Second Front Systems is hiring a Product Security Compliance Lead

Responsibilities

• Lead and mentor a team of security engineers and compliance specialists focused on architecture, control implementation, and audit readiness, fostering a culture of ownership, collaboration, and continuous improvement.
• Define and maintain security architecture and control patterns for Game Warden and supporting services, aligned with mission, risk, and accreditation needs.
• Serve as the senior technical lead for the execution of key security accreditations and certifications, including FedRAMP, US agency ATOs, ISO 27001, UK government / NCSC-aligned cloud security expectations, and NATO-related accreditations.
• Lead creation and maintenance of System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), security policies, standards, and technical control narratives, ensuring documentation accurately reflects our architecture, controls, and operating reality.
• Coordinate continuous monitoring activities, significant change reviews, and evidence collection so our accreditations stay current and our controls get stronger over time.
• Partner closely with Security Operations, Cybersecurity Assessment, Product, Engineering, Legal, and Sales teams to support complex customer requirements and unblock deals in highly regulated environments.
• Lead the technical representation of the company in third-party audits (3PAO) and accreditation sessions, ensuring all security documentation and postures are effectively articulated and defended to maintain authorization.

Requirements

• 8+ years of experience in information security, with significant time in product / platform security, security architecture, or security engineering.
• Hands-on experience leading technical delivery on one or more security accreditation or certification programs (e.g., FedRAMP, DoD / IC ATOs, ISO 27001, public sector cloud frameworks such as NCSC / UK gov or NATO).
• Demonstrated ability to work with and / or author security documentation such as SSPs, POA&Ms, policies, and technical standards.
• Strong understanding of modern cloud architectures and platforms (e.g., AWS, containers / Kubernetes, SaaS delivery models).
• Comfort partnering with engineering teams on real-world design and implementation, able to propose pragmatic solutions, not just policy language.
• Excellent written and verbal communication skills; able to translate complex security and compliance topics into clear, actionable guidance for both technical and non-technical stakeholders.
• People leadership experience in security or compliance teams.
• Active U.S. Top Secret (TS) security clearance required; eligibility for access to Sensitive Compartmented Information (SCI) required.

Nice to Have

• Experience operating in defense, federal government, public sector, or other highly regulated industries.
• Familiarity with frameworks such as NIST 800-53, NIST 800-171, ISO 27001, FedRAMP baselines, and NCSC cloud security principles.
• Prior collaboration with 3PAOs, certification bodies, or accreditation authorities.
• Relevant certifications (e.g., CISSP, CCSP, CISM, ISO 27001 Lead Implementer / Auditor) are a plus, not a prerequisite.
• Experience with infrastructure-as-code, observability, and automation in support of security and compliance goals.
• Prior experience working in cleared or classified environments and with government security / accreditation stakeholders.

Additional Information

• This role requires U.S. citizenship due to government contract requirements.
• This role may also be eligible for discretionary bonuses and equity grants as part of the total compensation package.