Security and Compliance Lead

About The Position

Requirements

• 7+ years of experience in security roles with demonstrated compliance and technical responsibilities
• Deep knowledge of federal compliance frameworks: NIST 800-171, NIST 800-53 Rev 5, CMMC 2.0, FedRAMP, and ITAR compliance and cybersecurity requirements
• Experience preparing for and supporting third-party assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or equivalent)
• Hands-on technical skills: ability to write scripts, Terraform, and troubleshoot access issues
• Cloud security experience securing cloud environments (GCP preferred; AWS GovCloud)
• Experience with enterprise IAM platforms (Okta, Azure AD, or similar)
• Excellent documentation skills with ability to write policies that satisfy auditors and implementation guides that engineers can use
• Strong communication skills with comfort presenting to auditors, executives, government customers, and authorizing officials
• Combined experience in both compliance/GRC and hands-on technical security implementation
• Experience leading or supporting third-party security assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or similar)
• Ability to interpret NIST 800-53 controls and implement them in cloud environments
• Working knowledge of CMMC, FedRAMP, and DFARS frameworks, including overlapping control requirements
• Demonstrated ability to operate effectively in fast-paced environments with competing priorities
• Experience building or significantly maturing a compliance program
• U.S. Citizenship required

Nice To Haves

• FedRAMP authorization experience, ideally from initial readiness through ATO
• CMMC C3PAO assessment experience
• DoD or federal contractor background with understanding of regulatory environment and contract requirements
• GCP experience including Security Command Center, Cloud Audit Logs, IAM, VPC Service Controls, and Assured Workloads
• Infrastructure-as-code experience with Terraform, Ansible, or similar tools
• GRC tooling experience (Vanta, Drata,or similar)
• Security certifications such as CISSP, CISM, CGRC, CAP, or Security+
• Familiarity with scripting languages (Python, Go, Bash)
• Active Secret or Top Secret clearance, or ability to obtain

Responsibilities

• Own CMMC L2 certification and FedRAMP High authorization efforts end-to-end, including gap analysis, remediation tracking, evidence collection, and assessment coordination
• Maintain compliance with DFARS cybersecurity clauses (7012, 7019, 7020), ITAR, EAR and other federal requirements; manage SPRS score and supplier requirements
• Develop and maintain System Security Plans, POA&Ms, policies, procedures, and supporting artifacts across all compliance frameworks
• Serve as primary point of contact for C3PAO/3PAO assessors, government customers, prime contractors, and agency authorizing officials
• Manage continuous monitoring activities including vulnerability scanning, access reviews, evidence collection, and monthly/annual reporting
• Monitor regulatory changes across CMMC, FedRAMP, NIST 800-171/800-53, DFARS, and ITAR; assess impact and drive necessary updates
• Implement security controls hands-on, including identity and access management, logging, encryption, and endpoint security
• Harden cloud infrastructure in GCP, AWS, implementing security configurations and access controls aligned with compliance requirements
• Build automation and tooling for evidence collection and compliance reporting; integrate security into CI/CD pipelines
• Define, document, and enforce CUI boundaries and enclave architecture
• Translate compliance requirements into actionable technical guidance for engineering teams
• Support customer security assessments, due diligence requests, and contract security requirements

Benefits

• Competitive salary
• Comprehensive benefits (401(k), dental, vision, health, life insurance)
• Paid time off
• Equity options
• Flexible working arrangements including hybrid remote/in-office schedules.