Compliance Operations Lead

GovSignals•New York, NY

1d•Remote

About The Position

GovSignals is shaping the future of government contracting with breakthrough AI-driven solutions. We are disrupting a multi-billion dollar industry and enabling private-sector technologies to secure government contracts faster than ever, strengthening national security and driving economic growth. GovSignals has built the most advanced government-contracting AI platform available. From small businesses to Fortune 500 enterprises, our platform multiplies the opportunities contractors can pursue and empowers them to deliver fully compliant, winning proposals in hours instead of months. As one of the largest aggregators of U.S. government data, we set trends rather than follow them. In government contracting, compliance is a moat. FedRAMP High, IL5, CMMC Level 2, SOC 2—these are the gates that decide which platforms get to serve the DoD, the Intelligence Community, and the largest agencies in the federal government. We need a Compliance Operations Lead who treats that gate as offense, not paperwork. This is not a role where you write policy docs, file them in a binder, and chase tickets through a GRC tool. You will own GovSignals' entire security and compliance posture end-to-end—architecting the program, automating the evidence, partnering directly with engineering, and standing in front of customers and auditors as the face of our trust story. You'll move at product speed. When a control fails or an auditor flags an exception, you fix it because it's yours. Compliance at GovSignals is a product. It ships, it scales, and it has to keep up with an aggressive engineering cadence. We want someone who automates evidence collection in CI/CD instead of chasing screenshots. Someone who treats every customer security review as a sales asset, not a tax. Someone who has done this before at a high-growth defense or dual-use startup—and knows the difference between checking the box and building something defensible. This role reports directly into the founding team. You will have full company support to hit our compliance milestones, and you'll be expected to prioritize compliance as a means to an end—shipping product and unlocking customers.

Requirements

3+ years leading compliance or security programs at a high-growth technology or defense startup
Demonstrated success achieving and maintaining FedRAMP High ATO or an equivalent high-impact authorization
Deep working fluency with IL5, CMMC Level 2, SOC 2 Type II, NIST 800-171, and the broader U.S. public-sector compliance landscape
Proven ability to design and run automated evidence collection, policy management, and vulnerability-tracking workflows—not just operate someone else's GRC tool
Strong written and verbal communication skills for both technical and executive audiences; comfortable owning customer security reviews end-to-end
Experience coordinating red-team, penetration-test, or bug-bounty programs and translating findings into engineering action
Comfort operating in a fast-moving, early-stage environment where priorities shift and you own the outcome

Nice To Haves

Hands-on exposure to Kubernetes, Terraform, JAMF, and modern DevSecOps toolchains
Prior experience supporting an IC or DoD customer base.

Responsibilities

Build and run the master compliance program covering FedRAMP High, IL5, CMMC Level 2, SOC 2, and adjacent public-sector frameworks.
Drive the FedRAMP High ATO roadmap end-to-end, including 3PAO coordination, agency sponsorship navigation, and continuous monitoring once authorized.
Maintain a forward-looking compliance roadmap that anticipates new frameworks, customer requirements, and regulatory changes—we shouldn't be reacting; we should be ahead.
Own evidence management end-to-end: gather, organize, and automate collection so we are audit-ready every day, not the week before fieldwork.
Stand up automated policy checks, control evidence capture, and continuous monitoring tooling—if it can be scripted, it should be.
Lead quarterly and annual security documentation cycles, coordinate penetration tests and red-team engagements, and track remediation through to closure.
Be the primary voice on enterprise security questionnaires and customer trust calls—we win deals when buyers trust our posture.
Partner directly with Sales as a front-line credibility asset—join customer pitches and discovery calls, brief prospects on our compliance roadmap, and close the trust gap that often decides seven-figure deals.
Help represent GovSignals at industry conferences, customer events, and federal/defense forums—build relationships with security leaders at target accounts and bring back signal that shapes our roadmap.
Translate complex compliance posture into clear narratives for both technical security teams and non-technical executives.
Build and maintain a customer-facing trust center, security collateral, and reusable response library that compresses sales cycles.
Embed secure-by-design practices alongside engineering—policy checks in CI/CD, infrastructure-as-code guardrails, hardened deployment pipelines.
Identify smart, outside-of-the-box solutions to compliance roadblocks. Help guide company roadmaps to scope and prepare for compliance changes.
Monitor the evolving threat landscape and propose proactive hardening measures—you don't wait for an incident to drive change.