Director of Security and Compliance

ClassWallet, a leading financial technology company in the United States, is seeking to hire a Director of Security and Compliance to join our team.

ClassWallet is a financial technology company serving agencies delegated responsibility to manage public funds. Agencies use ClassWallet to get public funds to the right people, and ensure the funds are used for the right purpose. ClassWallet’s suite of products and services empowers agency administrators to dramatically increase efficiency of funds distribution and spend compliance, reduce programmatic costs, maximize the full potential impact of the program, and satisfy the needs and expectations of policymakers, constituents and public reporting. ClassWallet has processed over $3.5 Billion to date and serves public agencies across 33 states.

The Company has developed an industry-defining digital wallet solution which has gained rapid traction among state and local agencies and school districts across America. ClassWallet ranks as the 61st fastest growing software company on the prestigious Inc. 5000 list of fastest-growing private companies and the 21st fastest growing financial technology company on the Deloitte Technology Fast 500 in 2023.

While the Company delivers immense business value, the social impact of ClassWallet is a fabric that runs through its mission and corporate culture. As a result of ClassWallet’s innovation, public programs run with exponentially more efficiency and the impact and breadth of the programs for the individuals they serve is dramatically higher. This mission compliments the Company mission-based culture with focus on gratitude and work-life balance.

About the Role

The Director of Security and Compliance is a critical role reporting directly to the Chief Legal Counsel. This individual will be the organization's expert in government security frameworks, responsible for achieving and maintaining high-level government certifications. This role uniquely blends legal compliance, rigorous security operations, and direct partnership with the Product and Engineering teams to ensure our solutions meet the stringent FedRAMP/GovRamp requirements from inception through deployment.

Responsibilities

Government Compliance Leadership (FedRAMP/GovRamp Critical)

• FedRAMP Ownership: Own the entire process for maintaining and managing FedRAMP/GovRamp authorizations, including control implementation, documentation (e.g., System Security Plan - SSP), continuous monitoring, and annual audits (A&A).
• Audit Management: Serve as the primary point of contact for all external security and compliance audits (including SOC 2 Type II), coordinating efforts between auditors, legal counsel, and technical teams to ensure successful outcomes and high-quality evidence collection.
• Compliance Program Management: Design, implement, and lead the corporate security compliance program, ensuring adherence to the specific controls required by all key frameworks.

Product Security & Implementation Review

• Security-by-Design Review: Collaborate closely with the Product Management and Engineering teams, reviewing product roadmaps, features, and architectures to ensure security and government compliance (especially FedRAMP/GovRamp controls) are integrated from the initial design phase (Security-by-Design).
• Product Requirements Translation: Translate complex regulatory and certification controls into clear, actionable technical requirements and user stories for product development teams.
• Risk Mitigation: Conduct risk assessments on product features, third-party integrations, and new technologies to proactively identify and mitigate compliance and security risks before product launch.

Legal, Policy & Governance Support

• Contractual Review: Support the Legal Team by critically reviewing and negotiating security and privacy clauses in customer contracts, RFPs, vendor agreements, and data processing addendums (DPAs), specifically pertaining to government and regulated clients.
• Policy & Training: Develop, document, and enforce comprehensive security, privacy, and data governance policies. Conduct targeted training for teams involved in government-facing products.
• Executive Reporting: Provide regular, executive-level reports to the Chief Legal Counsel on the status of compliance efforts, identified risks, and strategic security posture.

• 5+ years of progressive experience in Information Security and IT Audit/Compliance.
• Extensive, hands-on experience successfully managing, documenting, and maintaining FedRAMP/GovRamp authorizations (preferably Moderate or High baselines).
• Proven expertise in managing other core compliance frameworks, including SOC 2 Type II.
• Demonstrated experience in a product-focused environment, directly influencing security requirements and architecture during the software development lifecycle (SDLC).
• Experience working in a regulated industry or supporting highly sensitive data environments.

Desired Certifications

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)

Core Competencies

• Regulatory Mastery: Deep, current understanding of security standards (NIST SP 800-53, CSF) and relevant government regulations.
• Influence & Partnership: Exceptional ability to work cross-functionally, influencing Product and Engineering without direct reporting authority over those teams.
• Executive Communication: Superior ability to distill complex technical and compliance issues into clear business and legal risks for executive-level decision-makers.

ClassWallet is a positive, family-oriented team environment. Our focus is on encouragement, positive reinforcement, and gratitude. We work hard and are highly motivated to win but with a healthy perspective on life.

We offer an excellent salary and benefits commensurate with experience.

ClassWallet.com is proud to be an Equal Opportunity Employer. Applicants are considered for all positions without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, marital or veteran status.