Partner with clients to assess, design, and enhance privacy programs aligned with regulatory and industry requirements.
Interpret and advise on European data protection and privacy laws, including the GDPR, ePrivacy requirements, and applicable EU regulatory obligations.
Conduct privacy assessments, risk evaluations, and audits to identify gaps and create remediation strategies.
Zaviant is a boutique consulting firm specializing in Data Security, Privacy, and Third-Party Risk Management. They partner with organizations to build effective and sustainable solutions that safeguard sensitive data and support compliance with complex, evolving regulatory requirements.
Work collaboratively with a team of assessors as a federal compliance specialist, planning and executing assessments for clients.
Draft audit observations, lead interview walkthroughs, and assess security vulnerabilities against appropriate frameworks.
Prepare and review assessment reports, educate clients on compliance activities, and manage priorities to achieve delivery targets.
Coalfire is on a mission to make the world a safer place by solving clients’ hardest cybersecurity challenges. They are thought leaders, consultants, and cybersecurity experts, and a team of passionate problem-solvers with offices across the U.S. and U.K.
Respond to customer and prospect security/compliance questions and improve repeatable processes and evidence quality.
Upsun is the cloud application platform for hybrid teams, enabling developers to build, ship, and scale confidently without managing backend infrastructure. The company has a remote, global workforce and fosters a multicultural, open, and inclusive culture with a focus on open source and innovation.
Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.
Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.
Lead development and maintenance of Mozilla's core privacy compliance infrastructure, including data mapping and records of processing activities.
Independently drive complex cross-functional privacy initiatives and operationalize scalable governance processes with minimal oversight.
Evaluate and advise on evolving U.S., European, and international privacy and AI regulatory developments relevant to enterprise operations and internal data governance.
Mozilla Corporation is a non-profit-backed technology company that has shaped the internet for over 25 years, making brands like Firefox. With over 225 million monthly users and owned by the Mozilla Foundation, we are not beholden to shareholders and focus on making the internet better for people through open-source software.
Provide strategic legal guidance on privacy, AI, and data protection across the company.
Lead AI and privacy legal reviews to integrate privacy-by-design in product development.
Develop and maintain internal policies and playbooks for responsible AI use.
Hims & Hers is a leading health and wellness platform that provides personalized healthcare from diagnosis to treatment to delivery. The company is a public NYSE-traded company with a mission-driven, fast-paced culture that values flexibility and remote work.
Serve as a senior security and compliance advisor for clients in finance, VC, PE, and biotech, translating complex requirements into practical action plans.
Lead consultative conversations on governance, risk, controls, AI adoption, and audit readiness, delivering clear executive-level recommendations.
Build and refine Outpost's service delivery playbooks, templates, and documentation to scale the offering and improve client experience.
Pliancy is fundamentally changing how businesses value technology, specializing in IT support for life sciences, capital management, and startups. With a people-first culture, the company prioritizes curiosity and empathy, investing in long-term employee success.
Lead penetration testing engagements on applications with complex technology stacks, working independently and collaboratively.
Contextualize vulnerabilities and assess realistic impact to clients, ensuring quality reports and services are delivered efficiently.
Maintain strong depth of knowledge in application security and mentor teammates while collaborating with project managers and delivery teams.
Coalfire is a cybersecurity firm that helps clients navigate complex security challenges through advisory, assessment, and automation services. The company is headquartered in Chicago with offices across the U.S. and U.K., and supports clients worldwide with a team of passionate cybersecurity experts.
Build the function by creating delivery operating model and reusable IP.
Deliver and scale service lines, including framework digitization and packaged services.
Own commercial outcomes by defining service packaging and pricing models.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, they combine scale with expertise to deliver trust and compliance.
Execute Risk & Compliance initiatives, manage privacy and security projects, and ensure alignment with organizational goals.
Identify and mitigate operational, IT, and data privacy risks by partnering with cross-functional teams.
Build and improve compliance frameworks, policies, and procedures aligned with regulations like PIPEDA, COPPA, and GDPR.
BIS Safety Software is a SaaS company that helps organizations manage safety, learning, and compliance through innovative software solutions. Founded in 2006, the company is headquartered in Sherwood Park, Alberta, and offers an Employee Stock Ownership Plan (ESOP) with a culture emphasizing humility and contribution over hierarchy.
Provide expert guidance on privacy, AI governance, and data protection compliance across global initiatives.
Conduct privacy risk assessments and oversee cross-border data transfer mechanisms.
Advise on privacy-by-design principles and maintain privacy documentation including DPIAs and RoPAs.
Our partner is a fast-moving organization operating in a complex global data environment, focused on scalable cloud infrastructure and AI-driven solutions. They have an international, highly skilled work environment with a strong focus on learning and development.
Provide support on regulatory compliance requirements and conduct gap assessments of business unit procedures against global policies.
Collaborate with Legal, Information Security, and business teams to manage compliance risks and support regulatory exams.
Maintain an understanding of business processes, products, and services while participating in exams as a subject matter expert.
Experian is a global data and technology company operating across financial services, healthcare, automotive, and more. With 25,200 employees across 32 countries, they have an award-winning, inclusive, and purpose-driven culture.
Provide expert legal counsel on EU digital regulatory compliance to cross-functional stakeholders.
Draft and implement internal policies, workflows, and risk assessments to ensure compliance with global AI, privacy, and other digital regulations.
Convert complex legal requirements and industry standards into actionable technical and operational requirements.
Cohere is a security-first enterprise AI company that builds cutting-edge foundation models and end-to-end AI products to solve real-world business problems. They are a global team of researchers, engineers, and designers passionate about their craft, with offices in multiple countries.
Act as a strategic legal advisor to executive leadership, proactively identifying risks and opportunities to support high-impact decisions.
Build and execute scalable compliance programs covering data privacy, trade compliance, AI governance, and ethics across a rapidly scaling company.
Lead and develop the in-house legal team, implementing scalable processes and metrics-driven practices to accelerate deals and reduce risk.
UpGuard builds the Cyber Risk Posture Management (CRPM) platform that integrates security ratings, threat intel, and agentic AI to help organizations manage cyber risk. With a Series C funding and a global team of around 200–600 employees, UpGuard emphasizes autonomy and scaling world-class technology in a fully remote, collaborative culture.
Handle and respond to data subject rights requests (e.g., SARs, deletion requests) within statutory timeframes and other privacy-related queries.
Compile and maintain ROPA and other compliance documentation to support accountability obligations.
Complete DPIAs and Legitimate Interests Assessments, liaising with stakeholders on data processing activities.
Prolific is building the human data infrastructure for AI development, connecting researchers and companies with a global pool of participants for high-quality human behavioral data. The company fosters a mission-driven, remote-first culture with a focus on ethical data sourcing.
Advise on AI governance, privacy, and security law as the legal lead for Proof's privacy and AI framework.
Partner with product, engineering, and go-to-market teams to operationalize privacy across identity data, biometrics, and notarizations.
Manage breach response, vendor security, and regulatory inquiries with a business-minded approach.
Proof is the world's first identity-assured transaction management platform, digitizing trust for critical transactions. Developed by the same team behind Notariz℠, it has executed first digital real estate closings, mortgages, and auto sales, with a focus on security and compliance.
Conduct security and privacy reviews of Brave browser and Brave Search.
Triages and fixes security reports, collaborating on privacy-preserving protocols.
Designs and implements new security and privacy features with a small, elite team.
Brave is on a mission to protect the human right to privacy online, offering a free browser that blocks creepy ads and trackers, a private search engine, and a crypto wallet. Already 110+ million people use Brave, with millions more switching monthly, in a hyper-growth company with a flat org structure and ridiculously smart teammates.
Lead assurance technology initiatives focused on innovation and automation.
Develop strategic plans to modernize audit technology and workflows.
Oversee implementation of audit technologies and data analytics tools.
BPM strives to be our best selves and are compelled to ask the questions that lead to innovation. Our shared entrepreneurial spirit drives us to see and do things differently, making BPM a place where everyone feels welcome and valued.
Own and drive the compliance roadmap across multiple frameworks like ISO 27001, TISAX, SOC 2, and GDPR.
Implement ISO 27001 and adjacent frameworks end-to-end for customers, ensuring successful audits.
Mentor the compliance team, conduct internal audits, and act as the senior compliance voice for customers, auditors, and product.
Secfix automates security compliance for companies, helping them achieve ISO 27001, GDPR, TISAX, and SOC 2 quickly. They are a high-performing 100% remote team with hubs in Germany and the UK, backed by top VCs.
You'll partner directly with the Senior Manager of GRC to lead our commercial audit programs, from evidence collection and control testing to deep technical walkthroughs with external auditors and internal SMEs.
You'll own the question of what "good evidence" looks like across SOC 2 Type II, ISO 27001/27017/27018, and ISO 27701, and you'll know where to find it in the systems that generate it.
Help build the AI-assisted workflows and automation that make our audit programs more efficient and our compliance posture more continuous.
1Password is building the foundation for a safe, productive digital future. They ensure every identity is authentic, every application sign-in is secure, and every device is trusted. Over 180,000 businesses trust 1Password. We prioritize collaboration, clear and transparent communication, receptiveness to feedback.