Director / Senior Director of Compliance

ID.me•Mountain View, CA

1d•Onsite

About The Position

id.me operates one of the most highly regulated identity verification platforms in the country. Our compliance programs span FedRAMP, NIST 800-63 (Rev 3 and Rev 4), SOC 2, ISO 27001, IRS Pub 4812, and a growing portfolio of federal and commercial audit obligations. We're looking for a compliance leader who believes that compliance done right is a byproduct of well-engineered systems — not a parallel bureaucracy. The right person will transform how compliance operates: from manual evidence gathering and heroic individual effort to automated, continuous, and scalable. This is not a role for someone who wants to maintain the status quo. If your instinct when a deadline is at risk is to throw more hours at it instead of asking "why isn't this automated?", this isn't the right fit.

Requirements

People-first leadership. You have built and grown compliance teams. You hold regular 1:1s, create career development plans, and invest in making your people better — not just getting work done. You delegate effectively and build systems where knowledge survives individual absence. If you're "too busy" for your team, you're not operating at the right altitude.
Communication clarity. You give crisp, direct answers to strategic questions. "What does success look like in 30 days?" gets a two-sentence answer, not a monologue. You write clearly. You adjust your communication to your audience — board members, engineers, auditors, PMs — without losing precision.
Partnership over gatekeeping. Engineering and Product are your customers, not your adversaries. You default to "how do we make this work safely?" not "this is not allowed." When you say no, you explain why in terms the other person values and offer an alternative path. You build relationships with stakeholders proactively — you don't wait for escalations.
Automation conviction. You believe compliance should be engineered, not administered. You champion tooling that automates evidence collection, continuous monitoring, and control validation. You actively resist the instinct to throw manual labor at deadline pressure. You think more like an engineering director than a traditional compliance director — systems, leverage, elimination of toil.
Self-directing execution. You operate with minimal management. You identify what needs to happen, build a plan, execute it, and communicate upward proactively. You don't wait to be told. You manage up effectively — your leadership always knows where things stand without having to ask.

Nice To Haves

Experience with FedRAMP (Moderate or High), NIST 800-53, or equivalent federal compliance frameworks
Experience building or significantly improving compliance automation (evidence pipelines, GRC platform integrations, continuous monitoring)
Familiarity with GRC platforms (LogicGate, Drata, Vanta, or similar) — as a power user who pushes the platform, not just a form-filler
Comfort with AI/ML tools for compliance workflows (we use Claude, Gemini, and custom MCP integrations extensively)
Experience operating in a growth-stage or mid-stage tech company where you had to build, not just maintain
CISA, CISSP, CRISC, CISM, or similar certifications
Experience with Kantara / NIST 800-63 identity assurance frameworks
SOC 2 Type II, ISO 27001 audit management experience
Prior experience managing 3PAO and external assessor relationships

Responsibilities

Full compliance portfolio : FedRAMP (Moderate), SOC 2 Type II, ISO 27001, IRS Pub 4812, NIST 800-63 Rev 3/Rev 4 (Kantara), and emerging frameworks as they apply.
People leadership : Build, grow, and lead a compliance team. You are accountable for your team's development, career growth, and well-being — not just their output.
Automation strategy : Drive aggressive control consolidation and evidence automation. Reduce the total number of operated controls. Make evidence collection a byproduct of the work people already do — not a separate exercise.
Cross-functional partnership : Serve as the compliance interface to Engineering, Product, Legal, and Privacy. Build trust through partnership, not gatekeeping. Your success is measured by how easily teams work WITH compliance, not how thoroughly you block them.
Audit readiness : Maintain continuous audit readiness across all programs. Manage 3PAO relationships, agency engagements, and external assessors.
Risk integration : Partner with the Risk team to feed compliance findings into a unified cyber risk register. One evaluation loop — not fragmented reviews from five different teams.

Benefits

comprehensive medical, dental, vision
health savings account
flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts)
basic and voluntary life and AD&D insurance
401(k) with company match
parental leave
ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays
short and long-term disability insurance
accident and critical illness insurance
referral bonus policy
employee assistance program
pet insurance
travel assistant program
wellbeing and childcare discounts
benefit advocates
a learning and development benefit