You'll partner directly with the Senior Manager of GRC to lead our commercial audit programs, from evidence collection and control testing to deep technical walkthroughs with external auditors and internal SMEs.
You'll own the question of what "good evidence" looks like across SOC 2 Type II, ISO 27001/27017/27018, and ISO 27701, and you'll know where to find it in the systems that generate it.
Help build the AI-assisted workflows and automation that make our audit programs more efficient and our compliance posture more continuous.
1Password is building the foundation for a safe, productive digital future. They ensure every identity is authentic, every application sign-in is secure, and every device is trusted. Over 180,000 businesses trust 1Password. We prioritize collaboration, clear and transparent communication, receptiveness to feedback.
Own end-to-end execution of Lumin’s external audit and assessment portfolio.
Design, mature, and lead a scalable, risk-based internal technical audit program.
Lead the identification, evaluation, and adoption of AI and automation capabilities across the assurance lifecycle.
Lumin Digital empowers credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. They are 100% cloud-native and thrive on curiosity and innovation, fostering trust, respect, and boldness.
Own the governance framework for Life360's agentic systems and define the policies and control sets that govern how agents are built and deployed.
Take an agentic approach to GRC itself by automating evidence collection, drafting control narratives and triaging vendor questionnaires using AI and internal tooling.
Build the policy program as code with policies in Git and requirements expressed as enforceable rules and automated checks.
Life360's mission is to keep people close to the ones they love. They have a category-leading mobile app and other tracking devices to empower members to protect people, pets and things. Life360 has more than 500 remote-first employees and is growing.
Drive compliance efforts to unlock business capabilities
Secure Owner by helping teams successfully prevent and remediate vulnerabilities
Help teams build better and more secure systems by avoiding pitfalls of risk.
Owner is an AI-native system local business owners use to succeed, starting with restaurants. It's building the system that replaces the many tools owners use to run their business and powers everything from the restaurant’s website, online ordering, CRM, POS, and more. The team is in the low hundreds.
Maintain and improve information security policies, standards, and procedures.
Support SOC 2, ISO 27001, and HITRUST readiness, audit preparation, and evidence collection.
Support vendor security reviews, third-party risk assessments, and remediation tracking.
Benepass is making benefits easy through its customizable fintech platform. They enable People teams to implement, administer, and track benefits that meet employees where they are. The company has raised approximately $75 million in equity capital and is backed by leading investors.
Draft and manage statements of work for customizations, white labels, builds for clients, and change orders.
Partner with sales and post-sales teams to scope custom SOW engagements, define deliverables, timelines, and success criteria.
Plan, coordinate, and drive the delivery of large projects for global key accounts with in-house or outsourced contractors and ISVs.
Sardine is a leader in fraud prevention and AML compliance. They use device intelligence, behavior biometrics, machine learning, and AI to stop fraud before it happens and have hubs in the Bay Area, NYC, Austin, Toronto, and São Paulo, with a remote-first culture.
Lead and maintain the IT Compliance Program, ensuring alignment with industry best practices and regulatory requirements.
Stay abreast of relevant laws, regulations, and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...).
Serve as a main point of contact for senior management and stakeholders on regulatory and IT compliance matters.
EcoVadis is the leading provider of business sustainability ratings, offering solutions backed by experts and technology. They analyze data to provide companies with insights into their environmental, social, and ethical risks, fostering a culture of global sustainability change.
Design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations.
Operationalizing and expanding our GRC platform (Drata), building AI-assisted workflows that automate evidence collection, control monitoring, and vendor risk.
Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility without sacrificing quality.
1Password is building the foundation for a safe, productive digital future. They innovated the market-leading enterprise password manager and pioneered Unified Access Management, a new cybersecurity category built for the way people and AI agents work today. 1Password has surpassed $400M in ARR and has over 180,000 businesses using their product.
Partner with Security Engineering, Risk, Product, and Infrastructure teams to bake security and compliance into the process.
Dive deep into the security stack to identify execution blockers and actively architect the technical solutions to implement them.
Define the technical milestones for high-stakes initiatives like Zero Trust and IAM overhauls, translating a broad vision into a precise execution roadmap.
Human Interest aims to provide all workers access to retirement benefits. They are a high-growth fintech company that is financially backed by investors such as BlackRock, TPG, and SoftBank.
Manage and expand Valon's security and privacy compliance program across key frameworks and regulations.
Build and scale modern Security GRC capabilities that leverage AI-enabled tools and processes, reducing manual overhead while optimizing risk and compliance operations.
Maintain and evolve Valon's risk management practices; facilitate risk assessments across teams and track remediation of identified issues to closure.
Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing. We're a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate.
Understand real security workflows across threat modeling, privacy, and vendor risk.
Integrate Clearly AI into those workflows alongside Jira, ServiceNow, Confluence, and GitHub.
Drive disciplined implementation from contract to production.
Clearly AI automates the most painful bottleneck in the enterprise: security and privacy reviews. We help security teams complete high-quality threat models, privacy impact assessments, and vendor risk evaluations in minutes instead of weeks. We are early and deeply technical, backed by Y Combinator and live with Fortune 500s and global brands.
Manage IT audit and assurance engagements, including SOC 1, SOC 2, SOC 3, SOC for Cybersecurity, HITRUST, HIPAA, and other compliance assessments.
Collaborate with senior team members and Partners on risk assessments, audit planning, and reporting.
Lead day-to-day engagement activities, providing guidance, oversight, and feedback to staff and seniors.
Insight Assurance is a global audit firm transforming how organizations achieve cybersecurity and compliance. Founded by former Big 4 (EY) professionals, they are one of the fastest-growing global audit firms with 170+ professionals supporting nearly 2,000 clients across the Americas, EMEA, and APAC.
Serve as a member of Sword's GRC team, contributing to security compliance across all products and services.
Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible.
Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers.
Sword Health is building AI to heal billions and unlock humanity’s full potential. As both a clinical-centric frontier AI lab and an applied AI platform, Sword is reimagining how care is delivered at scale. They have over 700,000 members across three continents and have raised more than $500 million from leading investors.
Build trust and maintain engagement cadences with customers from sales handoff to value realization.
Create and manage customer implementation plans, conducting reviews to track progress and adapt where necessary.
Cultivate customer champions and act as their advocate with internal Engineering, Product, and other cross-functional teams.
Fieldguide builds software that automates and streamlines assurance and audit work in cybersecurity, privacy, and financial audit to establish trust in global commerce. The company is a remote-first, VC-backed startup based in San Francisco with a humble and supportive culture that values diversity and deliberate team building.
Translate group security frameworks into practical policies, controls, and procedures.
Build and strengthen a Security-by-Design culture across projects, platforms, and teams.
Support teams in identifying risks, defining actions, and tracking real progress.
Q8 is a well-respected, reliable, and trustworthy energy supplier that has been operating since 1983, with nearly 5,000 service stations in Europe. They are committed to developing a wide range of innovative and sustainable products and services. Their culture is focused on growing together in a digital and inspiring environment of trust, focused on continuous learning.
Diagnose, prioritize, and drive security program maturity.
Translate security requirements into engineering practice.
Own the compliance surface without losing sight of real risk.
Aledade helps independent primary care practices survive and thrive, aiming to bend the healthcare cost curve. They are the largest network of independent primary care in the country.
Act as the primary point of contact for external auditors and lead the end-to-end execution of PCI DSS audits.
Orchestrate and lead the quarterly and semi-annual user access review process across all critical systems.
Execute and maintain a comprehensive, year-round Security Awareness Training program.
Subsplash builds The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. They are an award-winning team of 280+ mission-driven people who are committed to humility, innovation, and excellence.
Lead security strategy across infrastructure, cloud systems, and enterprise applications.
Drive SOC 2, ISO 27001, and ISO 42001 readiness/certifications.
Own vulnerability management, threat monitoring, and incident response workflows.
SaaS Talent is a recruiting company, and a hiring, business development and growth partner with 20+ years of experience in SaaS and Hi-Tech that helps you scale and transform your business. They've worked with 100+ companies and helped them achieve their goals.
Deliver world-class cyber security assessment and advisory services while ensuring customer satisfaction.
Work effectively as a team member on large engagements and remain current on technical knowledge.
Demonstrate GuidePoint’s Core Values at all times: Take Charge and Complete Our Mission.
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services to help organizations make better decisions and minimize risk. They have over 1,200 employees and focus on core values to establish an enjoyable workplace atmosphere.
Reporting to the CEO, you will lead Engineering, Test, IT Operations, and Deployment teams.
Working with Product Management, drive Medrio’s AI-first engineering strategy for software that customers trust.
Own Medrio’s security posture and ensure on-time renewal of ISO 27001/27701, SOC 2, HIPAA, and GDPR.
Medrio is a company that looks for smart, capable, and conscientious people to help them expand their product capabilities, grow their business, and better serve their customers. The Medrio team is made up of individuals with a wide array of skills and interests, but all have a passion for providing the best possible user experience for their customers.