Product Solutions  Owner - Department of War

RegScale is a purpose-built cyber GRC platform designed to enable the CISO to track and monitor security controls. We help organizations break out of the slow and expensive realities that plague legacy GRC tools by bridging security, risk, and compliance through controls lifecycle management. By leveraging RegScale's Continuous Control Monitoring (CCM) instrumentation, organizations experience massive compliance process improvements like 90% faster certification times and 60% less audit prep time. Today's expansive security and compliance requirements can only be met with a modern, CCM-based approach, and RegScale is the market leader in that space. 

Position:

RegScale is seeking a Product Solutions Owner - Department of War  (formerly Department of Defense/DoD) to enabling our DOW customers to achieve cybersecurity outcomes while fast tracking Authorizations to Operate (ATO) obligations.  This role is ideal for a seasoned cybersecurity practitioner with extensive experience in DoW cybersecurity and compliance. Someone who's lived the challenges of managing a cybersecurity program while simultaneously  maintaining enterprise ATOs .  The ideal candidate is passionate about common sense cybersecurity  and wants to shape the next generation of technology that solves those challenges at scale. 

Key Responsibilities: 

• Own the DoW product strategy and execution roadmap, ensuring alignment with customer needs, mission requirements, and market demands. Serve as the subject matter expert (SME) for DoW Cyber GRC within the RegScale product organization. 

• Own solution definition and success for the DoW vertical—ensuring our platform aligns with those who manage and scale compliance under the Risk Management Framework (RMF), NIST 800-53, CNSSI 1253, CMMC, NIST CSF, and related DoW-specific directives and policies. 

• Define requirements for Impact Level (IL4/IL5/IL6) deployment readiness, ensuring the platform meets the security, data handling, and hosting requirements for DoW cloud environments (e.g., AWS GovCloud, Azure Government, DISA milCloud). 

• Champion RBAC and access control requirements reflective of DoW organizational hierarchies, including role-based workflows for ISSMs, ISSOs, AOs, SCA-Vs, and other RMF stakeholders. 

• Inform enterprise risk scoring capabilities that align with DoW risk tolerance models, organizational risk frameworks, and continuous monitoring mandates. 

• Be agile and structure innovative, repeatable solutions into the platform. Partner with customers and prospects to identify pain points, use cases, and success criteria. 

• Synthesize customer feedback and market research to drive data-informed product decisions related to the DoD vertical. 

• Work with significant existing and prospective DoW customers to develop public customer references and case studies. 

• Translate customer and mission needs into clear, actionable product requirements for engineering and product teams, including user stories tailored to RMF processes and DoW workflows. 

• Collaborate closely with Product Management and Engineering to guide solution design, prioritization, and validation. 

• Lead the integration of automation and emerging technologies, particularly AI, to transform how DoW organizations manage risk and compliance under the RMF. 

• "Accept" product builds for your area—ensuring solutions meet functional, security, and compliance expectations before release. 

• Represent RegScale at DoW and defense industry events, conferences, roundtables, and customer meetings as a trusted expert in DoW GRC. 

• Partner with Sales, Marketing, and Customer Success to enable go-to-market readiness and ensure DoW customers realize value from our solutions. 

Qualifications & Experience:

• 10+ years of experience directly managing cybersecurity governance, risk, and compliance within the Department of War (or formerly the Department of Defense) as a  ISSM  responsible for implementing command cybersecurity and subordinates,  Component Security Contral Assessors (SCA), or Authorizing Official (AO). 

• Deep expertise in DoW RMF workflows, including NIST 800-37, CNSSI 1253,  NIST Cybersecurity Framework,  and the end-to-end ATO lifecycle (categorization, control selection, implementation, assessment, authorization, and continuous monitoring). 

• Strong understanding of DOW Control Tailoring, to include understanding of DOW Tier structure, DOW specific overlays and parameters.   

• Hands-on experience with eMASS, including all aspects of the control and package approval chain.  

• Strong familiarity with DOW technical assessments  DISA STIGs, SCAP benchmarks,  ACAS,  CMRS,  and DoW hardening standards. 

• Understanding of DoW Impact Levels (IL2–IL6), FedRAMP+ requirements, and what it takes to operate in classified and controlled unclassified information (CUI) environments. 

• Proven ability to translate complex DoW compliance requirements  into actionable processes or technical product requirements. 

• Experience successfully scaling a compliance program  using tools and enablers; understanding what it takes to manage ATO processes across large, complex DoW portfolios. 

• Strong communication skills—able to engage confidently with DoW  leadership, executive stakeholders, technical contributors, and external audiences. 

• Experience collaborating cross-functionally  across business, product, and technology teams. 

• Passion for innovation and a desire to help modernize how the DoW approaches cybersecurity compliance. 

Bonus experience:

• Prior experience in a product, solution management, or consulting role within a software or SaaS company serving the DoW market. 

• Familiarity with CCM, automation, or continuous compliance platforms. 

• Strong understanding of how AI and LLMs can be embedded into enterprise platforms to enhance productivity and deliver measurable ROI versus manual compliance tasks. 

• AI Governance  

• Fluency with product development tools including JIRA, Figma, and collaboration platforms like Confluence. 

• DOW CSWF Relevant certifications such as CISSP, CISM, CASP, CISA, CEH. 

• Thought leadership and/or market presence in the DoD GRC space (speaking, writing, community participation). 

• Experience with DoD DevSecOps initiatives, cATO (continuous ATO), and the Software Factory model. 

• Active  DOW  security clearance