Manage multi-jurisdictional compliance execution including HIPAA, GDPR, PIPEDA, and emerging privacy laws.
Lead IT operations and service delivery including user onboarding, device management, and identity & access management.
Drive vendor risk management and BAA/DPA lifecycle, ensuring breach notification timelines and data deletion commitments.
Practice Better is an all-in-one platform helping health and wellness practitioners run their businesses and scale their impact. We are a remote-first team headquartered in Toronto, made up of curious, driven, and empathetic people, trusted by thousands of practitioners worldwide.
Execute Risk & Compliance initiatives, manage privacy and security projects, and ensure alignment with organizational goals.
Identify and mitigate operational, IT, and data privacy risks by partnering with cross-functional teams.
Build and improve compliance frameworks, policies, and procedures aligned with regulations like PIPEDA, COPPA, and GDPR.
BIS Safety Software is a SaaS company that helps organizations manage safety, learning, and compliance through innovative software solutions. Founded in 2006, the company is headquartered in Sherwood Park, Alberta, and offers an Employee Stock Ownership Plan (ESOP) with a culture emphasizing humility and contribution over hierarchy.
Own and drive the compliance roadmap across multiple frameworks like ISO 27001, TISAX, SOC 2, and GDPR.
Implement ISO 27001 and adjacent frameworks end-to-end for customers, ensuring successful audits.
Mentor the compliance team, conduct internal audits, and act as the senior compliance voice for customers, auditors, and product.
Secfix automates security compliance for companies, helping them achieve ISO 27001, GDPR, TISAX, and SOC 2 quickly. They are a high-performing 100% remote team with hubs in Germany and the UK, backed by top VCs.
Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
Lead risk assessments, control testing, and enterprise risk management processes.
Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.
Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.
Conduct IT and cybersecurity risk assessments across systems, applications, and business processes.
Lead audit readiness activities for frameworks like SOC 2, HIPAA, and NYDFS.
Manage security policies, third-party vendor assessments, and develop risk dashboards.
Jobgether uses an AI-powered matching process to connect candidates with hiring companies. They focus on efficient, objective application review and are a remote-first organization.
Serve as primary IT contact, handling hardware/software support, account management, and remote troubleshooting for a remote-first team.
Assist with compliance evidence collection and control testing for SOC 2, GDPR, and PCI obligations.
Maintain accurate audit-ready records, asset inventory, and documentation while supporting off-hours maintenance and small projects.
Velora unifies Aplos, Raisely, and Keela to help nonprofits thrive with fundraising, donor management, and financial tracking. We serve over 15,000 nonprofits globally and operate as a remote-first team with a mission to make nonprofit work easier and more impactful.
Respond to customer and prospect security/compliance questions and improve repeatable processes and evidence quality.
Upsun is the cloud application platform for hybrid teams, enabling developers to build, ship, and scale confidently without managing backend infrastructure. The company has a remote, global workforce and fosters a multicultural, open, and inclusive culture with a focus on open source and innovation.
Support cybersecurity operations by monitoring threats, improving security controls, and protecting systems and data.
Respond to security incidents, analyze threats, and assist with vulnerability management and remediation.
Collaborate with technical and business teams to assess risks and implement effective security solutions.
The company is a large, technology-driven organization focused on cybersecurity. It offers a collaborative environment with experienced security professionals and an inclusive workplace culture.
Execute the security architecture process for business initiatives, from engagement through to implementation.
Support the Information Security Architect across analysis, reviews, and outputs as needed.
Act as a point of contact for InfoSec queries and use security tooling to identify and analyze risks.
StackAdapt is a leading technology company that provides an AI-powered marketing platform for programmatic advertising. The company has a diverse, remote-first culture with a supportive workplace.
Act as a strategic cybersecurity advisor, guiding clients through security strategy and technology adoption.
Design scalable security solutions across network, SASE, and operational technology domains.
Lead client discussions, workshops, and presentations with technical teams and senior leadership.
Our partner provides cybersecurity advisory services, helping organizations strengthen their security posture through innovative solutions. They foster a collaborative and inclusive culture with employee resource groups and volunteer programs.
Lead the governance, risk, and compliance function across security policies, standards, risk management, audits, and third-party risk.
Own audit readiness and ongoing compliance programs across frameworks such as SOC 2, ISO 27001, GovRAMP, PCI DSS, HIPAA, NIST CSF, and more.
Manage third-party and supply chain risk management, including vendor security reviews, due diligence, and remediation tracking.
Accela provides government software solutions to improve efficiency, increase citizen engagement, and enable thriving communities. They have been an industry leader for nearly 20 years and are committed to diversity, equity, and inclusion.
Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.
Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.
Lead a distributed IT team and manage day-to-day IT operations, including hardware lifecycle, endpoint provisioning, and user support for a fully remote workforce.
Ensure compliance with HIPAA, SOC 2, and security policies by implementing access controls, endpoint security, and identity management.
Partner with Engineering, Security, Compliance, and HR to support organizational growth, security initiatives, and improve operational efficiency.
Vynca is a healthcare technology and services company focused on palliative care, advance care planning, and enhanced care management. It is a small, close-knit community guided by core values of excellence, compassion, curiosity, and integrity.
Manage internal audits and support external compliance assessments across business functions.
Perform gap analyses and track remediation actions for compliance frameworks.
Maintain and improve compliance documentation, policies, and risk registers.
Our partner is a growing SaaS organization serving global industries. It fosters a collaborative and inclusive culture with a focus on employee development and well-being.
Take ownership of building and scaling comprehensive security, privacy, and compliance programs that protect customer data.
Lead compliance initiatives such as SOC 2 Type 2 audits and evaluate additional frameworks like ISO 27001 and HIPAA.
Build scalable automated security processes by replacing manual tasks with scripts, APIs, and AI-powered solutions.
Our partner is a technology company focused on building secure, scalable systems. They operate with a remote, collaborative culture emphasizing ownership, transparency, and continuous improvement, with around 50–300 employees.
Manage the Compliance and Security workstream within a telecom transformation program, coordinating SOC 2, ISO/IEC 27001, and GDPR readiness activities.
Build and maintain the workstream plan with milestones, deliverables, and RAID logs, while driving evidence collection and control-owner alignment.
Facilitate workshops, track remediation across multiple domains, and ensure alignment with adjacent program streams and governance forums.
Miratech helps visionaries change the world as a global IT services and consulting company supporting digital transformation for large enterprises. With nearly 1000 professionals operating across 25+ countries and a 99% project success rate, their culture emphasizes relentless performance and growth.
Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.
Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.
Define, implement, and evolve cybersecurity strategy aligned with business priorities.
Establish security policies and frameworks such as ISO 27001, NIST, and LGPD, and conduct risk assessments.
Lead incident response, optimize security tools, and promote security awareness across teams.
Jobgether is an AI-powered job matching platform connecting candidates with hiring companies. They use technology to ensure fair and efficient application reviews, processing personal data in compliance with GDPR.
Manage Omada’s HIPAA privacy program, including policy development, incident investigations, and breach response.
Drive privacy-by-design across digital products, embedding privacy into development and clinical operations.
Provide expert guidance on consumer privacy compliance, AI governance, and interoperability frameworks.
Omada Health is reverse engineering the way healthcare is delivered in America, putting the space between doctor visits at the center of care. They have served more than two million members since launch across 2,000+ employers, health plans, and health systems, and have been certified as a Great Place to Work.