You'll partner directly with the Senior Manager of GRC to lead our commercial audit programs, from evidence collection and control testing to deep technical walkthroughs with external auditors and internal SMEs.
You'll own the question of what "good evidence" looks like across SOC 2 Type II, ISO 27001/27017/27018, and ISO 27701, and you'll know where to find it in the systems that generate it.
Help build the AI-assisted workflows and automation that make our audit programs more efficient and our compliance posture more continuous.
1Password is building the foundation for a safe, productive digital future. They ensure every identity is authentic, every application sign-in is secure, and every device is trusted. Over 180,000 businesses trust 1Password. We prioritize collaboration, clear and transparent communication, receptiveness to feedback.
Lead and maintain the IT Compliance Program, ensuring alignment with industry best practices and regulatory requirements.
Stay abreast of relevant laws, regulations, and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...).
Serve as a main point of contact for senior management and stakeholders on regulatory and IT compliance matters.
EcoVadis is the leading provider of business sustainability ratings, offering solutions backed by experts and technology. They analyze data to provide companies with insights into their environmental, social, and ethical risks, fostering a culture of global sustainability change.
Translate group security frameworks into practical policies, controls, and procedures.
Build and strengthen a Security-by-Design culture across projects, platforms, and teams.
Support teams in identifying risks, defining actions, and tracking real progress.
Q8 is a well-respected, reliable, and trustworthy energy supplier that has been operating since 1983, with nearly 5,000 service stations in Europe. They are committed to developing a wide range of innovative and sustainable products and services. Their culture is focused on growing together in a digital and inspiring environment of trust, focused on continuous learning.
Manage security compliance programs against frameworks like PCI-DSS, NIST, and SOC 1/2, leveraging automation tools for continuous assessment.
Oversee identity and access management, including automated provisioning audits and anomaly detection.
Collaborate with engineering, DevOps, and product teams to integrate compliance into CI/CD and cloud infrastructure.
Prosper is a FinTech company focused on improving financial well-being. It is a growing company with a collaborative culture and offers resources for professional growth and holistic well-being.
Design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations.
Operationalizing and expanding our GRC platform (Drata), building AI-assisted workflows that automate evidence collection, control monitoring, and vendor risk.
Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility without sacrificing quality.
1Password is building the foundation for a safe, productive digital future. They innovated the market-leading enterprise password manager and pioneered Unified Access Management, a new cybersecurity category built for the way people and AI agents work today. 1Password has surpassed $400M in ARR and has over 180,000 businesses using their product.
Own and drive the compliance roadmap across multiple frameworks like ISO 27001, TISAX, SOC 2, and GDPR.
Implement ISO 27001 and adjacent frameworks end-to-end for customers, ensuring successful audits.
Mentor the compliance team, conduct internal audits, and act as the senior compliance voice for customers, auditors, and product.
Secfix automates security compliance for companies, helping them achieve ISO 27001, GDPR, TISAX, and SOC 2 quickly. They are a high-performing 100% remote team with hubs in Germany and the UK, backed by top VCs.
Serve as a senior security and compliance advisor for clients in finance, VC, PE, and biotech, translating complex requirements into practical action plans.
Lead consultative conversations on governance, risk, controls, AI adoption, and audit readiness, delivering clear executive-level recommendations.
Build and refine Outpost's service delivery playbooks, templates, and documentation to scale the offering and improve client experience.
Pliancy is fundamentally changing how businesses value technology, specializing in IT support for life sciences, capital management, and startups. With a people-first culture, the company prioritizes curiosity and empathy, investing in long-term employee success.
Build the function by creating delivery operating model and reusable IP.
Deliver and scale service lines, including framework digitization and packaged services.
Own commercial outcomes by defining service packaging and pricing models.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, they combine scale with expertise to deliver trust and compliance.
Own and strengthen the controls environment, ensuring compliance requirements are effectively implemented and maintained.
Support and mature the GRC program, including SOC 2 operations and alignment with security frameworks such as NIST.
Build and maintain Business Continuity and Disaster Recovery programs, including BIAs, continuity plans, and recovery runbooks.
Mesh enables consumers to pay and be paid with any asset, bridging the gap between tokenized assets and everyday commerce. Backed by investors like PayPal Ventures and Paradigm, they are a high-growth company building the infrastructure for the global economy.
Define and own the security strategy: Oversee comprehensive security across cloud, network, and application layers. Partner with engineering on vulnerability management.
Secure AI & ML integrations: Establish and enforce security guardrails for AI pipelines and LLM deployments. Protect against AI-specific threats and ensuring model safety.
Risk & Incident Management: Assess security risks, monitor processes continuously, and coordinate effective incident response and recovery efforts.
Musixmatch is a leading music metadata company with the world’s largest lyrics catalog and a community of over 80M contributors. They are the trusted global partner of companies like Spotify, Apple, Amazon Music, and Google. They're a bunch of creatives who care about their work. They believe that participation and collaboration are key to getting things done well.
Respond to customer and prospect security/compliance questions and improve repeatable processes and evidence quality.
Upsun is the cloud application platform for hybrid teams, enabling developers to build, ship, and scale confidently without managing backend infrastructure. The company has a remote, global workforce and fosters a multicultural, open, and inclusive culture with a focus on open source and innovation.
Manage IT audit and assurance engagements, including SOC 1, SOC 2, SOC 3, SOC for Cybersecurity, HITRUST, HIPAA, and other compliance assessments.
Collaborate with senior team members and Partners on risk assessments, audit planning, and reporting.
Lead day-to-day engagement activities, providing guidance, oversight, and feedback to staff and seniors.
Insight Assurance is a global audit firm transforming how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, they are one of the fastest-growing global audit firms with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC.
Lead control program maturity by designing an auditable framework fitting ezCater's SaaS, cloud, data, and engineering environment.
Build continuous control monitoring and automation by partnering with engineering teams to implement automated testing and evidence collection.
Expand data security policy and program quality by defining clear, enforceable policies tied to technical practices and operating cadences.
ezCater is the #1 food tech platform for workplaces in the US, making it easy for organizations to manage food needs and order from over 125,000 restaurants nationwide. The company values work/life harmony and offers a collaborative, innovative environment with passionate colleagues.