Scale is powering the generative AI wave by providing the data and infrastructure for companies to build large-scale foundation models. AI is rapidly changing the world, and Scale is growing to meet that rapid demand across global markets, including accelerating public sector and commercial business.
Scale seeks a Technical Assurance Lead to drive assurance programs across Scale's public sector and commercial business. Reporting to the Head of Global Assurance, this is a hands-on individual contributor role with significant autonomy. Scale is looking for an experienced security and compliance professional to support Security Risk Management Assessment and Authorization (A&A) audit activities for Scale’s products. You will be part of the global GRC team and work across Public Sector, Enterprise, Security, Engineering, Product, and Legal to deliver region-specific authorizations, certifications, and customer assurance outcomes, with a focus on the US markets. We are looking for relentlessly curious, deliberately open-minded, and action-oriented generalists who can advise on internal policies, and operational processes while employing an empathetic interpersonal style. If you enjoy solving novel and challenging problems and building strong relationships while doing it, we’d love to hear from you!
You Will
- Lead public sector compliance programs (e.g., FedRAMP HIGH, DoD SRG IL4/IL5/IL6, NIST 800-53/800-171, CMMC, and RMF), owning controls mapping, gap analysis, evidence collection, ATO packages, and certification timelines, including coordination with 3PAOs and external assessors.
- Oversee Security Risk Management A & A processes, including cloud system risk assessments, POAM development and tracking, vulnerability management, STIG implementation, and security configuration oversight.
- Drive cross-functional control implementation by partnering with product, engineering, security, operations, legal, and people ops to deploy technical, administrative, and operational controls.
- Set priorities and cadences for intake, evidence collection, remediation tracking, and deadline management, and reporting program health and risks to the Head of Global Assurance.
- Manage external relationships with auditors, assessors, certification bodies, and regulatory counterparts to achieve and sustain compliance outcomes.
- Maintain system security documentation and GRC tooling, including continuous updates to security documentation and uploading control evidence to eMASS or Xacta throughout the monitoring phase.
- Lead compliance reviews for new products and features, and proactively advise the business on emerging certification programs, regulatory changes, and evolving requirements.
- Maintain and expand Scale's certification portfolio, including SOC 2, ISO 27001, ISO 42001, and ISO 9001, working with the global GRC team on renewals and new certifications.
- Support customer and stakeholder assurance activities, including security questionnaires, due diligence responses, compliance input to bids, and customer-facing assurance discussions.
You’ll Have
- An active US Top Secret security clearance with minimum IAT Level 2 certification (Security +, CASP, or similar).
Ideally, You’d Have
- 7+ years of experience in security compliance, technology audit, GRC, cloud security, or related roles, with meaningful exposure to the public sector markets.
- Experience implementing and maintaining some of the following frameworks and standards: FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, NIST 800-53.
- Deep familiarity with one or more of: STIG/RMF policy knowledge & implementation, including validating compliance via ACAS and other relevant tests, ISO 27001, ISO 9001, ISO 42001, SOC 2, or equivale