Manage the Compliance and Security workstream within a telecom transformation program, coordinating SOC 2, ISO/IEC 27001, and GDPR readiness activities.
Build and maintain the workstream plan with milestones, deliverables, and RAID logs, while driving evidence collection and control-owner alignment.
Facilitate workshops, track remediation across multiple domains, and ensure alignment with adjacent program streams and governance forums.
Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.
Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.
Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
Lead risk assessments, control testing, and enterprise risk management processes.
Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.
Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.
Own and drive the compliance roadmap across multiple frameworks like ISO 27001, TISAX, SOC 2, and GDPR.
Implement ISO 27001 and adjacent frameworks end-to-end for customers, ensuring successful audits.
Mentor the compliance team, conduct internal audits, and act as the senior compliance voice for customers, auditors, and product.
Secfix automates security compliance for companies, helping them achieve ISO 27001, GDPR, TISAX, and SOC 2 quickly. They are a high-performing 100% remote team with hubs in Germany and the UK, backed by top VCs.
Respond to customer and prospect security/compliance questions and improve repeatable processes and evidence quality.
Upsun is the cloud application platform for hybrid teams, enabling developers to build, ship, and scale confidently without managing backend infrastructure. The company has a remote, global workforce and fosters a multicultural, open, and inclusive culture with a focus on open source and innovation.
Coordinate compliance and accountability systems across MAP's global medicine access operations, maintaining review processes and documentation.
Track corrective actions, monitor operational metrics, and support organizational readiness for audits and external assessments.
Collaborate cross-functionally with Programs, Finance, HR, and other teams to strengthen consistency and transparency in compliance processes.
MAP International is a global health nonprofit that provides essential medicines and health supplies to those in need. The organization operates with a distributed team across multiple functions, emphasizing a culture of compliance, accountability, and operational integrity.
Serve as a senior security and compliance advisor for clients in finance, VC, PE, and biotech, translating complex requirements into practical action plans.
Lead consultative conversations on governance, risk, controls, AI adoption, and audit readiness, delivering clear executive-level recommendations.
Build and refine Outpost's service delivery playbooks, templates, and documentation to scale the offering and improve client experience.
Pliancy is fundamentally changing how businesses value technology, specializing in IT support for life sciences, capital management, and startups. With a people-first culture, the company prioritizes curiosity and empathy, investing in long-term employee success.
Own delivery for standard-framework GRC engagements including ISO 27001, SOC 2, GDPR, and PCI DSS.
Build and maintain reusable IP such as templates, control-mapping libraries, and AI-assisted playbooks.
Own commercial outcomes including pricing, utilization, margin, and delivery forecasting for your own engagement book.
Sprinto is an Autonomous Trust Platform that centralizes trust requirements across security frameworks, vendors, and customers. Backed by top-tier investors such as Accel, Elevation, and Blume Ventures, they have raised $31.8M in funding and are trusted by over 3,000 organizations across 75 countries, with a remote culture organized around problems rather than job titles.
Lead end-to-end third-party audits, evidence collection, and compliance onboarding for new products and features.
Partner with cross-functional teams to design and validate internal controls across SOX, SOC, HIPAA, and PCI frameworks.
Drive continuous improvement by standardizing processes, reducing manual effort, and collaborating on automated compliance monitoring.
Jobgether uses AI-powered matching to streamline job applications. They are a company focused on connecting candidates with hiring employers through automated shortlisting, with a transparent and flexible work culture.
Execute Risk & Compliance initiatives, manage privacy and security projects, and ensure alignment with organizational goals.
Identify and mitigate operational, IT, and data privacy risks by partnering with cross-functional teams.
Build and improve compliance frameworks, policies, and procedures aligned with regulations like PIPEDA, COPPA, and GDPR.
BIS Safety Software is a SaaS company that helps organizations manage safety, learning, and compliance through innovative software solutions. Founded in 2006, the company is headquartered in Sherwood Park, Alberta, and offers an Employee Stock Ownership Plan (ESOP) with a culture emphasizing humility and contribution over hierarchy.
Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.
Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.
Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.
Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.
Own RMF authorizations across Department of War components and FedRAMP High, alongside CMMC 2.0 and SOC 2 compliance for corporate systems.
Maintain authorization and audit evidence, including SSPs, SARs, POA&Ms, STIGs, and control mappings.
Partner with Engineering, Product, and Security to embed compliance requirements into system design and CI/CD workflows.
Onebrief builds collaboration and AI-powered workflow software for military planning and operational coordination. Founded in 2019, valued at over $2 billion, they are a distributed team of builders from military, operational, and technology backgrounds.
Support and scale the Assurance & Compliance function through an engineering-driven, automation-first approach.
Partner with Engineering, Security, Legal, and other teams to support compliance programs and audit readiness.
Help transform compliance into a continuous, measurable capability embedded into operations.
Flock builds technology that reduces crime and protects privacy, partnering with cities, businesses, schools, and neighborhoods. With over $1B in funding and an $8.3B valuation, the company is a high-performance team united by urgency, ownership, and a shared commitment to meaningful impact.
Maintain and improve the Quality Management System (QMS) and support compliance with CMMI, CMMC, and ISO standards.
Support government contract compliance, coordinate audits, and manage documentation for contracts and IDIQ vehicles.
Develop dashboards and reports for compliance, audits, and PMO maturity metrics.
True Zero Technologies is a veteran-owned small business that focuses on enabling people and technology to drive quality outcomes. The company has been recognized as a Best Places to Work honoree and has appeared on the Inc. 5000 list of fastest-growing companies, reflecting its people-first culture and commitment to excellence.
Provide comprehensive project management support for core security programs, driving Code Freshness and Operational Ownership Expectations initiatives.
Lead program meetings, stand-ups, and cross-functional ceremonies, tracking progress and communicating risks to leadership.
Collaborate with PMO teams, create documentation, and solve operational problems using rapid iteration cycles.
Inallmedia.com is a global technology and design firm that builds digital solutions through remote, distributed teams across LATAM. They partner with international clients, providing long-term technical expertise and product innovation, with a focus on collaboration and remote work culture.
Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
Conduct security risk assessments, evaluate controls, and track remediation plans.
Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.
Lead the global cyber security strategy, governance, and operations to protect clients, systems, data, and brand reputation across all regions.
Define and execute the Information Security Management System (ISMS) aligned to ISO 27001, SOC2, and TISAX, while managing enterprise risk and compliance.
Serve as the senior authority on cyber risk, advising the CTO, Board, and customers, and act as executive incident commander for major cyber events.
JD Power is a proven leader in business-critical data and intelligence, powering auto-related decisions with proprietary data, advanced analytics, and deep industry expertise. The company is a global corporation with a diverse workforce and a culture focused on innovation, collaboration, and trust.
Serve as primary IT contact, handling hardware/software support, account management, and remote troubleshooting for a remote-first team.
Assist with compliance evidence collection and control testing for SOC 2, GDPR, and PCI obligations.
Maintain accurate audit-ready records, asset inventory, and documentation while supporting off-hours maintenance and small projects.
Velora unifies Aplos, Raisely, and Keela to help nonprofits thrive with fundraising, donor management, and financial tracking. We serve over 15,000 nonprofits globally and operate as a remote-first team with a mission to make nonprofit work easier and more impactful.
Support the ISO 27001 program by maintaining audit readiness, running evidence collection, and managing access reviews.
Perform recurring security operations including vulnerability scanning, risk assessments, and vendor reviews.
Collaborate cross-functionally to harden identity and access management, respond to security questionnaires, and support AI governance initiatives.
Didomi is a consent management platform that helps companies manage user consent and data privacy. The company is a growing SaaS organization with a collaborative culture, emphasizing automation and efficiency.