Maintain and improve information security policies, standards, and procedures.
Support SOC 2, ISO 27001, and HITRUST readiness, audit preparation, and evidence collection.
Support vendor security reviews, third-party risk assessments, and remediation tracking.
Benepass is making benefits easy through its customizable fintech platform. They enable People teams to implement, administer, and track benefits that meet employees where they are. The company has raised approximately $75 million in equity capital and is backed by leading investors.
Own end-to-end execution of Lumin’s external audit and assessment portfolio.
Design, mature, and lead a scalable, risk-based internal technical audit program.
Lead the identification, evaluation, and adoption of AI and automation capabilities across the assurance lifecycle.
Lumin Digital empowers credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. They are 100% cloud-native and thrive on curiosity and innovation, fostering trust, respect, and boldness.
You'll partner directly with the Senior Manager of GRC to lead our commercial audit programs, from evidence collection and control testing to deep technical walkthroughs with external auditors and internal SMEs.
You'll own the question of what "good evidence" looks like across SOC 2 Type II, ISO 27001/27017/27018, and ISO 27701, and you'll know where to find it in the systems that generate it.
Help build the AI-assisted workflows and automation that make our audit programs more efficient and our compliance posture more continuous.
1Password is building the foundation for a safe, productive digital future. They ensure every identity is authentic, every application sign-in is secure, and every device is trusted. Over 180,000 businesses trust 1Password. We prioritize collaboration, clear and transparent communication, receptiveness to feedback.
Drive compliance efforts to unlock business capabilities
Secure Owner by helping teams successfully prevent and remediate vulnerabilities
Help teams build better and more secure systems by avoiding pitfalls of risk.
Owner is an AI-native system local business owners use to succeed, starting with restaurants. It's building the system that replaces the many tools owners use to run their business and powers everything from the restaurant’s website, online ordering, CRM, POS, and more. The team is in the low hundreds.
Design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations.
Operationalizing and expanding our GRC platform (Drata), building AI-assisted workflows that automate evidence collection, control monitoring, and vendor risk.
Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility without sacrificing quality.
1Password is building the foundation for a safe, productive digital future. They innovated the market-leading enterprise password manager and pioneered Unified Access Management, a new cybersecurity category built for the way people and AI agents work today. 1Password has surpassed $400M in ARR and has over 180,000 businesses using their product.
Own the governance framework for Life360's agentic systems and define the policies and control sets that govern how agents are built and deployed.
Take an agentic approach to GRC itself by automating evidence collection, drafting control narratives and triaging vendor questionnaires using AI and internal tooling.
Build the policy program as code with policies in Git and requirements expressed as enforceable rules and automated checks.
Life360's mission is to keep people close to the ones they love. They have a category-leading mobile app and other tracking devices to empower members to protect people, pets and things. Life360 has more than 500 remote-first employees and is growing.
Partner with Security Engineering, Risk, Product, and Infrastructure teams to bake security and compliance into the process.
Dive deep into the security stack to identify execution blockers and actively architect the technical solutions to implement them.
Define the technical milestones for high-stakes initiatives like Zero Trust and IAM overhauls, translating a broad vision into a precise execution roadmap.
Human Interest aims to provide all workers access to retirement benefits. They are a high-growth fintech company that is financially backed by investors such as BlackRock, TPG, and SoftBank.
Guide and review work completed by junior team members
Perform walkthroughs, testing, and documentation for SOC 2, SOC 1, and HIPAA engagements
Insight Assurance is a global audit firm transforming how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, it's a fast-growing global audit firms with 220+ professionals supporting nearly 2,500 clients across the Americas, EMEA, and APAC.
Manage and expand Valon's security and privacy compliance program across key frameworks and regulations.
Build and scale modern Security GRC capabilities that leverage AI-enabled tools and processes, reducing manual overhead while optimizing risk and compliance operations.
Maintain and evolve Valon's risk management practices; facilitate risk assessments across teams and track remediation of identified issues to closure.
Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing. We're a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate.
Lead and maintain the IT Compliance Program, ensuring alignment with industry best practices and regulatory requirements.
Stay abreast of relevant laws, regulations, and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...).
Serve as a main point of contact for senior management and stakeholders on regulatory and IT compliance matters.
EcoVadis is the leading provider of business sustainability ratings, offering solutions backed by experts and technology. They analyze data to provide companies with insights into their environmental, social, and ethical risks, fostering a culture of global sustainability change.
Serve as a member of Sword's GRC team, contributing to security compliance across all products and services.
Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible.
Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers.
Sword Health is building AI to heal billions and unlock humanity’s full potential. As both a clinical-centric frontier AI lab and an applied AI platform, Sword is reimagining how care is delivered at scale. They have over 700,000 members across three continents and have raised more than $500 million from leading investors.
Manage IT audit and assurance engagements, including SOC 1, SOC 2, SOC 3, SOC for Cybersecurity, HITRUST, HIPAA, and other compliance assessments.
Collaborate with senior team members and Partners on risk assessments, audit planning, and reporting.
Lead day-to-day engagement activities, providing guidance, oversight, and feedback to staff and seniors.
Insight Assurance is a global audit firm transforming how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, they are one of the fastest-growing global audit firms with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC.
Build the function by creating delivery operating model and reusable IP.
Deliver and scale service lines, including framework digitization and packaged services.
Own commercial outcomes by defining service packaging and pricing models.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, they combine scale with expertise to deliver trust and compliance.