Serve as a member of Sword's GRC team, contributing to security compliance across all products and services.
Define and maintain the CMMC assessment boundary, working across infrastructure, engineering, and business teams to ensure the scope is accurate and defensible.
Translate identified gaps into prioritized remediation tasks with clear ownership, for audiences ranging from DevOps engineers to clinical operations managers.
Maintain and improve information security policies, standards, and procedures.
Support SOC 2, ISO 27001, and HITRUST readiness, audit preparation, and evidence collection.
Support vendor security reviews, third-party risk assessments, and remediation tracking.
Benepass is making benefits easy through its customizable fintech platform. They enable People teams to implement, administer, and track benefits that meet employees where they are. The company has raised approximately $75 million in equity capital and is backed by leading investors.
Lead IT system security consultation within CMMC, NIST, and other regulatory frameworks.
Develop System Security Plans and supporting documentation for clients.
Manage project tasks and priorities to meet delivery targets.
Jobgether is a platform that helps connect candidates with companies. They use an AI-powered matching process to ensure applications are reviewed quickly, objectively, and fairly.
Drive compliance efforts to unlock business capabilities
Secure Owner by helping teams successfully prevent and remediate vulnerabilities
Help teams build better and more secure systems by avoiding pitfalls of risk.
Owner is an AI-native system local business owners use to succeed, starting with restaurants. It's building the system that replaces the many tools owners use to run their business and powers everything from the restaurant’s website, online ordering, CRM, POS, and more. The team is in the low hundreds.
Partner with Security Engineering, Risk, Product, and Infrastructure teams to bake security and compliance into the process.
Dive deep into the security stack to identify execution blockers and actively architect the technical solutions to implement them.
Define the technical milestones for high-stakes initiatives like Zero Trust and IAM overhauls, translating a broad vision into a precise execution roadmap.
Human Interest aims to provide all workers access to retirement benefits. They are a high-growth fintech company that is financially backed by investors such as BlackRock, TPG, and SoftBank.
You'll partner directly with the Senior Manager of GRC to lead our commercial audit programs, from evidence collection and control testing to deep technical walkthroughs with external auditors and internal SMEs.
You'll own the question of what "good evidence" looks like across SOC 2 Type II, ISO 27001/27017/27018, and ISO 27701, and you'll know where to find it in the systems that generate it.
Help build the AI-assisted workflows and automation that make our audit programs more efficient and our compliance posture more continuous.
1Password is building the foundation for a safe, productive digital future. They ensure every identity is authentic, every application sign-in is secure, and every device is trusted. Over 180,000 businesses trust 1Password. We prioritize collaboration, clear and transparent communication, receptiveness to feedback.
Design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations.
Operationalizing and expanding our GRC platform (Drata), building AI-assisted workflows that automate evidence collection, control monitoring, and vendor risk.
Manage project delivery across multiple GRC automation initiatives simultaneously — maintaining clear scope, milestones, and stakeholder visibility without sacrificing quality.
1Password is building the foundation for a safe, productive digital future. They innovated the market-leading enterprise password manager and pioneered Unified Access Management, a new cybersecurity category built for the way people and AI agents work today. 1Password has surpassed $400M in ARR and has over 180,000 businesses using their product.
Lead and maintain the IT Compliance Program, ensuring alignment with industry best practices and regulatory requirements.
Stay abreast of relevant laws, regulations, and industry standards (e.g. GDPR, ISO 27001, NIS2, SOC 2,...).
Serve as a main point of contact for senior management and stakeholders on regulatory and IT compliance matters.
EcoVadis is the leading provider of business sustainability ratings, offering solutions backed by experts and technology. They analyze data to provide companies with insights into their environmental, social, and ethical risks, fostering a culture of global sustainability change.
Manage and expand Valon's security and privacy compliance program across key frameworks and regulations.
Build and scale modern Security GRC capabilities that leverage AI-enabled tools and processes, reducing manual overhead while optimizing risk and compliance operations.
Maintain and evolve Valon's risk management practices; facilitate risk assessments across teams and track remediation of identified issues to closure.
Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing. We're a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate.
Build the function by creating delivery operating model and reusable IP.
Deliver and scale service lines, including framework digitization and packaged services.
Own commercial outcomes by defining service packaging and pricing models.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, they combine scale with expertise to deliver trust and compliance.
Lead cyber risk assessments and control reviews to identify gaps.
Act as a bridge between GRC and technical teams.
Own and maintain the Internal Control Framework.
Inetum is a global leader in IT services, dedicated to delivering innovative solutions to our clients. They are committed to fostering a dynamic and inclusive work environment that values diversity, where creativity and collaboration can thrive. Present in 19 countries with more than 28,000 employees worldwide.
Own the governance framework for Life360's agentic systems and define the policies and control sets that govern how agents are built and deployed.
Take an agentic approach to GRC itself by automating evidence collection, drafting control narratives and triaging vendor questionnaires using AI and internal tooling.
Build the policy program as code with policies in Git and requirements expressed as enforceable rules and automated checks.
Life360's mission is to keep people close to the ones they love. They have a category-leading mobile app and other tracking devices to empower members to protect people, pets and things. Life360 has more than 500 remote-first employees and is growing.
Act as the primary point of contact for external auditors and lead the end-to-end execution of PCI DSS audits.
Orchestrate and lead the quarterly and semi-annual user access review process across all critical systems.
Execute and maintain a comprehensive, year-round Security Awareness Training program.
Subsplash builds The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. They are an award-winning team of 280+ mission-driven people who are committed to humility, innovation, and excellence.
Diagnose, prioritize, and drive security program maturity.
Translate security requirements into engineering practice.
Own the compliance surface without losing sight of real risk.
Aledade helps independent primary care practices survive and thrive, aiming to bend the healthcare cost curve. They are the largest network of independent primary care in the country.