FedRAMP & CMMC Compliance Lead

WindBorne Systems is supercharging weather forecasts with a unique proprietary data source: a global constellation of next-generation smart weather balloons targeting the most critical atmospheric data. We design, manufacture, and operate our own balloons, using the data they collect to generate otherwise unattainable weather intelligence. Our mission is to eliminate weather uncertainty, and in the process help humanity adapt to climate change, be that predicting hurricanes or speeding the adoption of renewables. We are building a future in which the planet is instrumented by thousands of our microballoons, eliminating gaps in our understanding of the planet and giving people and businesses the information they need to make critical decisions. The founding team of Stanford engineers was named Forbes 2019 30 under 30 and is backed by top-tier investors, including Khosla Ventures and Footwork VC. As the FedRAMP & CMMC Compliance Lead, you will own our compliance function end-to-end and build the org around you. Responsibilities WindBorne is looking for an ambitious FedRAMP & CMMC Compliance Lead to build our government compliance function from scratch and own it end-to-end. You will be the first dedicated compliance hire, reporting to the COO and ensuring we don’t get bottlenecked as we scale into production government software sales. You will lead the company through CMMC Level 2 certification, FedRAMP, IL5, and IL6, translating complex federal regulatory frameworks (FedRAMP, DoD CC SRG, CMMC, DFARS 7012) into practical decisions about technical architecture, documentation, and process. Then, you will make sure those decisions actually get implemented by coordinating work across engineering, operations, and business development teams. Skills and Qualifications 3+ years experience with compliance audits (FedRAMP, PCI, SOC2, HIPAA, etc.) and prior US Government compliance and audit experience (FedRAMP, FISMA, NIST 800-53, NIST 800-171, US Government ATOs, etc) ideally at a defense contractor or defense tech start-up. Experience defining CUI boundaries and scoping assessment environments. Experience writing or substantially contributing to a System Security Plan. Proficiency with GRC platforms (Drata, Vanta, eMASS, or similar) and security tooling for evidence collection and continuous monitoring. Experience implementing security controls and assessing compliance in distributed applications on cloud infrastructure (e.g Amazon AWS, Microsoft Azure). Deep understanding of complex cloud infrastructure and security concepts, including ephemeral technologies (ex. containers). Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring (Tenable Security Center, Burp, SIEMs, etc.). Strong Project Management skills, being able to balance and track multiple projects going on at the same time to completion. Willing and able to obtain a US security clearance. Benefits 401(k) Dental insurance Health insurance Vision insurance Unlimited PTO Stock Option Plan Office food and beverages Salary $130,000 - $170,000** We are considering a range of backgrounds and experience levels for this position and adjust our offers accordingly to be competitive with market rates. Location 1600 Bridge Pwky, Redwood City, CA. In person required. #J-18808-Ljbffr WindBorne Systems