Senior Director, Governance, Risk and Compliance

Your Impact at Lila

We’re looking for a Senior Director of Governance, Risk & Compliance (GRC) to build and scale our compliance function as we expand across U.S. Federal and DoD markets. This is a hands-on leadership role for someone who has stood up serious compliance programs in fast-moving environments and knows how to balance speed, risk, and revenue. You will own GRC end to end—SOC2, ISO, GDPR, FedRAMP, DoD Cloud SRG (IL5/IL6), and CMMC—and partner closely with Engineering, Cloud Ops, Product, Legal, and executive leadership to make compliance a growth enabler, not a bottleneck.

What You'll Be Building

Build & Lead the GRC Function

• Design and own Lila’s enterprise GRC program, including policies, standards, risk frameworks, and operating cadence.
• Translate complex regulatory requirements into practical, implementable controls for software, engineering, and operations teams.

Own and manage Trust Portal

• Own Lila Trust Portal as a strategic GRC asset, aligning disclosures with regulatory requirements, customer expectations, and go-to-market needs while partnering with Security, Legal, Privacy, Product, and Sales to ensure consistency and credibility.

FedRAMP Ownership

• Own the full FedRAMP lifecycle from readiness through ATO and continuous monitoring.
• Serve as primary point of contact for 3PAOs, sponsoring agencies, and Authorizing Officials.
• Drive development and maintenance of SSPs, POA&Ms, SARs, CMPs, and supporting evidence.
• Partner with executives on risk acceptance and remediation prioritization.

DoD IL5 / IL6 Enablement

• Lead compliance strategy for DoD Cloud Computing SRG IL5 and IL6 environments.
• Work directly with cloud and security engineering teams to meet high-impact requirements.
• Support customer security reviews, audits, and authorization packages.

CMMC & Defense Readiness

• Define and execute Lila’s CMMC readiness and compliance roadmap.
• Align NIST SP 800-171 controls, across engineering, IT, and business operations.
• Prepare Lila for CMMC assessments tied to defense contracts.

Third Party Risk Management

• Due Diligence & Assessment: Execute risk assessments for onboarding new vendors and re-evaluating existing ones, assessing cybersecurity, financial, and operational risks.
• Monitoring & Reporting: Monitor vendor performance against Service Level Agreements (SLAs) and report risk profiles to senior leadership.
• Regulatory Compliance: Ensure vendor compliance with internal policies and external regulations, specifically focusing on data security.
• Issue Mitigation: Identify risks, facilitate remediation plans, and, if necessary, assist with risk acceptance processes.

Risk Management & Metrics

• Run enterprise risk assessments, gap analyses, and mitigation plans.
• Implement lightweight automation for evidence collection, validation, and reporting.
• Deliver executive-level dashboards focused on real risk and progress.

Executive & Customer Engagement

• Act as a trusted advisor to the CISO on compliance risk and deal enablement.
• Lead customer due diligence, security questionnaires, and regulatory briefings.
• Represent the company during audits, assessments, and government reviews.

What You’ll Need to Succeed

• 10–15+ years of cybersecurity GRC experience with deep Federal and DoD exposure
• Hands-on ownership of FedRAMP authorizations
• Direct experience with DoD Cloud SRG IL5 and/or IL6
• Strong knowledge of CMMC, NIST SP 800-171, RMF, and NIST SP 800-53
• Experience in high-growth environments
• Experience at a GovCloud, SaaS, or defense-focused startup
• Relevant certifications (CISSP, CISM, CISA, CRISC)
• Experience supporti