Source Job

• Lead SOC 2 and ISO programs through the full audit lifecycle.
• Build integrations that continuously gather compliance evidence from AWS, GitHub, identity providers, and internal systems.
• Evaluate and monitor third-party vendors for security and compliance risk.

Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. The company is based in San Francisco, CA, and built as a remote-first company with a team that is inclusive, driven, humble and supportive.

• Own and operate compliance programs such as SOC 2, ISO 27001, ISO27701, HIPAA, and TISAX.
• Lead and manage internal, external, and customer audits end-to-end.
• Track, remediate, and validate 100% of audit findings within agreed SLAs.

Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes. More than 500,000 organizations rely on Airtable to transform how work gets done and they strive to create a workplace where everyone has an equal opportunity to thrive.

• Embed privacy-by-design principles into Docker products, services, and internal platforms.
• Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines.
• Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness.

Docker makes app development easier so developers can focus on what matters. Their remote-first team spans the globe and they are passionate about innovation and great developer experiences. With over 20 million monthly users and 20 billion image pulls, Docker is a trusted tool for building, sharing, and running apps.

• Scale, automate, and optimize existing GRC, compliance, and customer assurance programs.
• Optimize and automate an existing third-party risk program by improving risk signal quality.
• Evaluate, implement and maintain GRC tooling with a focus on AI-powered automation to minimize operational overhead.

Monarch is a personal finance platform designed to simplify finances. They are a fully remote team of do-ers led by experienced entrepreneurs passionate about helping members reach their financial goals, hyper-focused on building a product people love and evolving based on user feedback.

• Lead audit readiness and execution for SOC 2, ISO 27001, PCI DSS, and other compliance frameworks relevant to our customer base
• Manage the compliance lifecycle in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous monitoring
• Coordinate cross-functional audit activities with engineering, product, security, infrastructure, and support teams to gather evidence and remediate findings

Supabase is a born-remote and open-source-first company that provides tools developers love. They have 180+ team members across 40+ countries, and deeply believe in the open-source ecosystem and strive to support existing tools and communities.

• Lead current ISO 27001, SOC 2, and PCI compliance initiatives.
• Spearhead initiatives to identify and improve security risks.
• Conduct Risk Assessments within customer systems.

Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across various domains. They seek long-term relationships with their employees and offer a competitive compensation package, including health, medical, life insurance benefits, and a defined contribution pension plan with company matching.

• Own and maintain the compliance platform (Drata), including control mapping, evidence collection, continuous monitoring, and audit workflows
• Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks
• Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion

Payabli is a next-generation Payments Infrastructure and Monetization Platform purpose-built for vertical software companies. They empower software companies to manage and move money through a single infrastructure stack that delivers total control over the payments experience, scaling with PCI DSS 4.0 and SOC 2-compliant security.

• Assist in the preparation and execution of third-party audits and assessments.
• Support the development and maintenance of Eltropy’s GRC program.
• Conduct and manage vendor security assessments, maintain risk tracking, and ensure third-party compliance.

Eltropy is a FinTech company aiming to transform financial service access. They provide an AI-enabled digital conversations platform for community financial institutions to enhance operations, engagement, and productivity.

• Own and lead enterprise-level compliance programs.
• Define and mature ISO 27001 and ISO 42001 control environments and SOX 404 ITGCs.
• Act as a subject matter expert and internal consultant for various teams.

Spring Health aims to eliminate mental health barriers with its clinically validated technology, Precision Mental Healthcare. They partner with over 450 companies, providing care for 10 million people and are valued at $3.3 billion.

• You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise.
• Operating independently, you’ll build the structure and standards needed as we scale.
• Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.

Newton is changing how Canadians trade crypto, with the goal to make financial freedom something everyone can achieve by giving customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada.

• Own and evolve the GRC program in partnership with Legal and our CCO.
• Develop, maintain, and enforce clear, practical security policies across all departments.
• Develop and execute a comprehensive information security roadmap aligned with business objectives.

Allocate is a fintech company handling sensitive investor data and financial transactions. They are a rapidly growing organization that values client service, relentless problem-solving, and continuous improvement.

• Oversee third-party and internal risk assessments to support enterprise information security and governance, risk, and compliance (GRC) initiatives.
• Manage vendor due diligence, maintains an accurate risk register, partners with internal stakeholders on mitigation strategies.
• Drive continuous improvement of the risk and compliance framework.

Concorde Career Colleges is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee based on race, color, religion, religious creed, national origin, ancestry, sex, age, veteran or military status, or any other legally protected characteristic. Concorde Career Colleges offer short career-focused programs preparing students for the healthcare industry.

• Support the development, implementation, and maintenance of IT compliance policies, standards, procedures, and controls.
• Coordinate and support internal and external audits, including preparation of documentation, evidence collection, and remediation tracking.
• Perform periodic compliance assessments, gap analyses, and risk assessments against applicable frameworks and standards.

Xcelerate Solutions, founded in 2009 and located in McLean, VA, is a fast-growing company. The company is defined by a diversified workforce of dynamic and versatile professionals, with growth and development opportunities that contribute to individual and firm growth.

• Assess and improve client security and IT controls.
• Develop policies, processes, and risk assessments aligned to top frameworks like NIST, ISO 27001, and SOC 2.
• Translate technical and regulatory requirements into clear, actionable steps for our clients.

Hotman Group is a rapidly growing boutique firm redefining cybersecurity and GRC. They help business leaders earn and keep customer trust through expert guidance and a commitment to quality, fostering a collaborative environment where every voice matters.

• Lead end-to-end audits: Scope, plan, and execute risk based IT audits; develop work programs.
• Operate in rapidly evolving technology domains: Perform audits in rapidly evolving areas including cybersecurity and cloud architecture.
• Drive remediation & improvement: Quantify risks, identify root causes, and recommend realistic improvements to processes and controls.

CDK Global is a leading provider of cloud-based software to dealerships and Original Equipment Manufacturers (“OEMs”) across automotive and related industries. Their cloud-based, software as a service (“SaaS”) platform enables dealerships to manage their end-to-end business operations. They are committed to creating an inclusive workforce where everyone is valued and considered an Equal Opportunity Employer.

• Lead and mature Material Bank’s enterprise information security program.
• Own the security risk management framework, including risk identification, scoring, tracking, and executive reporting.
• Own detection, incident response, and resilience strategy.

Material Bank operates the world’s largest material marketplace for the architecture and design industry, connecting designers with materials from leading brands. They operate in 37 countries and their platform is the standard for design professionals around the globe.

• Serve as the primary vCISO and subject matter expert for multiple clients.
• Lead data-centric cybersecurity programs aligned to business risk.
• Manage, mentor, and develop vCISO team members.

Coretelligent partners with growing, highly regulated organizations that need secure, dependable IT environments built to scale. They deliver managed IT, cybersecurity, cloud, and strategy, through a model designed for consistency, transparency, and trust. They are building a team of professionals who care deeply about quality, ownership, and continuous improvement.

• Own, manage and be accountable for supporting our revenue team both on net new deals as well as renewals and RFIs when it comes to customer security reviews.

Flock Safety is a safety technology platform that helps communities thrive by taking a proactive approach to crime prevention and security. They're a high-performance, low-ego team driven by urgency, collaboration, and bold thinking.

• Conduct day-to-day risk ticket analysis and lead in-depth assessments of product launches and infrastructure changes.
• Further operationalize and mature the One Twilio Risk Management framework leveraging risk management frameworks.
• Build and optimize automated workflows that bridge the gap between compliance requirements and engineering productivity.

Twilio is shaping the future of communications, delivering innovative solutions to hundreds of thousands of businesses and empowering millions of developers worldwide. They have a strong culture of connection and global inclusion and are dedicated to remote-first work.

• Manage SOC 2 Type II audits, serving as the primary point of contact for auditors and collaborators.
• Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management.
• Conduct structured gap analyses against applicable frameworks to identify control deficiencies and develop prioritized remediation roadmaps.

Rad AI is transforming healthcare with AI-driven solutions, revolutionizing radiology to save time, reduce burnout, and improve patient care. They have secured over $140M in funding and recognized as a fast-growing company, fostering transparency, inclusion, and close collaboration.