Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.
Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.
Lead end-to-end audit execution across SOC 2, ISO 27001, ISO 42001, ISO 27701, HIPAA, and GDPR and maintain year-round audit readiness.
Build and mature Atlan's risk management program and turn abstract risk conversations into measurable metrics with clear ownership and quarterly leadership reviews.
Integrate our GRC platform with cloud infrastructure, CI/CD pipelines, HR systems, and product engineering tooling to automate evidence collection and continuous control testing.
Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm and finally move AI pilots into production. We are backed by world-class investors including GIC, Insight Partners, Meritech, Peak XV, and Salesforce Ventures and trusted by global enterprises like Mastercard, Workday, General Motors, Unilever and others.
Ownership of our SOC 2 and Privacy compliance roadmap, from problem framing to tracking adoption.
Gap analysis and consulting with clients to assess their InfoSec posture and provide actionable paths to certification.
Internal playbook development, creating the checklists, policy templates, and controls that will be automated within our software.
Greenplaces helps companies navigate reporting requirements. They empower businesses to measure their carbon emissions and act as the definitive source of truth for all sustainability and compliance activity. They are headquartered in Raleigh, NC, with a distributed team across the country and backed by world-class investors.
Support CapIntel’s Governance, Risk, and Compliance program
Manage third-party risk and customer security reviews
Support operational security, privacy, and security awareness initiatives
CapIntel is a software platform built for wealth management enterprises to help financial advisors explain complex investment strategies to their clients. Since launching in 2019, CapIntel has seen rapid adoption and industry recognition, earning top placements in Deloitte’s Technology Fast 50 Canada and Fast 500 North America in 2025, ranking us among the fastest -growing technology companies.
Manage and develop staff members under Product Compliance.
Oversee and contribute to the vulnerability management lifecycle.
Assess and serve as a subject matter expert for regulatory and compliance requirements.
ExtraHop is a company that focuses on network detection and response (NDR) to help organizations stay ahead of emerging threats. They integrate network threat detection, network performance management, intrusion detection, and packet forensics into a single console.
Manage SOC 2 Type II audits, serving as the primary point of contact for auditors and collaborators.
Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management.
Conduct structured gap analyses against applicable frameworks to identify control deficiencies and develop prioritized remediation roadmaps.
Rad AI is transforming healthcare with AI-driven solutions, revolutionizing radiology to save time, reduce burnout, and improve patient care. They have secured over $140M in funding and recognized as a fast-growing company, fostering transparency, inclusion, and close collaboration.
Oversee third-party and internal risk assessments to support enterprise information security and governance, risk, and compliance (GRC) initiatives.
Manage vendor due diligence, maintains an accurate risk register, partners with internal stakeholders on mitigation strategies.
Drive continuous improvement of the risk and compliance framework.
Concorde Career Colleges is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee based on race, color, religion, religious creed, national origin, ancestry, sex, age, veteran or military status, or any other legally protected characteristic. Concorde Career Colleges offer short career-focused programs preparing students for the healthcare industry.
Apply the Risk Management Framework (RMF) to support system authorization activities.
Develop and maintain RMF artifacts and coordinate with stakeholders to ensure systems meet security compliance requirements.
Support the design, implementation, and maintenance of secure cloud architectures.
EXPANSIA delivers high-impact technologies, technology-enabled services and advanced manufacturing solutions to the U.S. Department of Defense and related national security customers. They operate as a multi-entity aerospace and defense technology and tech-enabled services and manufacturing enterprise positioned for scalable growth, operational excellence, and long-term value creation.
In collaboration, develop and maintain the Security Architecture roadmap that preserves a strong security posture and aligns with corporate objectives.
Lead the development and implementation of automation for established and new security processes to increase operational efficiency and reduce manual intervention.
Develop the architectural framework for the secure deployment of AI, designing foundational layers for Model Security, Data Privacy, and Autonomous Agent orchestration.
Bestow is a leading vertical technology platform serving some of the largest and most innovative life insurers. Their platform unifies the fragmented, legacy value chain, enabling carriers to launch products in weeks instead of years.
Function as a Security Advisory Services lead Security Consultant for ePlus service solutions.
Refine existing Practice offerings, developing new Practice offerings, assisting with pre-sales activities, and performing programmatic assessments.
Effectively lead engagements as a subject matter expert (SME) to deliver client projects.
EPlus believes technology is a people business. They are passionate, skilled, and driven to deliver solutions. They value collaboration, innovation, and extraordinary results and are dedicated to fostering a culture that represents diversity and enables inclusion.
Lead and mentor a small privacy team, setting priorities and reviewing deliverables.
Drive the operational implementation of the organization’s data privacy framework and policies.
Manage incident response processes for personal data breaches, including documentation and assessment.
Rush Street Interactive is a market leader in online casino and sports betting. They operate real-money gaming with brands like BetRivers.com and PlaySugarHouse.com, building bridges between online, social, and land-based gaming businesses to create integrated experiences. They value proactive team members in a people-oriented environment.
Perform GRC functions and maintain the Cyber Security Risk register.
Execute third party risk processes for cyber and perform/execute on awareness programs and phishing processes.
Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors.
Warner Music Group is a global collective of music makers and music lovers, tech innovators and inspired entrepreneurs, game-changing creatives and passionate team members. They turn dreams into stardom and audiences into fans. WMG is committed to creating a work environment that actively values, appreciates, and respects everyone and encourages applications from people with a wide variety of backgrounds and experiences.
Own and evolve the GRC program in partnership with Legal and our CCO.
Develop, maintain, and enforce clear, practical security policies across all departments.
Develop and execute a comprehensive information security roadmap aligned with business objectives.
Allocate is a fintech company handling sensitive investor data and financial transactions. They are a rapidly growing organization that values client service, relentless problem-solving, and continuous improvement.
Enhances the strategic pillars of a security compliance program and facilitate day-to-day compliance operations.
Involved in multiple areas of the business where compliance and security impact operations.
Works on assignments that are complex and require professional skepticism, judgment, initiative, and knowledge of SaaS Company positions.
Optro is the leading audit, risk, ESG, and InfoSec platform on the market, surpassing $300M ARR and continuing to grow. More than 50% of the Fortune 500 leverage their award-winning technology. They inspire each other to innovate and are proud of what they are producing.
Lead audit readiness and execution for SOC 2, ISO 27001, PCI DSS, and other compliance frameworks relevant to our customer base
Manage the compliance lifecycle in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous monitoring
Coordinate cross-functional audit activities with engineering, product, security, infrastructure, and support teams to gather evidence and remediate findings
Supabase is a born-remote and open-source-first company that provides tools developers love. They have 180+ team members across 40+ countries, and deeply believe in the open-source ecosystem and strive to support existing tools and communities.
Build the function, create delivery operating model, and build reusable IP.
Deliver and scale service lines, and own commercial outcomes.
Create “AI-assisted playbooks” for repeatable services and ensure quality and manage risk.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.
Conduct structured interviews with partner organizations, operational teams, and technical stakeholders.
Documents end‑to‑end operational workflows and surface implicit, non‑documented practices.
Identify workflow fragility zones, handoff risks, and transition‑period vulnerabilities.
Element serves as a partner at the intersection of innovation and our clients' needs, efficiently crafting meaningful user experiences for government and commercial customers. Our talented professionals bring unparalleled energy engagement, setting a higher standard for impactful work.
IFS is a billion-dollar revenue company with 7000+ employees on all continents. Their leading AI technology is the backbone of their award-winning enterprise software solutions, enabling customers to be their best when it really matters–at the Moment of Service™.