Compliance Operations Lead

GovSignals

Compliance Operations Lead overseeing compliance programs for AI-driven government contracting solutions. Managing audits, evidence automation, and partnerships with engineering and sales teams in regulatory initiatives.

Posted 5/6/2026full-timeNew York City • New York • 🇺🇸 United StatesSenior💰 $140,000 - $190,000 per yearWebsite

About the role

Key responsibilities & impact

Build and run the master compliance program covering FedRAMP High, IL5, CMMC Level 2, SOC 2, and adjacent public‑sector frameworks.
Drive the FedRAMP High ATO roadmap end‑to‑end, including 3PAO coordination, agency sponsorship navigation, and continuous monitoring once authorized
Maintain a forward‑looking compliance roadmap that anticipates new frameworks, customer requirements, and regulatory changes—we shouldn't be reacting; we should be ahead
Own evidence management end‑to‑end: gather, organize, and automate collection so we are audit‑ready every day, not the week before fieldwork
Stand up automated policy checks, control evidence capture, and continuous monitoring tooling—if it can be scripted, it should be
Lead quarterly and annual security documentation cycles, coordinate penetration tests and red‑team engagements, and track remediation through to closure
Be the primary voice on enterprise security questionnaires and customer trust calls—we win deals when buyers trust our posture
Partner directly with Sales as a front‑line credibility asset—join customer pitches and discovery calls, brief prospects on our compliance roadmap, and close the trust gap that often decides seven‑figure deals
Help represent GovSignals at industry conferences, customer events, and federal/defense forums—build relationships with security leaders at target accounts and bring back signal that shapes our roadmap
Translate complex compliance posture into clear narratives for both technical security teams and non‑technical executives
Build and maintain a customer‑facing trust center, security collateral, and reusable response library that compresses sales cycles
Embed secure‑by‑design practices alongside engineering—policy checks in CI/CD, infrastructure‑as‑code guardrails, hardened deployment pipelines
Identify smart, outside‑of-the‑box solutions to compliance roadblocks. Help guide company roadmaps to scope and prepare for compliance changes.
Monitor the evolving threat landscape and propose proactive hardening measures—you don't wait for an incident to drive change

Requirements

What you’ll need

3+ years leading compliance or security programs at a high‑growth technology or defense startup
Demonstrated success achieving and maintaining FedRAMP High ATO or an equivalent high‑impact authorization
Deep working fluency with IL5, CMMC Level 2, SOC 2 Type II, NIST 800‑171, and the broader U.S. public‑sector compliance landscape
Proven ability to design and run automated evidence collection, policy management, and vulnerability‑tracking workflows—not just operate someone else's GRC tool
Strong written and verbal communication skills for both technical and executive audiences; comfortable owning customer security reviews end‑to‑end
Experience coordinating red‑team, penetration‑test, or bug‑bounty programs and translating findings into engineering action
Comfort operating in a fast‑moving, early‑stage environment where priorities shift and you own the outcome

Benefits

Comp & perks

100% employer-paid medical, vision, and dental (Bronze coverage)
Unlimited PTO
Meaningful stake in a well-funded, fast-growing startup

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

FedRAMP HighIL5CMMC Level 2SOC 2NIST 800-171automated evidence collectionpolicy managementvulnerability trackingsecurity documentationcontinuous monitoring

Soft Skills

strong written communicationstrong verbal communicationrelationship buildingnarrative translationproblem-solvingleadershipadaptabilitycustomer engagementcollaborationstrategic thinking