Quick Summary
Filevine is a Legal AI company delivering Legal Operating Intelligence for the future of legal work. Grounded in a singular system of truth, Filevine brings together data, documents, workflows,
The Head of Trust, Security Compliance, Privacy & FedRAMP is a senior leadership role accountable for Filevine’s highest-trust security, compliance, privacy, and government authorization initiatives. This leader owns the operating system that turns regulatory obligations, customer commitments, security risk, and privacy requirements into prioritized, shipped work across Engineering, Security, Product, Legal, Sales, and Customer-facing teams.
This is not a coordinator role. The leader will own Filevine’s FedRAMP 20x Moderate strategy and execution, with dedicated engineering resources assigned specifically to FedRAMP compliance. They will set the compliance engineering roadmap, define evidence and automation requirements, drive cross-functional execution, and hold stakeholders accountable for measurable outcomes.
The first mission for this role is to accelerate Filevine’s FedRAMP 20x Moderate readiness and ongoing compliance posture as meausered by booked ARR, logos closed, pipeline conversion and customer adoption. This includes evidence automation, control implementation, continuous monitoring, vulnerability and remediation governance, POA&M discipline, 3PAO and FedRAMP PMO engagement, agency-facing readiness, and executive-level risk reporting.
Beyond FedRAMP, this leader owns Filevine’s broader trust and compliance stack, including security compliance, privacy operations, customer trust commitments, audit readiness, and the internal processes that keep these programs scalable. They must be able to operate at both strategic and execution levels: translating regulatory frameworks into technical work, aligning leaders around risk-based priorities, and communicating clearly with executives, auditors, customers, and engineering teams.
Operating in a hypergrowth legal-tech and AI environment, the role requires technical judgment, executive presence, strong prioritization instincts, and the ability to build durable compliance systems rather than one-time audit artifacts.
-
Own Filevine’s FedRAMP 20x Moderate strategy, delivery plan, certification readiness, and ongoing compliance posture.
-
Lead the design and execution of FedRAMP evidence automation, continuous monitoring, and reporting required for Marketplace certification and sustained authorization.
-
Serve as the single-threaded owner for FedRAMP engagements with 3PAOs, the FedRAMP PMO, agency stakeholders, and internal executive sponsors.
-
Set the roadmap and priorities for dedicated FedRAMP engineering resources, ensuring regulatory requirements become shipped technical controls, automated evidence, and operationally sustainable processes.
-
Own POA&M governance, risk acceptance workflows, certification readiness reporting, and remediation planning across product and platform teams.
-
Ensure FedRAMP implementations are pragmatic, risk-based, technically grounded, and appropriately scoped for Filevine’s architecture, maturity, and business priorities.
-
Provide clear, consistent executive reporting on progress, risk, tradeoffs, dependencies, resourcing needs, and certification readiness.
-
Own the operating model for Filevine’s security compliance and trust programs across FedRAMP, SOC 2, ISO, HIPAA, PCI-DSS, customer security commitments, and related frameworks.
-
Partner with the CISO, Security Engineering, Product, and Infrastructure leaders to convert compliance obligations and security findings into prioritized engineering work.
-
Drive governance for vulnerability findings from scanning tools, penetration tests, customer reviews, audits, and bug bounty programs, including risk adjustment, remediation ownership, escalation, and executive tradeoff decisions.
-
Maintain a single source of truth for security/compliance status, control gaps, remediation commitments, and customer-facing trust claims.
-
Ensure trust center materials, customer security responses, sales enablement messaging, and public compliance claims are accurate, current, and defensible.
-
Own Filevine’s operational privacy program in partnership with Legal, Security, Product, Marketing, and Engineering.
-
Oversee privacy tooling and workflows, including consent management, cookie compliance, data subject request operations, data mapping, subprocessors, retention, and privacy-by-design review processes.
-
Translate privacy obligations and customer commitments into product, engineering, and operational requirements.
-
Partner with Legal on DPAs, subprocessors, customer privacy commitments, and regulatory changes that affect Filevine products and data practices.
-
Support AI and data governance efforts by ensuring privacy, security, and customer trust requirements are reflected in product and operational decisions.
-
Translate security, compliance, FedRAMP, and privacy requirements into roadmaps, epics, milestones, and prioritized engineering work.
-
Batch, sequence, and present initiatives through Agile ceremonies, planning forums for prioritization against company-wide initiatives.
-
Define success metrics, delivery milestones, ownership models, and operating cadences across long-running, multi-quarter initiatives.
-
Drive alignment between compliance goals, engineering capacity, product strategy, customer commitments, and business risk.
-
Partner with engineering leaders to scope work deeply enough that teams understand the control objective, technical requirement, evidence expectation, and business priority.
-
Drive alignment across Engineering, Product, Security, Legal, Compliance, Sales, Marketing, Customer Success, and executive leadership teams.
-
Clearly communicate scope, sequencing, dependencies, risks, and tradeoffs across a large and evolving portfolio of work.
-
Continuously rebalance priorities in response to customer demands, federal market requirements, audit findings, product strategy, and changing risk posture.
-
Lead change management efforts to embed security, privacy, compliance, and FedRAMP requirements into Filevine’s operating model and product culture.
-
Escalate effectively when tradeoffs require executive decision-making, budget, staffing, or scope changes.
-
10+ years of experience in security compliance, GRC, product/program leadership, privacy, trust, or related roles within SaaS, cloud, or high-trust technology environments.
-
Direct ownership of FedRAMP Moderate, FedRAMP High, FedRAMP 20x, or a comparable federal cloud authorization program.
-
Proven experience translating regulatory, security, and privacy requirements into technical implementation plans with engineering teams.
-
Experience leading complex, cross-functional initiatives with executive visibility, ambiguous requirements, and multi-quarter delivery timelines.
-
Experience partnering with security engineering, infrastructure, product, legal, audit, and customer-facing teams.
-
Deep knowledge of FedRAMP, NIST 800-53, FedRAMP 20x automation concepts, continuous monitoring, POA&M governance, 3PAO engagement, and federal cloud authorization workflows.
-
Strong working knowledge of security and compliance frameworks such as SOC 2, ISO 27001, HIPAA, PCI-DSS, and customer security review processes.
-
Strong working knowledge of privacy operations, consent management, data governance, DSR workflows, subprocessors, DPAs, retention, and privacy-by-design practices.
-
Ability to translate regulatory and security requirements into actionable, value-driven product and engineering work.
-
Strong product and program management expertise, including roadmap development, prioritization, milestone definition, and executive reporting.
-
Pragmatic, analytical approach to risk management and decision-making in fast-paced environments.
-
Excellent stakeholder management, written communication, and executive presence.
-
Comfort operating with dedicated engineering resources while remaining accountable for prioritization, clarity, outcomes, and risk-based tradeoffs.
Nice to Have
~2 min read-
Experience with FedRAMP 20x, evidence automation, GRC engineering, compliance-as-code, or continuous control monitoring.
-
Experience supporting federal, state, healthcare, insurance, legal, or other regulated enterprise customers.
-
Certifications such as CISSP, CISM, CISA, CRISC, PMP, or similar are a plus.
Location & Eligibility
Listing Details
- Posted
- July 9, 2026
- First seen
- July 9, 2026
- Last seen
- July 9, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 87%
- Scored at
- July 9, 2026
Signal breakdown

Filevine is a cloud-based legal technology company providing case management, document management, and automation tools for law firms and legal departments. [1, 4, 30] It aims to simplify and elevate complex legal work. [5, 19]
View company profilePlease let Filevine know you found this job on Jobera.
3 other jobs at Filevine
View all →Explore open roles at Filevine.
Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.