Head of Security and Compliance

Overview

A rapidly growing technology company is seeking a

Head of Security & Compliance

to lead its information security, compliance, and risk management programs. This individual will be the driving force behind achieving and maintaining

FedRAMP

and

CMMC

certifications and will play a crucial role in establishing trust with both customers and partners. This is a highly visible and customer-facing role, ideal for someone who thrives in startup environments, enjoys building programs from the ground up, and can confidently represent security posture to enterprise and federal clients. Must be able to work on-site in San Francisco for 4 days a week.

What You’ll Do

Lead all security and compliance initiatives , including strategy, roadmap, and execution for FedRAMP, CMMC, and related frameworks (e.g., SOC 2, ISO 27001).

Own the FedRAMP and CMMC authorization process —from gap assessment through certification—working closely with internal stakeholders and external vendors, auditors, and assessors.

Serve as the company’s security face to customers —participating in sales calls and technical discussions to communicate the company’s security controls, compliance posture, and risk management approach.

Partner with engineering and product teams

to integrate secure development practices, perform risk assessments, and ensure security-by-design principles.

Collaborate with vendors and third-party providers

to ensure all partners meet compliance and security requirements.

Develop policies, procedures, and documentation

supporting continuous compliance, incident response, and security awareness across the organization.

Act as a trusted advisor

to the executive team on emerging threats, regulatory changes, and evolving customer security expectations.

What You’ll Bring

8+ years of experience in

information security, compliance, or risk management , with 3+ years in a leadership role.

Deep expertise in

FedRAMP

and

CMMC frameworks , including hands-on experience achieving or maintaining certification.

Proven success in

customer-facing security roles —comfortable presenting to clients, auditors, and executive stakeholders.

Strong understanding of

cloud-native SaaS environments , ideally within AWS or Azure.

Ability to collaborate closely with

software engineers

and technical teams—comfortable discussing topics like infrastructure, data flows, and access controls.

Familiarity with additional standards such as

SOC 2, NIST 800-53, ISO 27001 , and

Zero Trust

frameworks.

Experience working in

startups or high-growth environments

where processes and systems are being built from the ground up.

Active or previously held

Secret Clearance

is a strong plus.

Relevant certifications such as

CISSP, CISM, CISA, or PMP

are a plus.

Why Join

Build and own the company’s entire

security and compliance function

from the ground up.

Direct impact on

customer trust and enterprise expansion

through security leadership.

Collaborate with a highly technical, mission-driven team in a fast-paced startup culture.

Work onsite 4 days per week in a collaborative

San Francisco office

with a forward-thinking leadership team.

#J-18808-Ljbffr