Senior Manager, Security & Compliance Washington D.C. Area

About Us:

webAI is pioneering the future of artificial intelligence by establishing the first distributed AI infrastructure dedicated to personalized AI. We recognize the evolving demands of a data-driven society for scalability and flexibility, and we firmly believe that the future of AI lies in distributed processing at the edge, bringing computation closer to the source of data generation. Our mission is to build a future where a company's valuable data and intellectual property remain entirely private, enabling the deployment of large-scale AI models directly on standard consumer hardware without compromising the information embedded within those models.

We are developing an end-to-end platform that is secure, scalable, and fully under the control of our users, empowering enterprises with AI that understands their unique business. We are a team driven by truth, ownership, tenacity, and humility
, and we seek individuals who resonate with these core values and are passionate about shaping the next generation of AI.

webAI Public Sector is hiring a Senior Manager, Security & Compliance to build and lead our security, compliance, and industrial security posture from the ground up. This leader will establish the subsidiary’s compliance programs, drive government authorization work, stand up our facility clearance, and initially serve in key security roles (e.g., FSO, ISSM/ISSO) until the team scales.

This role is ideal for someone who thrives in fast-moving environments, is comfortable wearing multiple hats early on, and is excited to design and own the long-term security and compliance operating model for a rapidly growing mission-focused AI company.

• Establish and maintain compliance aligned with DoD and Federal standards (CMMC 2.0, NIST SP 800-171, NIST SP 800-53, DFARS 7012, CUI/FCI)

• Develop policies, SSPs, POA&Ms, governance frameworks, and audit-ready documentation

• Lead internal reviews, incident response processes, and security awareness training

• Create lightweight, scalable processes that support—rather than slow down—engineering and mission delivery

• Align subsidiary controls with parent-company GRC, Info Sec, IT security, and privacy frameworks

• Identify gaps where DoD, CUI, or classified requirements exceed parent controls and build overlays

• Coordinate enterprise-wide audits, monitoring, documentation, and incidents

• Represent the Public Sector entity in cross-company security and compliance forums

• Work closely with engineering on secure architectures, vulnerability mitigation, logging/monitoring, and system hardening

• Lead RMF and agency authorization efforts (e.g., DoD IL4–IL6, ATO packages)

• Translate federal frameworks into clear, actionable requirements for engineering and IT teams

• Coordinate with Authorizing Officials, primes, DCSA, integrators, and 3
  
  PAOs

• Oversee continuous monitoring, vulnerability management, and change control

• Lead preparation for the company’s first Facility Clearance (FCL)

• Support SCIF and closed‑area planning, build accreditation documentation, and oversee inspections

• Initially serve as acting Facility Security Officer (FSO)

• Establish industrial security programs

• Manage DISS/NISS, insider threat programs, DD254 workflows, and classified information controls

• Own RMF execution, system security documentation, incident reporting, and vulnerability tracking

• Deliver user training, classified system onboarding, and ongoing security management

• Train teams on CUI handling, security practices, and federal compliance expectations

• Provide risk, readiness, and posture updates to leadership with clarity and precision

• Support customer security questionnaires and engagements with prime contractors

• Define the long‑term security, industrial security, and compliance team structure

• Hire and mentor future FSO, ISSM, GRC analysts, and compliance professionals

• Build durable programs that scale as mission sets, classification…