Director of Security and Compliance

Role Overview

• FedRAMP Ownership: Own the entire process for maintaining and managing FedRAMP/GovRamp authorizations, including control implementation, documentation (e.g., System Security Plan
• SSP), continuous monitoring, and annual audits (A&A).
• Audit Management: Serve as the primary point of contact for all external security and compliance audits (including SOC 2 Type II), coordinating efforts between auditors, legal counsel, and technical teams to ensure successful outcomes and high-quality evidence collection.
• Compliance Program Management: Design, implement, and lead the corporate security compliance program, ensuring adherence to the specific controls required by all key frameworks.
• Security-by-Design Review: Collaborate closely with the Product Management and Engineering teams, reviewing product roadmaps, features, and architectures to ensure security and government compliance (especially FedRAMP/GovRamp controls) are integrated from the initial design phase (Security-by-Design).
• Product Requirements Translation: Translate complex regulatory and certification controls into clear, actionable technical requirements and user stories for product development teams.
• Risk Mitigation: Conduct risk assessments on product features, third-party integrations, and new technologies to proactively identify and mitigate compliance and security risks before product launch.
• Contractual Review: Support the Legal Team by critically reviewing and negotiating security and privacy clauses in customer contracts, RFPs, vendor agreements, and data processing addendums (DPAs), specifically pertaining to government and regulated clients.
• Policy & Training: Develop, document, and enforce comprehensive security, privacy, and data governance policies. Conduct targeted training for teams involved in government-facing products.
• Executive Reporting: Provide regular, executive-level reports to the Chief Legal Counsel on the status of compliance efforts, identified risks, and strategic security posture.

Requirements

• 5+ years of progressive experience in Information Security and IT Audit/Compliance.
• Extensive, hands-on experience successfully managing, documenting, and maintaining FedRAMP/GovRamp authorizations (preferably Moderate or High baselines).
• Proven expertise in managing other core compliance frameworks, including SOC 2 Type II.
• Demonstrated experience in a product-focused environment, directly influencing security requirements and architecture during the software development lifecycle (SDLC).
• Experience working in a regulated industry or supporting highly sensitive data environments.

Desired Certifications

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)

Core Competencies

• Regulatory Mastery: Deep, current understanding of security standards (NIST SP 800-53, CSF) and relevant government regulations.
• Influence & Partnership: Exceptional ability to work cross-functionally, influencing Product and Engineering without direct reporting authority over those teams.
• Executive Communication: Superior ability to distill complex technical and compliance issues into clear business and legal risks for executive-level decision-makers.

Tech Stack

• SDLC

Benefits

• ClassWallet is a positive, family-oriented team environment. Our focus is on encouragement, positive reinforcement, and gratitude. We work hard and are highly motivated to win but with a healthy perspective on life.
• We offer an excellent salary and benefits commensurate with experience.
• ClassWallet.com is proud to be an Equal Opportunity Employer. Applicants are considered for all positions without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, marital or veteran status.