Staff Technical Program Manager - Government Authorizations

Role 

We are looking for a Staff Technical Program Manager - Government Authorizations to join our team. Although the role can be remote within the US, there is a preference for someone to work in a hybrid environment from the San Jose, CA office. This role reports to the Director, Technology, Risk & Compliance within the Exposure Management and Security Operations department. 

Zscaler is seeking an experienced Staff Technical Program Manager - Government Authorizations to own the end-to-end execution of authorizations and continuous monitoring activities across the FedRAMP and DoD programs. This role operates with an ownership mindset, accomplishing tasks with a dedicated focus against clear priorities, and driving cross-functional execution from onboarding through authorization and ongoing sustainment.

What you’ll do (Role Expectations)

• Own the authorization activities (SSPs, POA&Ms, SARs) across all impact levels 
• Facilitate audit interviews, evidence collection and remediation activities
• Evaluate and adjust authorization strategy based on evolving certification programs (FedRAMP 20x), requirements and technology
• Support continuous monitoring activities (incident response/reporting, access reviews, vulnerability scan analysis, change reviews) and drive continuous improvements based on lessons learned in partnership with Compliance Engineering and Compliance Architecture
• Advise relevant stakeholders on the current and future risks to authorization activities
• Serve as the primary interface with government stakeholders and 3PAO to ensure clear communication for driving authorization activities

Who You Are (Success Profile)

• You thrive in ambiguity. You're comfortable building the path as you walk it. You thrive in a dynamic environment, seeing ambiguity not as a hindrance, but as the raw material to build something meaningful.
• You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. True ownership involves leveraging dynamic range: the ability to navigate seamlessly between high-level strategy and hands-on execution.
• You are a problem-solver. You love running towards the challenges because you are laser-focused on finding the solution, knowing that solving the hard problems delivers the biggest impact.
• You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust.
• You are a learner. You have a true growth mindset and are obsessed with your own development, actively seeking feedback to become a better partner and a stronger teammate. You love what you do and you do it with purpose.

What We’re Looking for (Minimum Qualifications)

• 5+ years of experience leading US Government compliance audits and the remediation of risks tracked in the POA&M
• Deep understanding of NIST 800-53 Rev 5, DoD Cloud Computing SRG, CNSSI 1253 and how the control requirements translate to practical implementations of GRC controls in distributed environments
• Proven experience coordinating assessment evidence collection activities across technical and non-technical stakeholders 
• Proficiency with fundamental security concepts and continuous monitoring processes
• Bachelor’s degree in Computer Science, Engineering, Information Systems, or a related field (or equivalent practical experience)
• Must be a U.S citizen, U.S Secret or Top Secret security clearance is a plus

What Will Make You Stand Out (Preferred Qualifications)

• Direct experience owning FedRAMP/DoD ATO packages, ConMon submissions, and interactions with authorizing officials/3PAO assessors
• Possesses the ability to understand the intent of control objectives, how it applies to various technologies and evidence that demonstrates the effectiveness of the control objectives. 
• Exceptional verbal and written communication skills tailored for both technical and non-technical audiences

#LI-Remote

#LI-JG1