Director of Product Security & Compliance

ROC is an employee-owned cutting-edge developer of computer vision based biometric and video analytic technologies whose product portfolio includes industry leading AI/ML algorithms and a full-stack computer vision platform. Founded in 2015, ROC is headquartered in Denver, CO. with offices in Morgantown, WV., and Grand Rapids., MI. With over 60 full-time employees, ROC licenses software in support of a wide range of applications including financial services, law enforcement, military, and consumer electronics.

You will serve as the primary architect and steward of ROC’s "Trust" brand. You will lead the establishment, implementation, and continual improvement of our Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2022. Success in this position means achieving and maintaining critical certifications (ISO 27001, SOC 2, CMMC) while ensuring our computer vision products and SaaS platform are engineered with world-class security controls. You will act as the principal liaison between ROC Engineering and our most sensitive stakeholders in National Security and Public Safety to ensure our technologies meet the highest standards of integrity and availability.

Responsibilities include:

• ISMS & Audit Leadership: Lead the end-to-end certification process, including the coordination of internal audits, management reviews, and Stage 1/Stage 2 external audits for ISO 27001 and SOC 2.

• Risk Management Oversight: Lead the execution of ROC’s formal risk assessment and treatment methodology, identifying threats to biometric and video analytic assets and defining mitigation strategies for the Risk Treatment Plan.

• Product & SaaS Security Governance: Partner with Engineering to integrate secure system architecture and secure coding principles into the development lifecycle for the ROC SaaS platform and SDKs.

• Compliance & Accreditation: Identify and document legal, statutory, and contractual requirements—such as CJIS, NIST 800-171, and the EU AI Act—to help government customers accredit ROC products for use in critical environments.

• Customer Trust Management: Build and manage ROC’s public-facing Trust Center and serve as the technical authority for responding to complex customer security questionnaires.

Required Skills and Experience:

• B.S. or greater in Cybersecurity, Computer Science, Information Technology, or a related technical field or equivalent directly related work experience.

• 10 years of experience in Information Security, GRC (Governance, Risk, and Compliance), or Product Security, preferably within a SaaS or biometric technology environment.

• Demonstrated Experience with Federal accreditation processes such as FedRAMP or agency-specific Authorization to Operate (ATO).

• Demonstrated expertise working in fast-paced security environments with highly sensitive datatypes and implementing practical controls.

• Ability to translate complex regulatory and legal requirements (such as CMMC 2.0, NIST 800-171, or the EU AI Act) into practical, technical engineering requirements for software development teams.

• Knowledge of cloud-native security controls within Microsoft Azure, including identity management, encryption at rest/transit, and data isolation for multi-tenant SaaS architectures.

Other Relevant Skills and Experience:

• Experience with biometric data protection and privacy-enhancing technologies.

• Certifications: ISO 27001 Lead Auditor, CISA, CISSP, or CCSK are highly desirable.

As the Director of Product Security & Compliance  at ROC, you will be expected to informally lead a security-first culture across teams that you do not directly manage.

ROC believes in a healthy work / life balance, and pays particular attention to employee needs and wellbeing.  ROC provides employees with unlimited PTO, a flexible work schedule, and a hybrid work environment. Employees are dedicated and hardworking, but are encouraged to take time off to rest, reset, and focus on family and personal health. Compensation for this role includes a competitive salary with opportunities for growth, performance bonuses, generous stock options, health insurance coverage, and contributions to 401k.

ROC is committed to building a diverse and inclusive team. We welcome applicants of all races, colors, religions, ethnicities, genders, sexual orientations, disabilities, national origins, identities, and protected veteran statuses. If you’re excited about this role and the impact you can make, we strongly encourage you to apply.