Senior Director, Governance, Risk and Compliance

Your Impact at Lila We’re looking for a Senior Director of Governance, Risk Compliance (GRC) to build and scale our compliance function as we expand across U.S. Federal and DoD markets. This is a hands-on leadership role for someone who has stood up serious compliance programs in fast-moving environments and knows how to balance speed, risk, and revenue. You will own GRC end to end—SOC2, ISO, GDPR, FedRAMP, DoD Cloud SRG (IL5/IL6), and CMMC—and partner closely with Engineering, Cloud Ops, Product, Legal, and executive leadership to make compliance a growth enabler, not a bottleneck. What You'll Be Building Build Lead the GRC Function Design and own Lila’s enterprise GRC program, including policies, standards, risk frameworks, and operating cadence. Translate complex regulatory requirements into practical, implementable controls for software, engineering, and operations teams. Own and manage Trust Portal Own Lila Trust Portal as a strategic GRC asset, aligning disclosures with regulatory requirements, customer expectations, and go-to-market needs while partnering with Security, Legal, Privacy, Product, and Sales to ensure consistency and credibility. FedRAMP Ownership Own the full FedRAMP lifecycle from readiness through ATO and continuous monitoring. Serve as primary point of contact for 3PAOs, sponsoring agencies, and Authorizing Officials. Drive development and maintenance of SSPs, POAMs, SARs, CMPs, and supporting evidence. Partner with executives on risk acceptance and remediation prioritization. DoD IL5 / IL6 Enablement Lead compliance strategy for DoD Cloud Computing SRG IL5 and IL6 environments. Work directly with cloud and security engineering teams to meet high-impact requirements. Support customer security reviews, audits, and authorization packages. CMMC Defense Readiness Define and execute Lila’s CMMC readiness and compliance roadmap. Align NIST SP 800-171 controls, across engineering, IT, and business operations. Prepare Lila for CMMC assessments tied to defense contracts. Third Party Risk Management Due Diligence Assessment: Execute risk assessments for onboarding new vendors and re-evaluating existing ones, assessing cybersecurity, financial, and operational risks. Monitoring Reporting: Monitor vendor performance against Service Level Agreements (SLAs) and report risk profiles to senior leadership. Regulatory Compliance: Ensure vendor compliance with internal policies and external regulations, specifically focusing on data security. Issue Mitigation: Identify risks, facilitate remediation plans, and, if necessary, assist with risk acceptance processes. Risk Management Metrics Run enterprise risk assessments, gap analyses, and mitigation plans. Implement lightweight automation for evidence collection, validation, and reporting. Deliver executive-level dashboards focused on real risk and progress. Executive Customer Engagement Act as a trusted advisor to the CISO on compliance risk and deal enablement. Lead customer due diligence, security questionnaires, and regulatory briefings. Represent the company during audits, assessments, and government reviews. What You’ll Need to Succeed 10–15+ years of cybersecurity GRC experience with deep Federal and DoD exposure Hands-on ownership of FedRAMP authorizations Direct experience with DoD Cloud SRG IL5 and/or IL6 Strong knowledge of CMMC, NIST SP 800-171, RMF, and NIST SP 800-53 Experience in high-growth environments Experience at a GovCloud, SaaS, or defense-focused startup Relevant certifications (CISSP, CISM, CISA, CRISC) Experience supporting regulated revenue growth pre- and post-ATO Ability to operate at both executive and execution levels U.S. citizenship required; active or eligible clearance preferred About Lila Lila Sciences is the world’s first scientific superintelligence platform and autonomous lab for life, chemistry, and materials science.  We are pioneering a new age of boundless discovery by building the capabi ... (truncated, view full listing at source)