# Compliance Operations Lead
**Company:** [Govsignals](https://hotfix.jobs/companies/govsignals)
**Location:** New York, NY
**Salary:** $140K-$190K
**Experience:** 3+ years
**Skills:** Fedramp High, Il5, Cmmc Level 2, SOC 2, Nist 800-171, Kubernetes, Terraform, CI/CD, DevSecOps, Grc Tools
**Posted:** 2026-05-06
> Leads end-to-end compliance program for FedRAMP High, IL5, CMMC Level 2, and SOC 2 at a high-growth govtech startup. Automates evidence collection, partners with engineering on secure-by-design practices, and supports sales with customer trust narratives. Requires 3+ years in startup compliance with high-impact authorizations.
## Job Description
## Key Responsibilities

### Compliance Program Ownership
- Build and run the master compliance program covering FedRAMP High, IL5, CMMC Level 2, SOC 2, and adjacent public-sector frameworks.
- Drive the FedRAMP High ATO roadmap end-to-end, including 3PAO coordination, agency sponsorship navigation, and continuous monitoring once authorized.
- Maintain a forward-looking compliance roadmap that anticipates new frameworks, customer requirements, and regulatory changes.

### Evidence Automation & Audit Readiness
- Own evidence management end-to-end: gather, organize, and automate collection so we are audit-ready every day.
- Stand up automated policy checks, control evidence capture, and continuous monitoring tooling.
- Lead quarterly and annual security documentation cycles, coordinate penetration tests and red-team engagements, and track remediation through to closure.

### Customer Trust, BD & Sales Enablement
- Be the primary voice on enterprise security questionnaires and customer trust calls.
- Partner directly with Sales as a front-line credibility asset—join customer pitches and discovery calls, brief prospects on our compliance roadmap.
- Help represent GovSignals at industry conferences, customer events, and federal/defense forums.
- Translate complex compliance posture into clear narratives for both technical security teams and non-technical executives.
- Build and maintain a customer-facing trust center, security collateral, and reusable response library.

### Engineering Partnership
- Embed secure-by-design practices alongside engineering—policy checks in CI/CD, infrastructure-as-code guardrails, hardened deployment pipelines.
- Identify smart, outside-of-the-box solutions to compliance roadblocks.
- Monitor the evolving threat landscape and propose proactive hardening measures.

## Required Qualifications
- 3+ years leading compliance or security programs at a high-growth technology or defense startup.
- Demonstrated success achieving and maintaining FedRAMP High ATO or an equivalent high-impact authorization.
- Deep working fluency with IL5, CMMC Level 2, SOC 2 Type II, NIST 800-171, and the broader U.S. public-sector compliance landscape.
- Proven ability to design and run automated evidence collection, policy management, and vulnerability-tracking workflows.
- Strong written and verbal communication skills for both technical and executive audiences; comfortable owning customer security reviews end-to-end.
- Experience coordinating red-team, penetration-test, or bug-bounty programs and translating findings into engineering action.
- Comfort operating in a fast-moving, early-stage environment.

## Bonus
- Hands-on exposure to Kubernetes, Terraform, JAMF, and modern DevSecOps toolchains.
- Prior experience supporting an IC or DoD customer base.

## Compensation & Benefits
- **Base Salary**: $140,000 - $190,000
- **Equity**: Meaningful stake in a well-funded, fast-growing startup
- **Benefits**: 100% employer-paid medical, vision, and dental (Bronze coverage), Unlimited PTO
**Apply:** https://hotfix.jobs/jobs/compliance-operations-lead-at-govsignals-a472d32c-edfe-4f70-bfe5-a65b50560046
**Canonical:** https://hotfix.jobs/jobs/compliance-operations-lead-at-govsignals-a472d32c-edfe-4f70-bfe5-a65b50560046