors or 3PAOs</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">SaaS, cloud, or data‑platform environment experience</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Familiarity with AWS and/or Azure environments (Gov or commercial)</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience using Jira, Confluence, and GRC platforms (Hyperproof, Archer, etc.)</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Previous experience supporting US public‑sector customers.</span></li></ul><p><span style="font-size: 12pt;"><strong>Compensation: </strong>Compensation for this role is based on experience, skills, and location, and includes base salary plus eligibility for performance bonuses and equity grants.</span></p><p><span style="font-size: 12pt;"><strong>What you’ll get in return:</strong></span></p><ul><li style="font-size: 12pt;"><span style="font-size: 12pt;">Unlimited paid time off – recharge when you need it</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Work from anywhere – flexibility to fit your life</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Comprehensive health coverage – multiple plan options to choose from</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Equity for every employee – share in our success</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Growth-focused environment – your development matters here</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Home office setup allowance – one-time support to get you started</span></li><li style="font-size: 12pt;"><span style="font-size: 12pt;">Monthly cell phone allowance – stay connected with ease #LI-MS1 #LI-Remote</span></li></ul><div class="content-conclusion"><p class="p1"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;"><strong>Our Commitment as an Equal Opportunity Employer</strong></span></p><p class="p1"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">As a mission-led technology company helping to drive better healthcare outcomes, Abacus Insights believes that the best innovation and value we can bring to our customers comes from diverse ideas, thoughts, experiences, and perspectives. Therefore, we dedicate resources to building diverse teams and providing equal employment opportunities to all applicants. Abacus prohibits discrimination and harassment regarding race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.</span></p><p class="p1"><span style="font-size: 12pt; font-family: helvetica, arial, sans-serif;">At the heart of who we are is a commitment to continuously and intentionally building an inclusive culture—one that empowers every team member across the globe to do their best work and bring their authentic selves. We carry that same commitment into our hiring process, aiming to create an interview experience where you feel comfortable and confident showcasing your strengths. If there’s anything we can do to support that—big or small—please let us know.</span></p></div>