Security & Compliance Manager (ISSO / FSO) at Tagup

Tagup is a defense technology company founded at MIT that is delivering logistics decision advantage with next-generation AI. We’re growing rapidly and are looking for change-makers passionate about delivering innovative technologies to solve the most challenging problems in the world’s highest stakes environments. This is an exciting opportunity to engage in meaningful work that strengthens national security and contributes to the success of U.S. and allied forces. Join us in shaping the future of defense logistics for a safer tomorrow. Do you enjoy turning complex requirements into practical systems? Do you thrive in ambiguity and know how to build structure where none exists? Do you like working across leadership, engineering, and external partners to move high-stakes programs forward? If the answer is yes, we’d love to talk! We’re a team of engineers and data scientists driven by our mission: to make the machines and processes that power the world safer, more reliable, and more efficient. Tagup’s AI software supports mission-critical logistics and industrial systems, and this role will help ensure we can deliver that technology in regulated federal environments with the rigor our customers require. As a Security & Compliance Manager (ISSO / FSO), you will lead and mature Tagup’s security and compliance efforts across CMMC, ATO/FedRAMP, and facility security. You will build on the foundation already in place and work across the company to strengthen policies, procedures, controls, and documentation that support our federal growth. This is a hands-on role for someone who can translate complex DoD requirements into practical implementation, drive execution with internal teams and external vendors, and own critical security documentation from end to end. What You'll Do • Build and mature Tagup’s security and compliance program, strengthening policies, procedures, and controls across the organization. • Own and drive Tagup’s CMMC Level 2 program end to end, building on work already underway by managing the full set of NIST SP 800-171 controls, preparing for third-party assessments with our C3PAO, and carrying the effort through compliance and certification. • Serve as Tagup’s Information System Security Officer (ISSO), owning the System Security Plan (SSP), managing POA&Ms and Security Assessment Reports (SARs), overseeing continuous monitoring, and ensuring CUI handling meets DFARS 252.204-7012 requirements. • Lead Tagup’s ATO and FedRAMP authorization efforts, managing documentation, evidence packages, and ongoing engagement with government authorizing officials. • Manage Tagup’s Facility Clearance License (FCL) application and, once issued, serve as Facility Security Officer (FSO) by administering personnel security clearances, SF-86 submissions, visit certifications, and all NISPOM compliance requirements. • Manage day-to-day relationships with supporting vendors, holding them accountable to timelines, deliverables, and scope. • Collaborate with engineering to ensure controls are properly implemented and maintained, including IL4/IL5 compliance policies, secrets management, access controls, and vulnerability management workflows. • Build and run internal security awareness training, policies, and procedures for all Tagup staff handling CUI or operating in controlled environments. • Monitor evolving DoD cybersecurity requirements including CMMC, DFARS, RMF, and DCSA, and translate their implications into concrete recommendations for leadership. Required Skills • Successful track record taking an organization, preferably a small company, through the entire process of building and achieving CMMC Level 2 certification is the absolute core requirement for this role. This means having built the certification framework, not just supported, or inherited, an existing one. • 4+ years of hands-on experience in DoD or defense contractor security and compliance, with direct ISSO experience on CUI or classified systems. • Deep working knowledge of CMMC Level 1 and Level 2, NIST SP 800-171, DFARS 252.204-7012 / 7019 / 7020, and the Risk Management Framework (RMF). • Demonstrated experience authoring and owning SSPs, POA&Ms, and SARs. • Familiarity with FedRAMP / ATO authorization processes and experience operating in or supporting IL4 / IL5 environments. • FSO experience or clear readiness to obtain FSO certification, with working knowledge of NISPOM (DoD 5220.22-M) and DCSA compliance requirements. • Ability to manage external compliance vendors by setting agendas, holding timelines, and translating their outputs into internal action. • A strong writer who can produce documentation external auditors depend on and executive briefings non-technical leadership can act on. • Comfortable with ambiguity. There is no playbook here; this role requires writing it. Bonus Points • Active security clearance • Previous experience leading an FCL application or serving as an FSO • Experience working in AWS GovCloud environments • Direct experience supporting ATO or FedRAMP authorizations • Experience building security and compliance programs in a startup or other fast-moving small company environment Salary The estimated salary range for this position is between $135,000 and $165,000 annually. We strive to provide a competitive salary and benefits package that aligns with our employees’ experience and qualifications. Our primary objective is to attract and retain top talent, and we firmly believe in compensating our employees fairly for their invaluable contributions.   As a rapidly expanding technology company, we extend part-ownership to all team members through an Employee Stock Option Plan. Additionally, we offer comprehensive health insurance benefits, access to the company’s 401K plan, and foster a team-oriented work environment with regular company outings!   Why Join Tagup Join a mission-first defense tech company and own growth end-to-end. As Director of Business Development, you’ll lead capture across the Army, Air Force, Navy, Marine Corps, and defense innovation orgs—turning operational needs into programs powered by Tagup’s AI logistics platform. Work directly with leadership and engineering to shape campaigns and partnerships, close multiyear deals, and steer product—while earning competitive pay, meaningful equity, and contributing to national security. Tagup is an equal opportunity employer and individuals seeking employment with us are considered without regard to race, color, religion, national origin, age, sex, marital status, physical or mental disability, veteran status, gender identity, sexual orientation, or any other characteristic protected by law. Citizenship: Due to the nature of our work with the U.S. Department of Defense, applicants must be authorized to work for any employer in the U.S. We are unable to sponsor visas at this time.