Director / Senior Director of Compliance

Company Overview ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit https://network.id.me/ . About the Role id.me operates one of the most highly regulated identity verification platforms in the country. Our compliance programs span FedRAMP, NIST 800-63, SOC 2, ISO 27001, IRS Pub 4812, and a growing portfolio of federal and commercial audit obligations. We're looking for a compliance leader who believes that compliance done right is engineered, not administered. The right person will build automated, continuous, and scalable compliance systems — reducing toil, consolidating controls, and making evidence collection a natural byproduct of the work people already do. This is a leadership role first. You'll own the full compliance portfolio, build and grow a team, and serve as a trusted partner to Engineering, Product, Legal, and Privacy. What You'll Own Full compliance portfolio : FedRAMP (Moderate), SOC 2 Type II, ISO 27001, IRS Pub 4812, NIST 800-63 Rev 3/Rev 4 (Kantara), and emerging frameworks as they apply. People leadership : Build, grow, and lead a compliance team. You are accountable for your team's development, career growth, and well-being — not just their output. Automation strategy : Drive control consolidation and evidence automation. Reduce the total number of operated controls. Leverage AI and tooling to eliminate repetitive manual work. Cross-functional partnership : Serve as the compliance interface to Engineering, Product, Legal, and Privacy. Build trust through partnership, clear communication, and pragmatic risk decisions. Audit management : Maintain continuous audit readiness across all programs. Own assessor relationships and agency engagements. Risk integration : Partner with the Risk team to feed compliance findings into a unified cyber risk register — one evaluation loop, not fragmented reviews. What We're Looking For Must Have People-first leadership. You have built and grown compliance teams. You hold regular 1:1s, create career development plans, and invest in making your people better. You delegate effectively and build systems where knowledge is shared, documented, and survives individual absence. Communication clarity. You give crisp, direct answers to strategic questions. You write clearly. You adjust your communication to your audience — board members, engineers, auditors, PMs — without losing precision. Partnership orientation. Engineering and Product are your customers. You default to "how do we make this work safely?" and when you say no, you explain why in terms the other person values and offer an alternative path. You build relationships proactively. Automation conviction. You believe compliance should be engineered. You champion tooling that automates evidence collection, continuous monitoring, and control validation. You think more like an engineering director than a traditional compliance director — systems, leverage, elimination of toil. Self-directing execution. You operate with minimal management. You identify what needs to happen, build a plan, execute it, and communicate upward proactively — your leadership always knows where things stand without having to ask. Audit management experience. You have led or been deeply involved in external audits — managing assessor relationships, preparing evidence packages, coordinating across teams to maintain readiness. The specific frameworks matter less than the rigor and judgment you bring to the process. AI fluency. You are comfortable using AI tools in your daily work and see them as force multipliers for compliance operations. We use Claude, Gemini, and custom integrations extensively. You will be expected to embrace and champion AI-augmented compliance workflows. Strong Preference Experience with FedRAMP (Moderate or High), NIST 800-53, or equivalent federal compliance frameworks Experience building or significantly improving compliance automation (evidence pipelines, GRC platform integrations, continuous monitoring) Familiarity with GRC platforms (LogicGate, Drata, Vanta, or similar) as a power user Experience managing 3PAO and external assessor relationships Experience operating in a growth-stage or mid-stage tech company where you had to build, not just maintain Nice to Have CISA, CISSP, CRISC, CISM, or similar certifications Experience with Kantara / NIST 800-63 identity assurance frameworks SOC 2 Type II or ISO 27001 program ownership What Success Looks Like First 90 days: You know every active compliance program, its current state, and its next milestone. You've had 1:1s with every team member and have a written development plan for each. You've met your key cross-functional partners (ProdSec, SecOps, IT, Legal, Privacy, Engineering VPs) and they describe you as easy to work with. You've identified the top 3 manual processes that should be automated and have a plan to address them. First 6 months: At least one major evidence collection workflow is automated end-to-end. Total operated controls are reduced (consolidated, not just documented differently).