Job description

Must be a US Citizen! Must be able to work 4 days a week on-site in San Francisco. Must really know FedRamp and CMMC and be able to get in front of customers. A rapidly growing technology company is seeking a Head of Security & Compliance to lead its information security, compliance, and risk management programs. This individual will be the driving force behind achieving and maintaining FedRAMP and CMMC certifications and will play a crucial role in establishing trust with both customers and partners. This is a highly visible and customer-facing role, ideal for someone who thrives in startup environments, enjoys building programs from the ground up, and can confidently represent security posture to enterprise and federal clients. What You’ll Do • Lead all security and compliance initiatives, including strategy, roadmap, and execution for FedRAMP, CMMC, and related frameworks (e.g., SOC 2, ISO 27001). • Own the FedRAMP and CMMC authorization process—from gap assessment through certification—working closely with internal stakeholders and external vendors, auditors, and assessors. • Serve as the company’s security face to customers—participating in sales calls and technical discussions to communicate the company’s security controls, compliance posture, and risk management approach. • Partner with engineering and product teams to integrate secure development practices, perform risk assessments, and ensure security-by-design principles. • Collaborate with vendors and third-party providers to ensure all partners meet compliance and security requirements. • Develop policies, procedures, and documentation supporting continuous compliance, incident response, and security awareness across the organization. • Act as a trusted advisor to the executive team on emerging threats, regulatory changes, and evolving customer security expectations. What You’ll Bring • 8+ years of experience in information security, compliance, or risk management, with 3+ years in a leadership role. • Deep expertise in FedRAMP and CMMC frameworks, including hands-on experience achieving or maintaining certification. • Proven success in customer-facing security roles—comfortable presenting to clients, auditors, and executive stakeholders. • Strong understanding of cloud-native SaaS environments, ideally within AWS or Azure. • Ability to collaborate closely with software engineers and technical teams—comfortable discussing topics like infrastructure, data flows, and access controls. • Familiarity with additional standards such as SOC 2, NIST 800-53, ISO 27001, and Zero Trust frameworks. • Experience working in startups or high-growth environments where processes and systems are being built from the ground up. • Active or previously held Secret Clearance is a strong plus. • Relevant certifications such as CISSP, CISM, CISA, or PMP are a plus. Why Join • Build and own the company’s entire security and compliance function from the ground up. • Direct impact on customer trust and enterprise expansion through security leadership. • Collaborate with a highly technical, mission-driven team in a fast-paced startup culture. • Work onsite 4 days per week in a collaborative San Francisco office with a forward-thinking leadership team.

Requirements