Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.
Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.
Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks.
Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking.
Partner with Security and Platform teams to ensure controls are technically implemented, not just documented.
HighLevel is an AI powered, all-in-one white-label sales & marketing platform that empowers agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. With over 1,500 team members across 15+ countries, we operate in a global, remote-first environment.
Define and evolve security governance and risk management strategy, aligning function-level priorities with enterprise objectives and the security roadmap.
Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.
Manage and hold accountable a third-party GRC services vendor, ensuring delivery quality, prioritization, and alignment to Clover’s risk appetite.
Clover Health is reinventing health insurance by combining data with human empathy to keep members healthier. They've created custom software and analytics to empower their clinical staff to intervene and provide personalized care. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.
Own and maintain security and compliance documentation, including policies and procedures.
Support commercial teams in complex information security and compliance negotiations.
Manage ISO 27001 compliance, certification maintenance, and audit preparations.
Gearset handles Salesforce DevOps for some of the world's largest companies. The company operates with a modern approach to security and compliance in a growing, ambitious environment.
Safeguard assets and global reputation, acting as a strategic partner.
Lead risk mitigation strategies and ensure compliance with global standards.
Develop a world-class GRC program that aligns with strategic goals.
EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. They analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.
Apply compliance frameworks to assess, design, and implement security controls.
Conduct compliance gap assessments and develop remediation plans.
Create and maintain key documentation tailored to client needs.
AHEAD builds platforms for digital business by weaving together advances in cloud infrastructure, automation and analytics, and software delivery. They prioritize creating a culture of belonging where all perspectives and voices are represented, valued, respected, and heard.
Conduct ongoing risk reviews and maintain an up-to-date risk register.
Support risk assessments across critical business processes and systems.
Partner with stakeholders to develop and track risk mitigation plans through resolution.
Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.
Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management.
Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking
Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews
HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership.
Define and evolve a multi-year enterprise security roadmap aligned to business objectives and risk appetite across all business units.
Lead the unification of security programs, toolsets, and policies inherited from Transact and CBORD into a single enterprise-class operation.
Own and maintain compliance programs including SOC 2, PCI DSS, HITRUST, TX-RAMP, GovRAMP, FERPA, and HIPAA, securing SaaS platforms and cloud environments.
Illumia provides secure, intelligent technology solutions to streamline operations for education, healthcare, and corporate enterprises. As a portfolio company of Roper Technologies with over 1,750 client institutions, we foster an inclusive culture built on values of Authenticity, Responsibility, Passion, and Excellence, empowering diverse teams to deliver their best work.
Owns and manages the organization’s enterprise certification frameworks.
Develop and maintain policies and procedures supporting certification frameworks.
Support proposal teams by validating and documenting certification compliance.
Lynker Corporation is a leading provider of innovative solutions in weather and climate science. They leverage cutting-edge technologies and scientific expertise to support improved operational weather forecasts. Lynker is a growing, employee-owned business specializing in professional, scientific, and technical services with a team-oriented work environment.
Track and drive audit partners through the onboarding and enablement lifecycle; maintain internal trackers and coordinate across teams.
Keep the auditor directory accurate and current; verify accreditation status and update partner profiles.
Assist the SME in mapping audit evidence requirements to platform capabilities; prepare reference data and document findings.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, they combine scale with expertise to deliver trust and compliance.
Own security posture, compliance programs, and audit readiness.
Lead all IT functions supporting corporate and program needs.
Provide guidance and escalation support for IT hardware/software issues as needed.
Red Cell Partners is an incubation firm building and investing in rapidly scalable technology-led companies. They bring revolutionary advancements to market in healthcare, cyber, and national security and are united by a shared sense of duty.
Accelerate Onebrief’s execution of GRC programs supporting NIST RMF, FedRAMP High, CMMC, and SOC2 authorizations
Develop and manage integrated project plans for control implementation, remediation, and continuous monitoring
Coordinate cross-functional teams (Infrastructure, Engineering, Product) to ensure timely delivery of compliance requirements
Onebrief provides collaboration and AI-powered workflow software designed specifically for military staffs, aiming to make them faster, smarter, and more efficient. Valued at $2.15B, the company has raised $320m+ from top-tier investors and operates as an all-remote company.
Responsible for managing and growing a comprehensive third-party risk management program across the organization.
Ensuring that Privia Health's information assets are safeguarded against cyber threats originating from third and fourth parties.
Leading the Third Party Access Committee (TPAC), driving compliance with regulations and implementing industry best practices for vendor risk management.
Privia Health is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care. The Privia Platform is led by top industry talent and exceptional physician leadership.
Lead the ongoing maintenance and operation of secure cloud infrastructures, focusing on AWS and cloud-native technologies.
Secure applications built for cloud environments by automating security assessments, monitoring runtime environments, and integrating security practices into the development lifecycle.
Implement robust security controls for cloud workloads and data, including containers, virtual machines, and serverless architectures.
Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services and is recognized as a top workplace, earning more than 20 honors since 2021.
Own CMMC 2.0 and SOC 2 end-to-end, including control design and implementation.
Lead all IT functions supporting corporate and program needs, owning IT architecture and tooling decisions.
Provide guidance and escalation support for IT hardware/software issues; mentor IT Support Specialist & Cloud Infrastructure Engineer.
DEFCON AI leverages artificial intelligence, mathematical optimization, data analytics, and software engineering for resilient optimization of complex systems. They align outcomes with operational goals, better decision making, and empower customers to anticipate, assess, and mitigate the impacts of disruptions.
Leverage industry and technical expertise to assist in identifying risks and controls for clients' businesses.
Manage client engagements, including planning, delivery, staffing, relationships, quality, and staff development.
Perform a variety of assurance services, including SOC 1, SOC 2, SOC 3, HIPAA, and HITRUST, and coordinate with other frameworks like ISO 27001.
Aprio is a Top 20 CPA and advisory firm serving fast-growing industries with expertise, deep understanding, and strategic foresight. The firm operates from 40 U.S. offices and more than 60 international locations, employing over 3,200 team members who speak more than 60 languages in a future-focused, innovative culture.
Support the execution and continuous improvement of Qohash’s security program.
Support risk assessments, track identified risks, and help coordinate remediation efforts.
Maintain security policies, standards, awareness materials, and support internal security training initiatives.
Qohash is building a foundational pillar of Canada’s digital sovereignty, believing security must scale differently. They look for bold, mission-driven individuals with technical depth and strategic clarity who collaborate across disciplines to protect sensitive data.
Own and operate the end-to-end enterprise cybersecurity program, including strategy, architecture, operations, governance, and compliance.
Establish a multi-year security roadmap aligned with business priorities, technology evolution, and regulatory requirements.
Define and execute a strategy for AI-assisted cybersecurity operations, leveraging machine learning, automation, and advanced analytics to enhance detection and response capabilities.
Natera is a global leader in cell-free DNA (cfDNA) testing, dedicated to oncology, women’s health, and organ health. They aim to make personalized genetic testing and diagnostics part of the standard of care. Their team consists of highly dedicated statisticians, geneticists, doctors, laboratory scientists, business professionals, software engineers and many other professionals from world-class institutions, who care deeply for their work and each other.
Own end-to-end compliance strategy and operations.
Conduct risk assessments and identify compliance risks.
Build compliance programs from ground up and coordinate compliance audits.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.