Webai
Senior Manager, Security & Compliance Washington D.C. Area
Webai, Olympia, Washington, United States
About Us:
webAI is pioneering the future of artificial intelligence by establishing the first distributed AI infrastructure dedicated to personalized AI. We recognize the evolving demands of a data-driven society for scalability and flexibility, and we firmly believe that the future of AI lies in distributed processing at the edge, bringing computation closer to the source of data generation. Our mission is to build a future where a company's valuable data and intellectual property remain entirely private, enabling the deployment of large-scale AI models directly on standard consumer hardware without compromising the information embedded within those models. We are developing an end-to-end platform that is secure, scalable, and fully under the control of our users, empowering enterprises with AI that understands their unique business. We are a team driven by
truth, ownership, tenacity, and humility , and we seek individuals who resonate with these core values and are passionate about shaping the next generation of AI.
About the Role: webAI Public Sector is hiring a
Senior Manager, Security & Compliance
to build and lead our security, compliance, and industrial security posture from the ground up. This leader will establish the subsidiary’s compliance programs, drive government authorization work, stand up our facility clearance, and initially serve in key security roles (e.g., FSO, ISSM/ISSO) until the team scales.
This role is ideal for someone who thrives in fast-moving environments, is comfortable wearing multiple hats early on, and is excited to design and own the long-term security and compliance operating model for a rapidly growing mission-focused AI company.
Responsibilities: Build & Run the Compliance Program
Establish and maintain compliance aligned with DoD and Federal standards (CMMC 2.0, NIST SP 800-171, NIST SP 800-53, DFARS 7012, CUI/FCI)
Develop policies, SSPs, POA&Ms, governance frameworks, and audit-ready documentation
Lead internal reviews, incident response processes, and security awareness training
Create lightweight, scalable processes that support—rather than slow down—engineering and mission delivery
Integrate with Parent Company Security & Compliance
Align subsidiary controls with parent-company GRC, InfoSec, IT security, and privacy frameworks
Identify gaps where DoD, CUI, or classified requirements exceed parent controls and build overlays
Coordinate enterprise-wide audits, monitoring, documentation, and incidents
Represent the Public Sector entity in cross-company security and compliance forums
Work closely with engineering on secure architectures, vulnerability mitigation, logging/monitoring, and system hardening
Drive Government Authorization Work
Lead RMF and agency authorization efforts (e.g., DoD IL4–IL6, ATO packages)
Translate federal frameworks into clear, actionable requirements for engineering and IT teams
Coordinate with Authorizing Officials, primes, DCSA, integrators, and 3PAOs
Oversee continuous monitoring, vulnerability management, and change control
Stand Up Facility Clearance & Industrial Security
Lead preparation for the company’s first Facility Clearance (FCL)
Support SCIF and closed‑area planning, build accreditation documentation, and oversee inspections
Initially serve as acting Facility Security Officer (FSO)
Establish industrial security programs
Manage DISS/NISS, insider threat programs, DD254 workflows, and classified information controls
Act as Early ISSM/ISSO (as Required)
Own RMF execution, system security documentation, incident reporting, and vulnerability tracking
Deliver user training, classified system onboarding, and ongoing security management
Governance, Training & Communication
Train teams on CUI handling, security practices, and federal compliance expectations
Provide risk, readiness, and posture updates to leadership with clarity and precision
Support customer security questionnaires and engagements with prime contractors
Build the Team
Define the long‑term security, industrial security, and compliance team structure
Hire and mentor future FSO, ISSM, GRC analysts, and compliance professionals
Build durable programs that scale as mission sets, classification levels, and customers grow
Qualifications:
Active
TS or TS/SCI
required.
8–10+ years in DoD or Federal security, compliance, industrial security, or related fields
Experience standing up or running compliance programs aligned to e.g., CMMC, NIST SP 800-171/53, DFARS 7012
Demonstrated experience leading RMF/ATO lifecycles and/or building 0→1 CUI or classified compliance programs
Experience serving as or supporting an FSO, CSSO, CPSO, ISSO, or ISSM
Knowledge of NISPOM / 32 CFR 117, DISS/NISS, DD254 processes, insider threat programs, and CUI requirements
Familiarity with DevSecOps tooling (CI/CI pipelines, SAST/DAST, SBOMs, EDR/SIEM, zero trust networks, encryption/KMS) Ability to work across parent–subsidiary governance models
Strong communication skills with both technical and non-technical partners.
Comfort operating in fast‑paced, ambiguous startup environments
We at webAI are committed to living out the
core values
we have put in place as the foundation on which we operate as a team. We seek individuals who exemplify the following:
Truth -
Emphasizing transparency and honesty in every interaction and decision.
Ownership -
Taking full responsibility for one’s actions and decisions, demonstrating commitment to the success of our clients.
Tenacity -
Persisting in the face of challenges and setbacks, continually striving for excellence and improvement.
Humility -
Maintaining a respectful and learning-oriented mindset, acknowledging the strengths and contributions of others.
Benefits:
Competitive salary and performance-based incentives.
Comprehensive health, dental, and vision benefits package.
401k Match (US-based only)
$200/mos Health and Wellness Stipend
$400/year Continuing Education Credit
$500/year Function Health subscription (US-based only)
Free parking, for in-office employees
Unlimited Approved PTO
Parental Leave for Eligible Employees
Supplemental Life Insurance
webAI is an Equal Opportunity Employer and does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We adhere to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, it is the policy of webAI to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works.
#J-18808-Ljbffr
truth, ownership, tenacity, and humility , and we seek individuals who resonate with these core values and are passionate about shaping the next generation of AI.
About the Role: webAI Public Sector is hiring a
Senior Manager, Security & Compliance
to build and lead our security, compliance, and industrial security posture from the ground up. This leader will establish the subsidiary’s compliance programs, drive government authorization work, stand up our facility clearance, and initially serve in key security roles (e.g., FSO, ISSM/ISSO) until the team scales.
This role is ideal for someone who thrives in fast-moving environments, is comfortable wearing multiple hats early on, and is excited to design and own the long-term security and compliance operating model for a rapidly growing mission-focused AI company.
Responsibilities: Build & Run the Compliance Program
Establish and maintain compliance aligned with DoD and Federal standards (CMMC 2.0, NIST SP 800-171, NIST SP 800-53, DFARS 7012, CUI/FCI)
Develop policies, SSPs, POA&Ms, governance frameworks, and audit-ready documentation
Lead internal reviews, incident response processes, and security awareness training
Create lightweight, scalable processes that support—rather than slow down—engineering and mission delivery
Integrate with Parent Company Security & Compliance
Align subsidiary controls with parent-company GRC, InfoSec, IT security, and privacy frameworks
Identify gaps where DoD, CUI, or classified requirements exceed parent controls and build overlays
Coordinate enterprise-wide audits, monitoring, documentation, and incidents
Represent the Public Sector entity in cross-company security and compliance forums
Work closely with engineering on secure architectures, vulnerability mitigation, logging/monitoring, and system hardening
Drive Government Authorization Work
Lead RMF and agency authorization efforts (e.g., DoD IL4–IL6, ATO packages)
Translate federal frameworks into clear, actionable requirements for engineering and IT teams
Coordinate with Authorizing Officials, primes, DCSA, integrators, and 3PAOs
Oversee continuous monitoring, vulnerability management, and change control
Stand Up Facility Clearance & Industrial Security
Lead preparation for the company’s first Facility Clearance (FCL)
Support SCIF and closed‑area planning, build accreditation documentation, and oversee inspections
Initially serve as acting Facility Security Officer (FSO)
Establish industrial security programs
Manage DISS/NISS, insider threat programs, DD254 workflows, and classified information controls
Act as Early ISSM/ISSO (as Required)
Own RMF execution, system security documentation, incident reporting, and vulnerability tracking
Deliver user training, classified system onboarding, and ongoing security management
Governance, Training & Communication
Train teams on CUI handling, security practices, and federal compliance expectations
Provide risk, readiness, and posture updates to leadership with clarity and precision
Support customer security questionnaires and engagements with prime contractors
Build the Team
Define the long‑term security, industrial security, and compliance team structure
Hire and mentor future FSO, ISSM, GRC analysts, and compliance professionals
Build durable programs that scale as mission sets, classification levels, and customers grow
Qualifications:
Active
TS or TS/SCI
required.
8–10+ years in DoD or Federal security, compliance, industrial security, or related fields
Experience standing up or running compliance programs aligned to e.g., CMMC, NIST SP 800-171/53, DFARS 7012
Demonstrated experience leading RMF/ATO lifecycles and/or building 0→1 CUI or classified compliance programs
Experience serving as or supporting an FSO, CSSO, CPSO, ISSO, or ISSM
Knowledge of NISPOM / 32 CFR 117, DISS/NISS, DD254 processes, insider threat programs, and CUI requirements
Familiarity with DevSecOps tooling (CI/CI pipelines, SAST/DAST, SBOMs, EDR/SIEM, zero trust networks, encryption/KMS) Ability to work across parent–subsidiary governance models
Strong communication skills with both technical and non-technical partners.
Comfort operating in fast‑paced, ambiguous startup environments
We at webAI are committed to living out the
core values
we have put in place as the foundation on which we operate as a team. We seek individuals who exemplify the following:
Truth -
Emphasizing transparency and honesty in every interaction and decision.
Ownership -
Taking full responsibility for one’s actions and decisions, demonstrating commitment to the success of our clients.
Tenacity -
Persisting in the face of challenges and setbacks, continually striving for excellence and improvement.
Humility -
Maintaining a respectful and learning-oriented mindset, acknowledging the strengths and contributions of others.
Benefits:
Competitive salary and performance-based incentives.
Comprehensive health, dental, and vision benefits package.
401k Match (US-based only)
$200/mos Health and Wellness Stipend
$400/year Continuing Education Credit
$500/year Function Health subscription (US-based only)
Free parking, for in-office employees
Unlimited Approved PTO
Parental Leave for Eligible Employees
Supplemental Life Insurance
webAI is an Equal Opportunity Employer and does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We adhere to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, it is the policy of webAI to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works.
#J-18808-Ljbffr