Compliance Operations Lead

Key Responsibilities

Compliance Program Ownership

• Build and run the master compliance program covering FedRAMP High, IL5, CMMC Level 2, SOC 2, and adjacent public-sector frameworks.
• Drive the FedRAMP High ATO roadmap end-to-end, including 3PAO coordination, agency sponsorship navigation, and continuous monitoring once authorized.
• Maintain a forward-looking compliance roadmap that anticipates new frameworks, customer requirements, and regulatory changes.

Evidence Automation & Audit Readiness

• Own evidence management end-to-end: gather, organize, and automate collection so we are audit-ready every day.
• Stand up automated policy checks, control evidence capture, and continuous monitoring tooling.
• Lead quarterly and annual security documentation cycles, coordinate penetration tests and red-team engagements, and track remediation through to closure.

Customer Trust, BD & Sales Enablement

• Be the primary voice on enterprise security questionnaires and customer trust calls.
• Partner directly with Sales as a front-line credibility asset—join customer pitches and discovery calls, brief prospects on our compliance roadmap.
• Help represent GovSignals at industry conferences, customer events, and federal/defense forums.
• Translate complex compliance posture into clear narratives for both technical security teams and non-technical executives.
• Build and maintain a customer-facing trust center, security collateral, and reusable response library.

Engineering Partnership

• Embed secure-by-design practices alongside engineering—policy checks in CI/CD, infrastructure-as-code guardrails, hardened deployment pipelines.
• Identify smart, outside-of-the-box solutions to compliance roadblocks.
• Monitor the evolving threat landscape and propose proactive hardening measures.

Required Qualifications

• 3+ years leading compliance or security programs at a high-growth technology or defense startup.
• Demonstrated success achieving and maintaining FedRAMP High ATO or an equivalent high-impact authorization.
• Deep working fluency with IL5, CMMC Level 2, SOC 2 Type II, NIST 800-171, and the broader U.S. public-sector compliance landscape.
• Proven ability to design and run automated evidence collection, policy management, and vulnerability-tracking workflows.
• Strong written and verbal communication skills for both technical and executive audiences; comfortable owning customer security reviews end-to-end.
• Experience coordinating red-team, penetration-test, or bug-bounty programs and translating findings into engineering action.
• Comfort operating in a fast-moving, early-stage environment.

Bonus

• Hands-on exposure to Kubernetes, Terraform, JAMF, and modern DevSecOps toolchains.
• Prior experience supporting an IC or DoD customer base.

Compensation & Benefits

• Base Salary: $140,000 - $190,000
• Equity: Meaningful stake in a well-funded, fast-growing startup
• Benefits: 100% employer-paid medical, vision, and dental (Bronze coverage), Unlimited PTO