Own and automate our GRC program, including SOC 2 audits, risk assessments, and vendor security reviews.
Drive internal security across identity, device management, access reviews, and incident response.
Build customer-facing trust resources and coordinate product security audits with engineering.
Close builds a communication-first, AI-powered CRM designed to simplify sales for small businesses. The bootstrapped and profitable company has a 120-person, 100% remote team focused on helping customers scale.
Lead the governance, risk, and compliance function across security policies, standards, risk management, audits, and third-party risk.
Own audit readiness and ongoing compliance programs across frameworks such as SOC 2, ISO 27001, GovRAMP, PCI DSS, HIPAA, NIST CSF, and more.
Manage third-party and supply chain risk management, including vendor security reviews, due diligence, and remediation tracking.
Accela provides government software solutions to improve efficiency, increase citizen engagement, and enable thriving communities. They have been an industry leader for nearly 20 years and are committed to diversity, equity, and inclusion.
Manage security compliance programs against frameworks like PCI-DSS, NIST, and SOC 1/2, leveraging automation tools for continuous assessment.
Oversee identity and access management, including automated provisioning audits and anomaly detection.
Collaborate with engineering, DevOps, and product teams to integrate compliance into CI/CD and cloud infrastructure.
Prosper is a FinTech company focused on improving financial well-being. It is a growing company with a collaborative culture and offers resources for professional growth and holistic well-being.
Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.
Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.
Own Filevine's FedRAMP 20x strategy and execution, including evidence automation, continuous monitoring, and certification readiness.
Drive the security compliance and trust program across FedRAMP, SOC 2, ISO, HIPAA, and PCI-DSS, converting obligations into engineering work.
Lead cross-functional alignment and executive reporting to ensure compliance, privacy, and security priorities are shipped on time.
Filevine is a Legal AI company delivering Legal Operating Intelligence for the future of legal work. Fueled by a team of exceptional collaborators and innovators, Filevine’s rapid growth has earned AI awards and recognition from Deloitte and Inc. as one of the most innovative and fastest-growing technology companies in the country.
Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
Lead risk assessments, control testing, and enterprise risk management processes.
Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.
Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.
Support and scale the Assurance & Compliance function through an engineering-driven, automation-first approach.
Partner with Engineering, Security, Legal, and other teams to support compliance programs and audit readiness.
Help transform compliance into a continuous, measurable capability embedded into operations.
Flock builds technology that reduces crime and protects privacy, partnering with cities, businesses, schools, and neighborhoods. With over $1B in funding and an $8.3B valuation, the company is a high-performance team united by urgency, ownership, and a shared commitment to meaningful impact.
Own the end-to-end GRC strategy and roadmap, driving compliance maturity and reducing audit risk.
Design and implement policy-as-code systems, translating compliance frameworks into enforceable code.
Lead full audit cycles, manage evidence collection, and architect GRC platform strategy for continuous compliance.
Smartsheet empowers teams to manage work and scale solutions, now uniting human teams with AI agents to automate tasks and uncover insights. With a history of over 20 years, the company fosters a culture of inclusion, creativity, and big thinking, offering professional growth and a supportive environment.
Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.
Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.
Owns product, cloud, engineering, vendor, AI-tooling, and compliance security functions.
Builds practical guardrails for AI tools, agents, MCPs, data leakage, and automation.
Understands OWASP, IAM, secrets, cloud security, vulnerability management, CI/CD, incident response, and frameworks like SOC 2, ISO 27001, GDPR, or HIPAA.
PlayPower Labs is a company focused on building practical security functions without slowing down teams. The organization values security sharpness, usefulness, and a product-minded approach, with a culture that balances protection and agility.
Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.
Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.
Strengthen company-wide security posture through hands-on engineering, collaboration, and pragmatic standards, focusing on application security, cloud and infrastructure security, and secure development practices.
Define and implement scalable security standards supporting SOC 2 readiness through practical, automated, and auditable solutions, partnering with Engineering, Infrastructure, IT, Product, Legal, and other teams.
Build and maintain internal security tools, automation, and services that support secure development, compliance workflows, vulnerability management, and operational visibility.
Later is the world’s most intelligent influencer marketing company, built to give brands the confidence to create unforgettable campaigns by combining real creator relationships, trusted intelligence, and expert guidance. Trusted by leading enterprise brands including Nike, Wayfair, Unilever, and Southwest Airlines, Later bridges creativity and performance so campaigns deliver results.
Lead end-to-end third-party audits, evidence collection, and compliance onboarding for new products and features.
Partner with cross-functional teams to design and validate internal controls across SOX, SOC, HIPAA, and PCI frameworks.
Drive continuous improvement by standardizing processes, reducing manual effort, and collaborating on automated compliance monitoring.
Jobgether uses AI-powered matching to streamline job applications. They are a company focused on connecting candidates with hiring employers through automated shortlisting, with a transparent and flexible work culture.
Build the Security Telemetry and Risk Fabric to design layered control implementations and shift from reactive monitoring to self-healing security.
Architect Universal Identity and Access Automation, including provisioning connectors and secret discovery to eliminate manual workflows.
Partner across Security, Engineering, and Product to build custom automation for compliance with various audit frameworks.
ClickHouse is a fast-growing private cloud company recognized on the 2025 Forbes Cloud 100 list, leading the market in real-time analytics, data warehousing, observability, and AI workloads with over 3,000 customers. The company has grown ARR over 250% year over year, recently raised a $400M Series D, and counts Meta, Sony, and Tesla among its customers.
Manage the Compliance and Security workstream within a telecom transformation program, coordinating SOC 2, ISO/IEC 27001, and GDPR readiness activities.
Build and maintain the workstream plan with milestones, deliverables, and RAID logs, while driving evidence collection and control-owner alignment.
Facilitate workshops, track remediation across multiple domains, and ensure alignment with adjacent program streams and governance forums.
Miratech helps visionaries change the world as a global IT services and consulting company supporting digital transformation for large enterprises. With nearly 1000 professionals operating across 25+ countries and a 99% project success rate, their culture emphasizes relentless performance and growth.
Support the ISO 27001 program by maintaining audit readiness, running evidence collection, and managing access reviews.
Perform recurring security operations including vulnerability scanning, risk assessments, and vendor reviews.
Collaborate cross-functionally to harden identity and access management, respond to security questionnaires, and support AI governance initiatives.
Didomi is a consent management platform that helps companies manage user consent and data privacy. The company is a growing SaaS organization with a collaborative culture, emphasizing automation and efficiency.
Design and implement security automation solutions to improve scalability, reliability, and efficiency across security and compliance operations.
Build security telemetry capabilities for continuous control evidence collection, monitoring, and real-time risk visibility.
Develop automation frameworks and identity management solutions for provisioning, access governance, and scalable workflows.
Jobgether is a platform that uses AI-powered matching to connect candidates with hiring companies. They are a fast-growing technology environment offering remote-friendly work and opportunities for global collaboration.
Design and implement a comprehensive GRC framework addressing both traditional security controls and novel AI safety considerations.
Lead engagements with external auditors to obtain critical security certifications like SOC 2, ISO 27001/27701/42001, and FedRAMP.
Partner with AI research teams to develop and implement appropriate safeguards and controls for machine learning systems.
Runway builds AI to simulate the world through merging art and science, focusing on world models for progress in artificial intelligence. Our team consists of creative, open-minded, caring, and ambitious people determined to change the world, striving to continuously build impossible things.
Lead a small, high-leverage team of senior and staff security engineers, setting technical direction and growing talent.
Partner with product and executives to deliver AI-first security capabilities and represent security to customers.
Turn compliance (ISO 27001, SOC 2) into continuous assurance, protecting customer trust.
Sysdig creates cloud security solutions, including the open standard Falco for threat detection, used by over 60% of the Fortune 500. Recognized as a Best Place to Work and one of Deloitte's fastest-growing companies for the past 5 years, they value diversity and open dialogue.
Defines program goals, governance frameworks, and measurable objectives for cyber risk and compliance programs.
Manages user attestations, third-party risk, cyber contract negotiation, and coordination of IT audits/assessments.
Implements GRC tooling and monitors program effectiveness through KPIs, QA reviews, and control testing.
Velera is a credit union service organization providing fintech solutions to over 4,000 financial institutions. The company fosters a remote-first, inclusive culture with a focus on employee wellbeing and belonging.