Federal Compliance Lead

WindBorne Systems•Palo Alto, CA

1d•Onsite

About The Position

WindBorne Systems is supercharging weather forecasts with a unique proprietary data source: a global constellation of next-generation smart weather balloons targeting the most critical atmospheric data. We design, manufacture, and operate our own balloons, using the data they collect to generate otherwise unattainable weather intelligence. Our mission is to eliminate weather uncertainty, and in the process help humanity adapt to climate change, be that predicting hurricanes or speeding the adoption of renewables. We are building a future in which the planet is instrumented by thousands of our microballoons, eliminating gaps in our understanding of the planet and giving people and businesses the information they need to make critical decisions. The founding team of Stanford engineers was named Forbes 2019 30 under 30 and is backed by top-tier investors, including Khosla Ventures and Footwork VC. As the Federal Compliance Lead, you will own our compliance function end-to-end and build the org around you.

Requirements

3+ years experience with compliance audits (FedRAMP, PCI, SOC2, HIPAA, etc.) and prior US Government compliance and audit experience (FedRAMP, FISMA, NIST 800-53, NIST 800-171, US Government ATOs, etc) ideally at a defense contractor or defense tech start-up.
Experience defining CUI boundaries and scoping assessment environments.
Experience writing or substantially contributing to a System Security Plan.
Proficiency with GRC platforms (Drata, Vanta, eMASS, or similar) and security tooling for evidence collection and continuous monitoring.
Experience implementing security controls and assessing compliance in distributed applications on cloud infrastructure (e.g Amazon AWS, Microsoft Azure).
Deep understanding of complex cloud infrastructure and security concepts, including ephemeral technologies (ex. containers).
Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring (Tenable Security Center, Burp, SIEMs, etc.).
Strong Project Management skills, being able to balance and track multiple projects going on at the same time to completion.
Willing and able to obtain a US security clearance.

Responsibilities

Own our compliance function end-to-end and build the org around you.
Lead the company through CMMC Level 2 certification, FedRAMP, IL5, and IL6.
Translate complex federal regulatory frameworks (FedRAMP, DoD CC SRG, CMMC, DFARS 7012) into practical decisions about technical architecture, documentation, and process.
Ensure those decisions actually get implemented by coordinating work across engineering, operations, and business development teams.