Lead Security & Compliance Engineer

Lead Security & Compliance Engineer$160k – $210k • meaningful equity

Summary

Novig is backed by Forerunner Ventures, YC, Lux, Soma, Innospark, Paul Graham, Joe Montana, and the founders of Instacart and Dropbox — along with leading angels and operators. We’re building the future of sports prediction markets using real exchange-grade infrastructure.

Sports betting is a $300B market dominated by retail sportsbooks with wide spreads, poor transparency, and limited fairness. Novig is creating the first commission-free, peer-to-peer sports prediction exchange, allowing users to trade directly with one another instead of against the house.

We are hiring a Lead Security & Compliance Engineer to build and operationalize the programs that will keep Novig secure, audit-ready, and regulatory compliant as we scale toward CFTC designation. You’ll own the company’s security training, incident response, policy documentation, and vendor risk programs — translating technical controls into clear, actionable processes that stand up to regulatory scrutiny.

What will you do?

You’ll formalize the systems, policies, and training that keep a regulated trading platform secure and resilient. This is a hands-on leadership role at the intersection of security operations, compliance, and education.

Security Training & Awareness

• Build and deliver recurring security training for new hires and existing staff.

• Create engaging, practical materials — runbooks, recorded demos, real-world case studies.

• Track training completion and attestations to provide regulatory evidence.

Incident Response & Tabletop Exercises

• Maintain and operationalize the Security Incident Response Plan (SIRP) based on NIST 800-61.

• Run tabletop exercises that simulate real incidents and measure time-to-response.

• Document results, track remediation actions, and update runbooks and playbooks.

• Coordinate with external partners (AWS, legal, pentest vendors) during real incidents.

Compliance & Policy Documentation

• Own the Information Security Policy suite and ensure timely updates.

• Translate technical safeguards into auditable documentation.

• Prepare evidence packages for regulators, auditors, and third-party reviews.

Vendor & Third-Party Risk Management

• Manage vendor security reviews, due diligence, and SLA tracking.

• Maintain the vendor risk register and ensure compliance with security standards.

• Collaborate with legal and finance to enforce contractual security obligations.

Access Control & Privilege Management

• Codify privilege management workflows with the CTO and engineering leads.

• Audit IAM roles, Google Workspace groups, and privileged access quarterly.

• Ensure joiner/mover/leaver workflows are secure, consistent, and documented.

Responsibilities

• Build and maintain Novig’s security, compliance, and training programs from the ground up.

• Lead incident response drills and security awareness across all teams.

• Create policy frameworks that scale as Novig approaches CFTC DCM designation.

• Translate complex security concepts into pragmatic processes that engineers actually follow.

• Partner with the CTO and leadership to define Novig’s broader security and compliance roadmap.

What are we looking for?

We’re looking for a pragmatic security leader who thrives in fast-moving, regulated environments — someone who can build systems that are secure, documented, and operationally realistic.

Requirements

• 3–5+ years in security, compliance, or risk management, ideally in fintech, healthcare, or other regulated sectors.

• Experience building security programs from scratch at early-stage or scaling companies.

• Strong familiarity with compliance frameworks such as NIST CSF, NIST 800-53, or CIS Benchmarks.

• Exceptional written communication skills — you write clear, actionable policies and runbooks.

• Demonstrated ability to balance risk, efficiency, and compliance — no “security theater.”

Bonus

• Technical background or comfort working closely with engineers.

• Experience with AWS security (IAM, KMS, GuardDuty, CloudTrail).

• Familiarity with infrastructure-as-code (Terraform, CloudFormation) and CI/CD security gates.

• Prior experience with external auditors, regulators, or penetration testing vendors.

Who is Novig?

Novig is redefining sports prediction markets through a sweepstakes-based, peer-to-peer model that ensures fairness, transparency, and regulatory compliance. Our team is engineering-first, data-driven, and deeply committed to building the most advanced, trustworthy, and efficient trading platform in sports.

Compensation & Benefits

• 100% health premium coverage, 90% dental & vision

• 4% 401(k) match

• HSA with $1,080 annual employer contribution

• $27/day food or commuter stipend

• Flexible PTO

• New NYC office, hybrid-friendly