Develop and execute the long-term security and compliance strategy that aligns with our business goals, growth plans, global expansion, and enterprise/government customer requirements. Build, lead, and scale a high-performing security & compliance team (including GRC, security and enterprise risk management, audit readiness, vendor risk, incident response). Define and maintain security policies, standards, procedures, and controls (covering cloud/SaaS, infrastructure, endpoints, data, identity, third-party risk). Partner with Engineering/Product to embed “secure by design” and DevSecOps practices in the software development lifecycle (SDLC) and infrastructure deployment. Lead vendor and third-party risk management, including due diligence, audits, ongoing monitoring. Oversee enterprise-grade incident response, vulnerability management, threat intelligence, business continuity/disaster recovery, and crisis communications. Ensure compliance with relevant regulatory, contractual, and customer frameworks (e.g., SOC 2, ISO 27001, ISO 27701, ISO 42001, NIST CSF 2.0, FedRAMP, IL4, and government/acquisition requirements). Support and engage in sales and customer trust processes: respond to security questionnaires/RFPs, participate in customer audits or security reviews, present to management. 12+ years of progressive experience in information security, risk and compliance, including at least 4 years leading teams at a tech company and preferably with experience working in a fast-growth cloud-based startup. Prior experience in cloud operations, with enterprise and government customer engagements (including audits, security reviews, contractual commitments). Deep technical understanding of cloud platforms (AWS, Azure, GCP), SaaS application architectures, identity and access management, encryption/data protection, endpoint & network security, zero-trust models. Strong track record of leading audit/certification programs (e.g., SOC 2, ISO 27001, FedRAMP or similar) and managing regulatory/compliance risk in enterprise and/or public sector contexts. Excellent communication and stakeholder management skills—comfortable presenting to executives, customers, and technical teams. Ability to translate technical risk into business impact, and to integrate security/compliance into go-to-market and product strategies. Experience managing and building teams, budgeting, vendor selection/oversight, and setting metrics/roadmaps in a lean or scaling environment. Certifications such as CISSP, CISM, CCSP, or cloud security specialty are strongly preferred. Nice to Have: Experience with government acquisition/regulatory environments, global data privacy/regulation (e.g., GDPR, CCPA), and enterprise/government contract vehicles. Due to regulatory requirements and potential access to controlled information, this role requires U.S. Person Status (i.e. U.S. citizen, lawful permanent resident, refugee, or asylee). Experience our comprehensive benefits with family medical, vision and dental coverage, a competitive base salary, and eligibility for equity awards and discretionary bonuses or commissions.
