Lead security governance, risk management, and compliance efforts.
Oversee security operations and incident response.
Partner with IT, Clinical Operations, Privacy, and Compliance to ensure regulatory requirements and industry frameworks.
Tuesday Health is a value-based palliative care provider group dedicated to transforming serious illness and end-of-life care. Through their leading-edge care model, Tuesday Health is shaping the future of community-based palliative care nationwide.
Work with private equity and portfolio company clients, consulting on how to apply an information security vision and strategy in alignment with customer business objectives.
Work with customers to assess and address information security risks.
Assist in managing customer security programs including the achievement and/or maintenance of key compliance initiatives such as SOC, ISO27001, NIST, PCI, and SOX.
Crosslake supports changemakers and helps them buy, build, and run better technology. They believe in a programmatic, proactive approach to actively manage technology throughout the investment lifecycle.
Own and operate compliance programs such as SOC 2, ISO 27001, ISO27701, HIPAA, and TISAX.
Lead and manage internal, external, and customer audits end-to-end.
Track, remediate, and validate 100% of audit findings within agreed SLAs.
Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes. More than 500,000 organizations rely on Airtable to transform how work gets done and they strive to create a workplace where everyone has an equal opportunity to thrive.
Assist in the preparation and execution of third-party audits and assessments.
Support the development and maintenance of Eltropy’s GRC program.
Conduct and manage vendor security assessments, maintain risk tracking, and ensure third-party compliance.
Eltropy is a FinTech company aiming to transform financial service access. They provide an AI-enabled digital conversations platform for community financial institutions to enhance operations, engagement, and productivity.
Own and lead enterprise-level compliance programs.
Define and mature ISO 27001 and ISO 42001 control environments and SOX 404 ITGCs.
Act as a subject matter expert and internal consultant for various teams.
Spring Health aims to eliminate mental health barriers with its clinically validated technology, Precision Mental Healthcare. They partner with over 450 companies, providing care for 10 million people and are valued at $3.3 billion.
Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices.
Interface with internal partner teams to help drive best practices and compliance.
Evaluate and perform Risk Assessments of new software solutions with internal partners.
Judi Health is an enterprise health technology company providing a comprehensive suite of solutions for employers and health plans. They consolidate all claim administration-related workflows in one scalable, secure platform and are working with clients, rebuilding trust in healthcare in the U.S.
Develops and refines performance methodologies that support the cybersecurity requirements.
Oversee independent assessments and review Security Impact Analyses (SIA).
Incorporate compliance data into the Governance, Risk, and Compliance Tool (GRCT).
SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. It is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development.
Assess and improve client security and IT controls.
Develop policies, processes, and risk assessments aligned to top frameworks like NIST, ISO 27001, and SOC 2.
Translate technical and regulatory requirements into clear, actionable steps for our clients.
Hotman Group is a rapidly growing boutique firm redefining cybersecurity and GRC. They help business leaders earn and keep customer trust through expert guidance and a commitment to quality, fostering a collaborative environment where every voice matters.
Lead SOC 2 and ISO programs through the full audit lifecycle.
Build integrations that continuously gather compliance evidence from AWS, GitHub, identity providers, and internal systems.
Evaluate and monitor third-party vendors for security and compliance risk.
Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. The company is based in San Francisco, CA, and built as a remote-first company with a team that is inclusive, driven, humble and supportive.
Lead current ISO 27001, SOC 2, and PCI compliance initiatives.
Spearhead initiatives to identify and improve security risks.
Conduct Risk Assessments within customer systems.
Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across various domains. They seek long-term relationships with their employees and offer a competitive compensation package, including health, medical, life insurance benefits, and a defined contribution pension plan with company matching.
Manage certification frameworks, including CMMC, NIST, and SOC 2.
Develop, track, and maintain security and compliance policy documents.
Analyze and review system configurations for security vulnerabilities.
Rubris Inc. provides transformational legal technology and solutions for complex business and legal processes in the mass tort industry. They streamline and automate processes to improve efficiency while delivering unprecedented insights and analytics.
Serve as the primary vCISO and subject matter expert for multiple clients.
Lead data-centric cybersecurity programs aligned to business risk.
Manage, mentor, and develop vCISO team members.
Coretelligent partners with growing, highly regulated organizations that need secure, dependable IT environments built to scale. They deliver managed IT, cybersecurity, cloud, and strategy, through a model designed for consistency, transparency, and trust. They are building a team of professionals who care deeply about quality, ownership, and continuous improvement.
Lead audit readiness and execution for SOC 2, ISO 27001, PCI DSS, and other compliance frameworks relevant to our customer base
Manage the compliance lifecycle in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous monitoring
Coordinate cross-functional audit activities with engineering, product, security, infrastructure, and support teams to gather evidence and remediate findings
Supabase is a born-remote and open-source-first company that provides tools developers love. They have 180+ team members across 40+ countries, and deeply believe in the open-source ecosystem and strive to support existing tools and communities.
Play a critical role in strengthening Alpaca’s security, compliance, and AI risk posture across the organization.
Support the identification, assessment, and documentation of cybersecurity and AI-related risks.
Contribute to the design and execution of our risk management framework across traditional cyber domains.
Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more. They serve hundreds of financial institutions across 40 countries with institutional-grade APIs and have over 230+ globally distributed members.
Design, implement, and operate the information security program for our growing healthcare organization operating under the PACE model.
Configure and monitor tools, logs, and alerts, analyze activity, and investigate potential security incidents.
Draft, maintain, and enforce security policies, standards, and procedures aligned to HIPAA, NIST, and partner requirement.
Habitat Health envisions a world where older adults experience an independent and joyful aging journey in the comfort of their homes, enabled by access to comprehensive health care. They provide personalized, coordinated clinical and social care as well as health plan coverage through the Program of All-Inclusive Care for the Elderly (“PACE”) in collaboration with their leading healthcare partners, including Kaiser Permanente.
Lead the end-to-end Certification & Authorization (C&A) process for information systems.
Maintain and update System Security Plans (SSPs), POA&Ms, and other FedRAMP/GovRAMP/NIST documentation artifacts.
Oversee control gap analysis and drive remediation efforts across technical and administrative domains.
EBSCO Information Services (EBSCO) delivers a fully optimized research experience, seamlessly integrated with a powerful discovery platform to support the information needs of our end-users. Headquartered in Ipswich, MA, EBSCO employs more than 2,700 people worldwide, with most embracing hybrid or remote work models.
Support the development, implementation, and maintenance of IT compliance policies, standards, procedures, and controls.
Coordinate and support internal and external audits, including preparation of documentation, evidence collection, and remediation tracking.
Perform periodic compliance assessments, gap analyses, and risk assessments against applicable frameworks and standards.
Xcelerate Solutions, founded in 2009 and located in McLean, VA, is a fast-growing company. The company is defined by a diversified workforce of dynamic and versatile professionals, with growth and development opportunities that contribute to individual and firm growth.
Lead end-to-end audits: Scope, plan, and execute risk based IT audits; develop work programs.
Operate in rapidly evolving technology domains: Perform audits in rapidly evolving areas including cybersecurity and cloud architecture.
Drive remediation & improvement: Quantify risks, identify root causes, and recommend realistic improvements to processes and controls.
CDK Global is a leading provider of cloud-based software to dealerships and Original Equipment Manufacturers (“OEMs”) across automotive and related industries. Their cloud-based, software as a service (“SaaS”) platform enables dealerships to manage their end-to-end business operations. They are committed to creating an inclusive workforce where everyone is valued and considered an Equal Opportunity Employer.
Lead end-to-end audit execution across SOC 2, ISO 27001, ISO 42001, ISO 27701, HIPAA, and GDPR and maintain year-round audit readiness.
Build and mature Atlan's risk management program and turn abstract risk conversations into measurable metrics with clear ownership and quarterly leadership reviews.
Integrate our GRC platform with cloud infrastructure, CI/CD pipelines, HR systems, and product engineering tooling to automate evidence collection and continuous control testing.
Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm and finally move AI pilots into production. We are backed by world-class investors including GIC, Insight Partners, Meritech, Peak XV, and Salesforce Ventures and trusted by global enterprises like Mastercard, Workday, General Motors, Unilever and others.
You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise.
Operating independently, you’ll build the structure and standards needed as we scale.
Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.
Newton is changing how Canadians trade crypto, with the goal to make financial freedom something everyone can achieve by giving customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada.