View All Jobs 156945

Lead Security & Compliance Engineer

Develop and implement security policies to achieve CFTC compliance for a peer-to-peer trading platform
New York
Senior
$160,000 – 210,000 USD / year
yesterday
Novig

Novig

The first high-frequency, commission-free sports betting exchange
2 Similar Jobs at Novig

Lead Security & Compliance Engineer

Novig is backed by Forerunner Ventures, YC, Lux, Soma, Innospark, Paul Graham, Joe Montana, and the founders of Instacart and Dropbox — along with leading angels and operators. We're building the future of sports prediction markets using real exchange-grade infrastructure.

Sports betting is a $300B market dominated by retail sportsbooks with wide spreads, poor transparency, and limited fairness. Novig is creating the first commission-free, peer-to-peer sports prediction exchange, allowing users to trade directly with one another instead of against the house.

We are hiring a Lead Security & Compliance Engineer to build and operationalize the programs that will keep Novig secure, audit-ready, and regulatory compliant as we scale toward CFTC designation. You'll own the company's security training, incident response, policy documentation, and vendor risk programs — translating technical controls into clear, actionable processes that stand up to regulatory scrutiny.

What Will You Do?

You'll formalize the systems, policies, and training that keep a regulated trading platform secure and resilient. This is a hands-on leadership role at the intersection of security operations, compliance, and education.

Security Training & Awareness

  • Build and deliver recurring security training for new hires and existing staff.
  • Create engaging, practical materials — runbooks, recorded demos, real-world case studies.
  • Track training completion and attestations to provide regulatory evidence.

Incident Response & Tabletop Exercises

  • Maintain and operationalize the Security Incident Response Plan (SIRP) based on NIST 800-61.
  • Run tabletop exercises that simulate real incidents and measure time-to-response.
  • Document results, track remediation actions, and update runbooks and playbooks.
  • Coordinate with external partners (AWS, legal, pentest vendors) during real incidents.

Compliance & Policy Documentation

  • Own the Information Security Policy suite and ensure timely updates.
  • Translate technical safeguards into auditable documentation.
  • Prepare evidence packages for regulators, auditors, and third-party reviews.

Vendor & Third-Party Risk Management

  • Manage vendor security reviews, due diligence, and SLA tracking.
  • Maintain the vendor risk register and ensure compliance with security standards.
  • Collaborate with legal and finance to enforce contractual security obligations.

Access Control & Privilege Management

  • Codify privilege management workflows with the CTO and engineering leads.
  • Audit IAM roles, Google Workspace groups, and privileged access quarterly.
  • Ensure joiner/mover/leaver workflows are secure, consistent, and documented.

Responsibilities

  • Build and maintain Novig's security, compliance, and training programs from the ground up.
  • Lead incident response drills and security awareness across all teams.
  • Create policy frameworks that scale as Novig approaches CFTC DCM designation.
  • Translate complex security concepts into pragmatic processes that engineers actually follow.
  • Partner with the CTO and leadership to define Novig's broader security and compliance roadmap.

What Are We Looking For?

We're looking for a pragmatic security leader who thrives in fast-moving, regulated environments — someone who can build systems that are secure, documented, and operationally realistic.

Requirements

  • 3–5+ years in security, compliance, or risk management, ideally in fintech, healthcare, or other regulated sectors.
  • Experience building security programs from scratch at early-stage or scaling companies.
  • Strong familiarity with compliance frameworks such as NIST CSF, NIST 800-53, or CIS Benchmarks.
  • Exceptional written communication skills — you write clear, actionable policies and runbooks.
  • Demonstrated ability to balance risk, efficiency, and compliance — no "security theater."

Bonus

  • Technical background or comfort working closely with engineers.
  • Experience with AWS security (IAM, KMS, GuardDuty, CloudTrail).
  • Familiarity with infrastructure-as-code (Terraform, CloudFormation) and CI/CD security gates.
  • Prior experience with external auditors, regulators, or penetration testing vendors.

Who Is Novig?

Novig is redefining sports prediction markets through a sweepstakes-based, peer-to-peer model that ensures fairness, transparency, and regulatory compliance. Our team is engineering-first, data-driven, and deeply committed to building the most advanced, trustworthy, and efficient trading platform in sports.

Compensation & Benefits

  • 100% health premium coverage, 90% dental & vision
  • 4% 401(k) match
  • HSA with $1,080 annual employer contribution
  • $27/day food or commuter stipend
  • Flexible PTO
  • New NYC office, hybrid-friendly
+ Show Original Job Post
Suggest a correction
























Lead Security & Compliance Engineer
New York
$160,000 – 210,000 USD / year
Engineering
Apply to job
About Novig
The first high-frequency, commission-free sports betting exchange