Compliance Operations Lead

Compliance Operations Lead

GovSignals

New York, NY • Full-time • Hybrid (3+ days/week in office)

ABOUT GOVSIGNALS

GovSignals is the AI system of work for government contracting. It can take the government longer to buy a capability than an adversary takes to field one, and we exist to close that gap.

We're the only startup managing government contract data with AI in both FedRAMP High and DoW Impact Level 5 environments. Our platform monitors 5,000+ live government data sources, 100,000+ federal and state agencies, and 2,000,000+ government contracts in real time. Our customers range from small contractors to Fortune 500 primes with billions in annual awards, and our government work reaches mission critical contract management.

In the last eighteen months we gained FedRAMP High authorization and IL5 authorization, joined GSA MAS and the MDA SHIELD IDIQ, and onboarded household names in government contracting. Each of these individually can take a company years.

ABOUT THE ROLE

We're hiring a Compliance Operations Lead to build and own our security and compliance function. You'll report directly into the founding team and own GovSignals' entire security and compliance posture end-to-end — architecting the program, automating the evidence, partnering directly with engineering, and standing in front of customers and auditors as the face of our trust story.

In government contracting, compliance is a moat. FedRAMP High, IL5, CMMC Level 2, SOC 2 — these are the gates that decide which platforms get to serve the DoD, the Intelligence Community, and the largest agencies in the federal government. This is not a role where you write policy docs, file them in a binder, and chase tickets through a GRC tool. Compliance at GovSignals is a product: it ships, it scales, and it has to keep up with an aggressive engineering cadence. You'll move at product speed, automate evidence collection in CI/CD instead of chasing screenshots, and treat every customer security review as a sales asset rather than a tax. When a control fails or an auditor flags an exception, you fix it because it's yours. This is for someone who runs toward hard problems, automates relentlessly, and measures impact in authorizations achieved and customer deals unblocked — not a 9-to-5, but a mission with the ownership stake to go with it.

WHAT YOU'LL DO

• Build and run the master compliance program covering FedRAMP High, IL5, CMMC Level 2, SOC 2, and adjacent public-sector frameworks, and maintain a forward-looking roadmap that anticipates new frameworks, customer requirements, and regulatory changes.

• Drive the FedRAMP High ATO roadmap end-to-end — including 3PAO coordination, agency sponsorship navigation, and continuous monitoring once authorized.

• Own evidence management end-to-end: stand up automated policy checks, control evidence capture, and continuous monitoring tooling so we are audit-ready every day, not the week before fieldwork — if it can be scripted, it should be.

• Lead quarterly and annual security documentation cycles, coordinate penetration tests and red-team engagements, and track remediation through to closure.

• Be the primary voice on enterprise security questionnaires and customer trust calls — join pitches and discovery calls as a front-line credibility asset, brief prospects on our compliance roadmap, represent GovSignals at industry and federal/defense forums, and build a customer-facing trust center and reusable response library that compresses sales cycles.

• Embed secure-by-design practices alongside engineering — policy checks in CI/CD, infrastructure-as-code guardrails, and hardened deployment pipelines — while monitoring the evolving threat landscape and proposing proactive hardening measures.

THE TEAM

GovSignals was founded by four cofounders who lived with this problem from both sides — selling to the government and serving inside it — with backgrounds across the Defense Intelligence Agency, the Department of Energy, Palantir, Amazon, federal contractors building for missiles, and state contractors building for prisons. You'll work directly with all four. The team at GovSignals has shipped to defense companies, scaled venture-backed startups, and founded companies of their own.

WHAT YOU BRING

• 3+ years leading compliance or security programs at a high-growth technology or defense startup, comfortable operating in a fast-moving, early-stage environment where priorities shift and you own the outcome.

• Demonstrated success achieving and maintaining FedRAMP High ATO or an equivalent high-impact authorization — you've taken a startup through a real authorization and built a compliance program from a blank page.

• Deep working fluency with IL5, CMMC Level 2, SOC 2 Type II, NIST 800-171, and the broader U.S. public-sector compliance landscape.

• Proven ability to design and run automated evidence collection, policy management, and vulnerability-tracking workflows — not just operate someone else's GRC tool — plus experience coordinating red-team, penetration-test, or bug-bounty programs and translating findings into engineering action.

• You write policy and you read code, and can sit with an auditor and a senior engineer in the same meeting and translate cleanly between them.

• Strong written and verbal communication for both technical and executive audiences; comfortable owning customer security reviews end-to-end, because one failed control or one botched questionnaire response can stall a seven-figure deal.

Nice to have: hands-on exposure to Kubernetes, Terraform, JAMF, and modern DevSecOps toolchains; prior experience supporting an IC or DoD customer base; a background in government contracting, the military, or the intelligence community.

HOW WE HIRE

• Intro conversation (30 min) — your background and how you've built and run compliance and security programs.

• Working session (45 min) — walk through a live compliance/authorization scenario and a customer-trust mock, talking through how you'd drive a control or questionnaire to closure.

• Co-founder conversations (15 min) — meet the cofounders.

• Paid work trial (1 day) — real work with the team.

• Offer.

COMPENSATION & BENEFITS

• Base Salary: $140,000 – $190,000

• Equity: Meaningful stake in a well-funded, fast-growing startup

• Benefits: medical, vision, and dental, unlimited PTO

• Brooklyn Navy Yard office, 3+ days a week in person. The Yard built ships for the Navy from 1801 to 1966, now we build systems for Navy program offices.

Due to the nature of our government work, only U.S. persons can be considered for this role. GovSignals is an equal opportunity employer.