Novig is backed by Forerunner Ventures, YC, Lux, Soma, Innospark, Paul Graham, Joe Montana, and the founders of Instacart and Dropbox — along with leading angels and operators. We’re building the future of sports prediction markets using real exchange-grade infrastructure.

Sports betting is a $300B market dominated by retail sportsbooks with wide spreads, poor transparency, and limited fairness. Novig is creating the first commission-free, peer-to-peer sports prediction exchange, allowing users to trade directly with one another instead of against the house.

We are hiring a Lead Security & Compliance Engineer to build and operationalize the programs that will keep Novig secure, audit-ready, and regulatory compliant as we scale toward CFTC designation. You’ll own the company’s security training, incident response, policy documentation, and vendor risk programs — translating technical controls into clear, actionable processes that stand up to regulatory scrutiny.

What will you do?

You’ll formalize the systems, policies, and training that keep a regulated trading platform secure and resilient. This is a hands-on leadership role at the intersection of security operations, compliance, and education.

Security Training & Awareness

Build and deliver recurring security training for new hires and existing staff.
Create engaging, practical materials — runbooks, recorded demos, real-world case studies.
Track training completion and attestations to provide regulatory evidence.

Incident Response & Tabletop Exercises

Maintain and operationalize the Security Incident Response Plan (SIRP) based on NIST 800-61.
Run tabletop exercises that simulate real incidents and measure time-to-response.
Document results, track remediation actions, and update runbooks and playbooks.
Coordinate with external partners (AWS, legal, pentest vendors) during real incidents.

Compliance & Policy Documentation

Own the Information Security Policy suite and ensure timely updates.
Translate technical safeguards into auditable documentation.
Prepare evidence packages for regulators, auditors, and third-party reviews.

Vendor & Third-Party Risk Management

Manage vendor security reviews, due diligence, and SLA tracking.
Maintain the vendor risk register and ensure compliance with security standards.
Collaborate with legal and finance to enforce contractual security obligations.

Access Control & Privilege Management

Codify privilege management workflows with the CTO and engineering leads.
Audit IAM roles, Google Workspace groups, and privileged access quarterly.
Ensure joiner/mover/leaver workflows are secure, consistent, and documented.

Responsibilities

Build and maintain Novig’s security, compliance, and training programs from the ground up.
Lead incident response drills and security awareness across all teams.
Create policy frameworks that scale as Novig approaches CFTC DCM designation.
Translate complex security concepts into pragmatic processes that engineers actually follow.
Partner with the CTO and leadership to define Novig’s broader security and compliance roadmap.

What are we looking for?

We’re looking for a pragmatic security leader who thrives in fast-moving, regulated environments — someone who can build systems that are secure, documented, and operationally realistic.

Requirements

3–5+ years in security, compliance, or risk management, ideally in fintech, healthcare, or other regulated sectors.
Experience building security programs from scratch at early-stage or scaling companies.
Strong familiarity with compliance frameworks such as NIST CSF, NIST 800-53, or CIS Benchmarks.
Exceptional written communication skills — you write clear, actionable policies and runbooks.
Demonstrated ability to balance risk, efficiency, and compliance — no “security theater.”

Bonus

Technical background or comfort working closely with engineers.
Experience with AWS security (IAM, KMS, GuardDuty, CloudTrail).
Familiarity with infrastructure-as-code (Terraform, CloudFormation) and CI/CD security gates.
Prior experience with external auditors, regulators, or penetration testing vendors.

Who is Novig?

Novig is redefining sports prediction markets through a sweepstakes-based, peer-to-peer model that ensures fairness, transparency, and regulatory compliance. Our team is engineering-first, data-driven, and deeply committed to building the most advanced, trustworthy, and efficient trading platform in sports.

Compensation & Benefits

100% health premium coverage, 90% dental & vision
4% 401(k) match
HSA with $1,080 annual employer contribution
$27/day food or commuter stipend
Flexible PTO
New NYC office, hybrid-friendly

Apply now

See more open positions at Novig

Privacy policy Cookie policy