About Us:

webAI is pioneering the future of artificial intelligence by establishing the first distributed AI infrastructure dedicated to personalized AI. We recognize the evolving demands of a data-driven society for scalability and flexibility, and we firmly believe that the future of AI lies in distributed processing at the edge, bringing computation closer to the source of data generation. Our mission is to build a future where a company's valuable data and intellectual property remain entirely private, enabling the deployment of large-scale AI models directly on standard consumer hardware without compromising the information embedded within those models. We are developing an end-to-end platform that is secure, scalable, and fully under the control of our users, empowering enterprises with AI that understands their unique business. We are a team driven by truth, ownership, tenacity, and humility, and we seek individuals who resonate with these core values and are passionate about shaping the next generation of AI.

About the Role:

webAI Public Sector is hiring a Senior Manager, Security & Compliance to build and lead our security, compliance, and industrial security posture from the ground up. This leader will establish the subsidiary’s compliance programs, drive government authorization work, stand up our facility clearance, and initially serve in key security roles (e.g., FSO, ISSM/ISSO) until the team scales.

This role is ideal for someone who thrives in fast-moving environments, is comfortable wearing multiple hats early on, and is excited to design and own the long-term security and compliance operating model for a rapidly growing mission-focused AI company.

Responsibilities:

Build & Run the Compliance Program

• Establish and maintain compliance aligned with DoD and Federal standards (CMMC 2.0, NIST SP 800-171, NIST SP 800-53, DFARS 7012, CUI/FCI)

• Develop policies, SSPs, POA&Ms, governance frameworks, and audit-ready documentation

• Lead internal reviews, incident response processes, and security awareness training

• Create lightweight, scalable processes that support—rather than slow down—engineering and mission delivery

Integrate with Parent Company Security & Compliance

• Align subsidiary controls with parent-company GRC, InfoSec, IT security, and privacy frameworks

• Identify gaps where DoD, CUI, or classified requirements exceed parent controls and build overlays

• Coordinate enterprise-wide audits, monitoring, documentation, and incidents

• Represent the Public Sector entity in cross-company security and compliance forums

• Work closely with engineering on secure architectures, vulnerability mitigation, logging/monitoring, and system hardening

Drive Government Authorization Work

• Lead RMF and agency authorization efforts (e.g., DoD IL4–IL6, ATO packages)

• Translate federal frameworks into clear, actionable requirements for engineering and IT teams

• Coordinate with Authorizing Officials, primes, DCSA, integrators, and 3PAOs

• Oversee continuous monitoring, vulnerability management, and change control

Stand Up Facility Clearance & Industrial Security

• Lead preparation for the company’s first Facility Clearance (FCL)

• Support SCIF and closed-area planning, build accreditation documentation, and oversee inspections

• Initially serve as acting Facility Security Officer (FSO)

• Establish industrial security programs

• Manage DISS/NISS, insider threat programs, DD254 workflows, and classified information controls

Act as Early ISSM/ISSO (as Required)

• Own RMF execution, system security documentation, incident reporting, and vulnerability tracking

• Deliver user training, classified system onboarding, and ongoing security management

Governance, Training & Communication

• Train teams on CUI handling, security practices, and federal compliance expectations

• Provide risk, readiness, and posture updates to leadership with clarity and precision

• Support customer security questionnaires and engagements with prime contractors

Build the Team

• Define the long-term security, industrial security, and compliance team structure

• Hire and mentor future FSO, ISSM, GRC analysts, and compliance professionals

• Build durable programs that scale as mission sets, classification levels, and customers grow

Qualifications:

• Active TS or TS/SCI required.

• 8–10+ years in DoD or Federal security, compliance, industrial security, or related fields

• Experience standing up or running compliance programs aligned to e.g., CMMC, NIST SP 800-171/53, DFARS 7012

• Demonstrated experience leading RMF/ATO lifecycles and/or building 0→1 CUI or classified compliance programs

• Experience serving as or supporting an FSO, CSSO, CPSO, ISSO, or ISSM

• Knowledge of NISPOM / 32 CFR 117, DISS/NISS, DD254 processes, insider threat programs, and CUI requirements

• Familiarity with DevSecOps tooling (CI/CI pipelines, SAST/DAST, SBOMs, EDR/SIEM, zero trust networks, encryption/KMS) Ability to work across parent–subsidiary governance models

• Strong communication skills with both technical and non-technical partners.

• Comfort operating in fast-paced, ambiguous startup environments

We at webAI are committed to living out the core values we have put in place as the foundation on which we operate as a team. We seek individuals who exemplify the following:

• Truth - Emphasizing transparency and honesty in every interaction and decision.

• Ownership - Taking full responsibility for one’s actions and decisions, demonstrating commitment to the success of our clients.

• Tenacity - Persisting in the face of challenges and setbacks, continually striving for excellence and improvement.

• Humility - Maintaining a respectful and learning-oriented mindset, acknowledging the strengths and contributions of others.

Benefits:

• Competitive salary and performance-based incentives.

• Comprehensive health, dental, and vision benefits package.

• 401k Match (US-based only)

• $200/mos Health and Wellness Stipend

• $400/year Continuing Education Credit

• $500/year Function Health subscription (US-based only)

• Free parking, for in-office employees

• Unlimited Approved PTO

• Parental Leave for Eligible Employees

• Supplemental Life Insurance

webAI is an Equal Opportunity Employer and does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We adhere to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, it is the policy of webAI to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works.