Head of Security and Compliance

Head of Security and Compliance 

Location: Greater Washington D.C. Area (Hybrid)  

At one of our incubation companies, we are building a product suite to supercharge cybersecurity analysts. As the company's first Head of Security and Compliance, you will play a critical role in establishing the Governance, Risk, Compliance, and other Security functions to actively manage risk, drive accountability, and nurture a “secure by design” culture across the company. You will ensure compliance with standards, policies, and applicable regulations globally, starting with the US Government and highly regulated commercial market segments. You will work closely with the Chief Strategy and Risk Officer on the company-wide risk program, and you will partner with the Chief Product Officer and Chief Revenue Officer to support the company’s product roadmap, build customer trust, and unlock markets. You will embrace the dynamic nature of an early-stage startup in which every member of the team must help drive the business. Experience with government compliance frameworks is a must; experience with both government and private-sector compliance frameworks is highly desirable. 

What you will do: 

• Implement and ensure adherence to government and commercial compliance frameworks such as SOC 2, NIST, FEDRAMP, ISO 27001, PCI-DSS, and others 
• Align the company’s compliance roadmap with the product roadmap and overall business strategy 
• Identify, assess, and prioritize risks related to information security 
• Develop, implement, and manage key policies, standards, and guidelines related to information security and compliance 
• Conduct and coordinate cybersecurity assessments and audits 
• Lead the selection, implementation, and maintenance of information security tools 
• Manage vendor and Third-Party Audit Organization (3PAO) relationships in support of Governance, Risk, and Compliance needs 
• Assess and convey the costs, timelines, and market opportunities associated with various compliance requirements 
• Inform and manage the compliance and security budgets  
• Advise the Chief Strategy and Risk Officer and other leadership on the best strategies for optimizing the security of systems and assets  

Required Qualifications: 

• 5-10 years Information Security, Audit, or IT Risk and Compliance experience 
• A thorough understanding of technical concepts relevant to information security/cybersecurity, software development, application security, cloud computing, security architecture, and privacy 
• Demonstrated success working collaboratively with engineering teams 
• Demonstrated ability to thrive in a fast-paced environment that requires every member of the team to wear multiple hats 
• Demonstrated exceptional critical thinking skills 
• Demonstrated exceptional presentation and interpersonal skills 
• Strong desire to protect national security interests 
• US Citizen with a TS/SCI clearance or above 

Bonus Points: 

• CISA, CISSP, CISM or other professional certifications a plus 
• Experience interacting with national security organizations and personnel 

Benefits: 

• 100% employer paid, comprehensive health care including medical, dental, and vision for you and your family 
• Paid maternity and paternity for 14 weeks at employees' normal pay 
• Unlimited PTO, with management approval 
• A hybrid work environment, split between remote work and travel to our offices in Washington D.C or alternative locations to collaborate with your team in person 
• Opportunities for professional development and continued learning 
• Optional 401K, FSA, and equity incentives available