Source Job

$190,000–$210,000/yr
Global

  • Own Filevine's FedRAMP 20x strategy and execution, including evidence automation, continuous monitoring, and certification readiness.
  • Drive the security compliance and trust program across FedRAMP, SOC 2, ISO, HIPAA, and PCI-DSS, converting obligations into engineering work.
  • Lead cross-functional alignment and executive reporting to ensure compliance, privacy, and security priorities are shipped on time.

FedRAMP NIST 800-53 SOC 2 ISO 27001 Compliance

20 jobs similar to Head of Trust and Security

Jobs ranked by similarity.

India Unlimited PTO

  • Lead delivery of FedRAMP, CMMC, HITRUST, and NIST compliance engagements where federal authorization is on the line.
  • Build reusable IP like control-mapping libraries, SSP templates, and evidence-collection playbooks for complex frameworks.
  • Own pricing, margin, and utilization for specialized federal engagements, plus leverage AI to standardize deliverables.

Sprinto is an Autonomous Trust Platform that centralizes trust requirements across security frameworks, vendors, and customers. Backed by top-tier investors like Accel, Elevation, and Blume Ventures, we've raised $31.8M and are trusted by over 3,000 organizations across 75 countries, with a remote culture built on ownership and progress over perfection.

$147,800–$164,000/yr
Global 18w maternity 16w paternity

  • Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
  • Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
  • Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.

Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.

$120,000–$210,000/yr
Eastern US

  • Focus on developing and delivering compliance solutions and strategies for Commercial, Defense Industrial Base, and State/Local customers.
  • Conduct compliance audits, assessments, and gap analyses to identify areas for improvement.
  • Author policies, plans, and procedures in CJIS and FedRAMP environments while serving as a trusted advisor to customers.

Planet Technologies is the leading provider of Microsoft consulting services to public sector and commercial organizations, specializing in building custom solutions that transform business operations. They are a growing team with collaborative peers and caring leaders, focused on high-profile client projects.

United States Unlimited PTO

  • Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
  • Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
  • Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.

Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.

$198,238–$233,221/yr
US

  • Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
  • Lead risk assessments, control testing, and enterprise risk management processes.
  • Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.

Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.

Global

  • Own RMF authorizations across Department of War components and FedRAMP High, alongside CMMC 2.0 and SOC 2 compliance for corporate systems.
  • Maintain authorization and audit evidence, including SSPs, SARs, POA&Ms, STIGs, and control mappings.
  • Partner with Engineering, Product, and Security to embed compliance requirements into system design and CI/CD workflows.

Onebrief builds collaboration and AI-powered workflow software for military planning and operational coordination. Founded in 2019, valued at over $2 billion, they are a distributed team of builders from military, operational, and technology backgrounds.

$130,000–$145,000/yr
US Unlimited PTO 20w maternity 12w paternity

  • Support and scale the Assurance & Compliance function through an engineering-driven, automation-first approach.
  • Partner with Engineering, Security, Legal, and other teams to support compliance programs and audit readiness.
  • Help transform compliance into a continuous, measurable capability embedded into operations.

Flock builds technology that reduces crime and protects privacy, partnering with cities, businesses, schools, and neighborhoods. With over $1B in funding and an $8.3B valuation, the company is a high-performance team united by urgency, ownership, and a shared commitment to meaningful impact.

  • Owns product, cloud, engineering, vendor, AI-tooling, and compliance security functions.
  • Builds practical guardrails for AI tools, agents, MCPs, data leakage, and automation.
  • Understands OWASP, IAM, secrets, cloud security, vulnerability management, CI/CD, incident response, and frameworks like SOC 2, ISO 27001, GDPR, or HIPAA.

PlayPower Labs is a company focused on building practical security functions without slowing down teams. The organization values security sharpness, usefulness, and a product-minded approach, with a culture that balances protection and agility.

$105,000–$130,000/yr
US

  • Consult onsite and remotely with customers to collect and analyze data related to policies, infrastructure, and compliance requirements.
  • Perform gap analyses of current environments and recommend remediation steps.
  • Assist with sales and marketing activities as a subject matter expert and prepare industry presentations.

CampusGuard provides information security and privacy consulting and compliance services for campus-based organizations. It is a full-service firm leveraging industry standards to deliver world-class security and compliance services.

Global

  • Manage the Compliance and Security workstream within a telecom transformation program, coordinating SOC 2, ISO/IEC 27001, and GDPR readiness activities.
  • Build and maintain the workstream plan with milestones, deliverables, and RAID logs, while driving evidence collection and control-owner alignment.
  • Facilitate workshops, track remediation across multiple domains, and ensure alignment with adjacent program streams and governance forums.

Miratech helps visionaries change the world as a global IT services and consulting company supporting digital transformation for large enterprises. With nearly 1000 professionals operating across 25+ countries and a 99% project success rate, their culture emphasizes relentless performance and growth.

$132,000–$165,000/yr
US Unlimited PTO

  • Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
  • Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
  • Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.

Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.

US

  • Write and maintain security compliance documentation including agency policies and technical baselines.
  • Translate federal regulations like NIST and FISMA into clear, actionable policies for technical and non-technical audiences.
  • Collaborate with system owners and stakeholders to ensure documentation aligns with IT standards and organizational needs.

Valiant Solutions is a security-focused IT solutions provider serving public clients nationwide. Named one of the fastest growing privately held companies and a Best Place to Work, we pride ourselves on an employee-centric culture and work-life balance.

US 24w maternity 24w paternity

  • Own the end-to-end GRC strategy and roadmap, driving compliance maturity and reducing audit risk.
  • Design and implement policy-as-code systems, translating compliance frameworks into enforceable code.
  • Lead full audit cycles, manage evidence collection, and architect GRC platform strategy for continuous compliance.

Smartsheet empowers teams to manage work and scale solutions, now uniting human teams with AI agents to automate tasks and uncover insights. With a history of over 20 years, the company fosters a culture of inclusion, creativity, and big thinking, offering professional growth and a supportive environment.

India

  • Manage and conduct internal and external compliance audits for frameworks like ISO, SOC, and NIST.
  • Work with global teams to implement and update compliance controls, policies, and training.
  • Stay updated on regulatory changes and perform gap analysis to maintain certifications.

QAD is building a world-class SaaS company that solves real-world problems in manufacturing and supply chain. They are a growing, virtual-first company with a collaborative culture that values idea-sharing and growth.

$112,700–$180,300/yr
US

  • Lead end-to-end third-party audits, evidence collection, and compliance onboarding for new products and features.
  • Partner with cross-functional teams to design and validate internal controls across SOX, SOC, HIPAA, and PCI frameworks.
  • Drive continuous improvement by standardizing processes, reducing manual effort, and collaborating on automated compliance monitoring.

Jobgether uses AI-powered matching to streamline job applications. They are a company focused on connecting candidates with hiring employers through automated shortlisting, with a transparent and flexible work culture.

Europe 5w PTO

  • Own and drive the compliance roadmap across multiple frameworks like ISO 27001, TISAX, SOC 2, and GDPR.
  • Implement ISO 27001 and adjacent frameworks end-to-end for customers, ensuring successful audits.
  • Mentor the compliance team, conduct internal audits, and act as the senior compliance voice for customers, auditors, and product.

Secfix automates security compliance for companies, helping them achieve ISO 27001, GDPR, TISAX, and SOC 2 quickly. They are a high-performing 100% remote team with hubs in Germany and the UK, backed by top VCs.

$100,000–$160,000/yr
US

  • Support the day-to-day security posture of systems across cloud and on-prem environments, including vulnerability management and remediation tracking.
  • Partner with infrastructure, platform, and engineering teams on secure configuration, access control, logging, and incident readiness.
  • Support compliance activities related to GovRAMP, FedRAMP, PCI DSS, and internal reviews using AWS security tooling.

Grant Street Group is a growing company that provides SaaS products for electronic payments, auctions, and tax collection. The company fosters a culture of teamwork, professional excellence, and individual responsibility in a technology-rich remote environment.

US Unlimited PTO

  • Lead the technical work to achieve and maintain compliance certifications (SOC 2, ISO 27001, and the upcoming FedRAMP process)
  • Design and implement security controls across AWS infrastructure, CI/CD pipelines, Kubernetes, and application deployments
  • Build the automation, logging, and evidence collection required for continuous compliance

Zafran's mission is to stop the exploitation of vulnerabilities everywhere, using an Exposure Graph that maps and neutralizes real attack paths. Backed by Menlo Ventures, Sequoia Capital, and Cyberstarts, they are one of the fastest-growing companies in cybersecurity, with a culture of meaningful work and challenging teammates.

US

  • Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
  • Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
  • Conduct security risk assessments, evaluate controls, and track remediation plans.

Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.

$145,000–$175,000/yr
United States

  • Strengthen company-wide security posture through hands-on engineering, collaboration, and pragmatic standards, focusing on application security, cloud and infrastructure security, and secure development practices.
  • Define and implement scalable security standards supporting SOC 2 readiness through practical, automated, and auditable solutions, partnering with Engineering, Infrastructure, IT, Product, Legal, and other teams.
  • Build and maintain internal security tools, automation, and services that support secure development, compliance workflows, vulnerability management, and operational visibility.

Later is the world’s most intelligent influencer marketing company, built to give brands the confidence to create unforgettable campaigns by combining real creator relationships, trusted intelligence, and expert guidance. Trusted by leading enterprise brands including Nike, Wayfair, Unilever, and Southwest Airlines, Later bridges creativity and performance so campaigns deliver results.