opengreenhousecapitalg
Director / Senior Director of Compliance
ID.me
LocationMountain View, California, United States, ID.me Mountain View, CA
Last observed2026-06-13 05:25:00.042478
Job idcapitalg-id-me:greenhouse:7766552003
Company Overview ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit https://network.id.me/ . Director / Senior Director of Compliance Location: Mountain View, CA (on-site) Reports to: VP of GRC / Deputy CISO Department: Security — Governance, Risk, and Compliance Why This Role Exists id.me operates one of the most highly regulated identity verification platforms in the country. Our compliance programs span FedRAMP, NIST 800-63 (Rev 3 and Rev 4), SOC 2, ISO 27001, IRS Pub 4812, and a growing portfolio of federal and commercial audit obligations. We're looking for a compliance leader who believes that compliance done right is a byproduct of well-engineered systems — not a parallel bureaucracy. The right person will transform how compliance operates: from manual evidence gathering and heroic individual effort to automated, continuous, and scalable. This is not a role for someone who wants to maintain the status quo. If your instinct when a deadline is at risk is to throw more hours at it instead of asking "why isn't this automated?", this isn't the right fit. What You'll Own Full compliance portfolio : FedRAMP (Moderate), SOC 2 Type II, ISO 27001, IRS Pub 4812, NIST 800-63 Rev 3/Rev 4 (Kantara), and emerging frameworks as they apply. People leadership : Build, grow, and lead a compliance team. You are accountable for your team's development, career growth, and well-being — not just their output. Automation strategy : Drive aggressive control consolidation and evidence automation. Reduce the total number of operated controls. Make evidence collection a byproduct of the work people already do — not a separate exercise. Cross-functional partnership : Serve as the compliance interface to Engineering, Product, Legal, and Privacy. Build trust through partnership, not gatekeeping. Your success is measured by how easily teams work WITH compliance, not how thoroughly you block them. Audit readiness : Maintain continuous audit readiness across all programs. Manage 3PAO relationships, agency engagements, and external assessors. Risk integration : Partner with the Risk team to feed compliance findings into a unified cyber risk register. One evaluation loop — not fragmented reviews from five different teams. What We're Looking For Must Have People-first leadership. You have built and grown compliance teams. You hold regular 1:1s, create career development plans, and invest in making your people better — not just getting work done. You delegate effectively and build systems where knowledge survives individual absence. If you're "too busy" for your team, you're not operating at the right altitude. Communication clarity. You give crisp, direct answers to strategic questions. "What does success look like in 30 days?" gets a two-sentence answer, not a monologue. You write clearly. You adjust your communication to your audience — board members, engineers, auditors, PMs — without losing precision. Partnership over gatekeeping. Engineering and Product are your customers, not your adversaries. You default to "how do we make this work safely?" not "this is not allowed." When you say no, you
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.