Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.
Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.
Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks.
Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking.
Partner with Security and Platform teams to ensure controls are technically implemented, not just documented.
HighLevel is an AI powered, all-in-one white-label sales & marketing platform that empowers agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. With over 1,500 team members across 15+ countries, we operate in a global, remote-first environment.
Safeguard assets and global reputation, acting as a strategic partner.
Lead risk mitigation strategies and ensure compliance with global standards.
Develop a world-class GRC program that aligns with strategic goals.
EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. They analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.
Ownership of our SOC 2 and Privacy compliance roadmap, from problem framing to tracking adoption.
Gap analysis and consulting with clients to assess their InfoSec posture and provide actionable paths to certification.
Internal playbook development, creating the checklists, policy templates, and controls that will be automated within our software.
Greenplaces helps companies navigate reporting requirements. They empower businesses to measure their carbon emissions and act as the definitive source of truth for all sustainability and compliance activity. They are headquartered in Raleigh, NC, with a distributed team across the country and backed by world-class investors.
Conduct ongoing risk reviews and maintain an up-to-date risk register.
Support risk assessments across critical business processes and systems.
Partner with stakeholders to develop and track risk mitigation plans through resolution.
Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.
Apply compliance frameworks to assess, design, and implement security controls.
Conduct compliance gap assessments and develop remediation plans.
Create and maintain key documentation tailored to client needs.
AHEAD builds platforms for digital business by weaving together advances in cloud infrastructure, automation and analytics, and software delivery. They prioritize creating a culture of belonging where all perspectives and voices are represented, valued, respected, and heard.
Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management.
Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking
Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews
HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership.
Support the execution and continuous improvement of Qohash’s security program.
Support risk assessments, track identified risks, and help coordinate remediation efforts.
Maintain security policies, standards, awareness materials, and support internal security training initiatives.
Qohash is building a foundational pillar of Canada’s digital sovereignty, believing security must scale differently. They look for bold, mission-driven individuals with technical depth and strategic clarity who collaborate across disciplines to protect sensitive data.
Owns and manages the organization’s enterprise certification frameworks.
Develop and maintain policies and procedures supporting certification frameworks.
Support proposal teams by validating and documenting certification compliance.
Lynker Corporation is a leading provider of innovative solutions in weather and climate science. They leverage cutting-edge technologies and scientific expertise to support improved operational weather forecasts. Lynker is a growing, employee-owned business specializing in professional, scientific, and technical services with a team-oriented work environment.
Implement and manage the NIST Risk Management Framework (RMF) to achieve and maintain compliance.
Drive the data privacy program by conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
Design and execute a continuous internal audit program to validate the effectiveness of controls.
IonQ delivers solutions to solve the world’s most complex problems with quantum computing. IonQ's newest generation quantum computers, IonQ Tempo and IonQ Forte Enterprise, help customers and partners such as Amazon Web Services, AstraZeneca, and NVIDIA achieve 20x performance results.
Drive the implementation and continuous improvement of the ISO 27001 Information Security Management System.
Support SOC 2 Type II compliance efforts, including control implementation and evidence collection.
Own and evolve the company-wide risk management program, including risk register and scoring methodology.
Insider One provides a platform that brings marketing and customer engagement teams everything they need in one place. They are powered by 1,500+ team members representing 50+ nationalities across 30+ offices and are trusted by 2000+ customers.
Performing testing activities end-to-end, identifying control gaps for remediation and acting as a subject matter expert in both IT and regulatory risk.
Partnering with Operations, Compliance, Information Security, Engineering, Product, and Legal teams to translate complex regulatory requirements into actionable technical processes.
Collaborating with risk owners to provide credible challenge to remediation plans and track findings using GRC tools (Audit Board).
Anchorage Digital is building the world’s most advanced digital asset platform for institutions to participate in crypto. They enable institutions to participate in digital assets through custody, staking, trading, governance, settlement, and security infrastructure. With over 600 employees, their team is united in building the future of finance by providing the foundation upon which value moves safely in the new global economy and are funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa, with its Series D valuation over $3 billion.
Own end-to-end compliance strategy and operations.
Conduct risk assessments and identify compliance risks.
Build compliance programs from ground up and coordinate compliance audits.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.
As the first dedicated InfoSec hire, you'll secure organizational systems, data, and operations.
You will develop and maintain a practical framework for securely deploying AI tools across the organization.
You will lead security incident response, investigate alerts, and coordinate containment.
Customer.io's platform is used by over 8,000 companies to send billions of messages daily. They power automated communication and help teams send smarter messages using real-time behavioral data, operating as a globally distributed, remote-first company.
Build the function, create delivery operating model, and build reusable IP.
Deliver and scale service lines, and own commercial outcomes.
Create “AI-assisted playbooks” for repeatable services and ensure quality and manage risk.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.
Execute end-to-end third-party and vendor risk assessments.
Develop, maintain, and enhance risk metrics, dashboards, and reporting.
Assist with additional GRC activities as needed, including policy management, risk assessments, control testing, and compliance initiatives
Aprio is a Top 20 CPA and advisory firm that accounts for anything. With over 3,200 team members and 40 U.S. office locations, plus international offices, they bring proven expertise and strategic foresight to fast-growing industries.
Accelerate Onebrief’s execution of GRC programs supporting NIST RMF, FedRAMP High, CMMC, and SOC2 authorizations
Develop and manage integrated project plans for control implementation, remediation, and continuous monitoring
Coordinate cross-functional teams (Infrastructure, Engineering, Product) to ensure timely delivery of compliance requirements
Onebrief provides collaboration and AI-powered workflow software designed specifically for military staffs, aiming to make them faster, smarter, and more efficient. Valued at $2.15B, the company has raised $320m+ from top-tier investors and operates as an all-remote company.
Monitor, assess, and maintain security controls within cloud environments.
Manage the overall Security Awareness program for Cority.
Provide Security Incident Response support and participate in the development of business cases and presentations on cloud security technologies.
Cority helps customers see and prevent risks across their operations in real time. They are recognized by top analysts and trusted by more than 1,500 of the most complex organizations worldwide.
Support the delivery of Microsoft security, compliance, identity, and endpoint management solutions under guidance from senior consultants.
Assist with customer engagements, including discovery sessions, documentation, demonstrations, and implementation.
Contribute to security reviews, basic assessments, and gap analyses.
Threatscape's Microsoft Security Practice is growing. They value people who have high agency, contagious enthusiasm, communicate clearly, enjoy collaborating, are curious, proactive learners, and show professionalism, empathy, and attention to detail.
Assist with the configuration and optimization of Wiz dashboards.
Help develop customized dashboard views for stakeholders across engineering and compliance.
Participate in routine cloud security posture management reviews and reporting.
Aledade is a public benefit corporation that empowers independent primary care practices. It was founded in 2014 and has become the largest network of independent primary care, helping practices deliver better care and thrive in value-based care with a collaborative, inclusive, and remote-first culture.