Source Job

Lead and support customer security audits and respond to security questionnaires. Prepare, coordinate, and manage ISO 27001 audits. Ensure ongoing compliance with HIPAA, NIST CSF, and other regulatory requirements.

OneStudyTeam specializes in speeding up clinical trials and increasing the chance of new therapies being approved with the ultimate goal of improving patient outcomes.

• Drive the implementation of technical controls and evidence gathering in collaboration with engineering for compliance standards.
• Manage the daily operational reality of audits, customer questionnaires, and internal IT/Security support requests.
• Rapidly prototype and ship internal tools, custom Vanta integrations, and scripts using AI-assisted development to close automation gaps.

Sayari is a risk intelligence provider equipping public and private sectors with visibility into complex commercial relationships. They deliver corporate and trade data from over 250 jurisdictions and are headquartered in Washington, D.C. They were also featured as one of Inc.’s “Best Workplaces” for 2025.

As an Information Security Officer at Form3, you'll play a pivotal role in strengthening and evolving our information security governance, risk, and compliance practices. Work closely with teams across the organization to embed security into business and technology decisions. Combine strategic oversight with practical execution, ensuring our controls, frameworks, and awareness initiatives remain industry leading as we scale globally.

Form3 is a company that offers a cloud-native, environment while helping define how security scales with the business.

• Use security and compliance tools (GRC tools) to help the company stay audit-ready
• Manage IT assets and access permissions for team members and internal systems
• Support daily security operations related to ISO 27001 / SOC 2

Hopae is building the world’s most trusted digital identity platform — private, secure, and built for real life. Backed by top global investors, Hopae operates across Seoul, Paris, and San Francisco, bringing together exceptional talent from over 10 nationalities.

As a Compliance and Risk Specialist, you will support the Compliance and Risk team by leading compliance initiatives. You will conduct risk assessments and remediation activities. You will contribute to the development of security strategies for systems deployed globally.

Canadian Bank Note Company (CBN) is a trusted leader in secure technology solutions for governments and businesses worldwide.

The Sr. Manager, Governance Risk and Compliance (GRC) is responsible for overseeing Included Health's regulatory compliance, risk management, and governance programs. Ensuring compliance with healthcare regulations (HIPAA, HITECH, SOC 2), and building a robust GRC framework to protect PHI. This role plays a crucial role within the Governance, Risk & Compliance team, reporting directly to the Chief Information Security Officer.

Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation, aiming to raise the standard of healthcare for everyone.

• Serve as a trusted Domain Expert/SME for client projects.
• Provide high-level strategic guidance.
• Share institutional knowledge and validate high-stakes GRC strategies.

REDE Consulting is a dynamic technology firm specializing in GRC (Governance, Risk, and Compliance) solutions across the finance and insurance sectors.

• Own Swiftly's security risk register and threat models; identify, prioritize, and drive remediation of risks across application and infrastructure.
• Design secure architectures for our SaaS platform, mobile applications, and IOT/Hardware Integration, focusing on authentication, authorization, data protection, and network boundaries.
• Define and maintain security KPIs and dashboards for executive and board reporting.

Swiftly is on a mission to help cities move more efficiently and is the leading transit data platform for agencies to share real-time passenger information.

• Design and implement scalable infrastructure supporting HIPAA, SOC 2, and ISO 27001 compliance.
• Create self-service security tools integrating with developer workflows (GitLab CI/CD, Terraform).
• Lead threat modeling and security architecture reviews for new products and services.

Maven is the world's largest virtual clinic for women and families on a mission to make healthcare work for all of us.

• Conduct third party security and privacy reviews to reduce third party risks.
• Identify business risks and recommend risk treatment options.
• Collaborate with internal teams to improve third party due diligence processes.

Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes.

The Senior Director, Product Security will define and lead the product security strategy for the medical device portfolio. Key responsibilities include developing and executing a comprehensive product security strategy aligned with business and regulatory objectives. This role requires overseeing end-to-end product security management, ensuring compliance with regulations and standards.

iRhythm is a leading digital healthcare company that creates trusted solutions that detect, predict, and prevent disease.

Lead day-to-day activities for SOC 2 and other IT compliance engagements. Guide staff, engage with clients, and play a key role in the delivery of high-quality audits and readiness assessments. Identify control gaps and provide recommendations for remediation.

Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance.

Perform security audits based on published standards such as PCI, HIPAA, and NIST. Identify security weaknesses and gaps in compliance. Develop mitigation strategies for keeping our clients safe.

Strata Information Group (SIG) Solves Problems and has been a trusted partner to over 1,000 higher education institutions globally since their inception in 1988.

Responsible for operating, supporting, and developing the ISO Practice with a high level of quality, productivity, and satisfaction for both clients and employees. Oversees the delivery of ISO certification services, ensures compliance with accreditation requirements. Leads the development of the audit team to drive efficiency, profitability, and growth within the practice.

Insight Assurance is a global audit firm on a mission to transform how organizations achieve cybersecurity and compliance.

• Responsible for primary government contract compliance in Canada.
• Serve as ServiceNow Canadian Company Security Officer (CSO).
• Provide counsel, training, and enablement to the public sector sales.

ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®.

Maintain and improve documentation for ISO 9001 and ISO/IEC 27001. Support internal audits, track findings, and monitor corrective and preventive actions. Collaborate with cross-functional teams to enhance quality, security, and operational excellence.

Miratech is a global IT services and consulting company that brings together enterprise and start-up innovation to support digital transformation.

ServiceNow’s Office of the CISO team helps enhance security and communicate ServiceNow’s security features. The team works closely with other ServiceNow security departments and the sales, legal, IT and product teams on security-related topics. You will be a member of the EMEA team of the Office of the CISO, focusing on Italian-speaking countries. You will expertly navigate questionnaires, meticulously review contracts, and address customer inquiries.

ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®.

• Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization.
• Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management.
• Maintain an application security risk management framework, identifying, analyzing, and treating risks.

TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. The TrueML team includes inspired data scientists, financial services industry experts, and customer experience fanatics who are building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavors to ensure nobody gets locked out of the financial system.

• Manage day-to-day IT needs, including device setup, troubleshooting, and software provisioning.
• Lead and coordinate all aspects of our SOC 2 readiness and audit process.
• Own identity and access management (IAM) across all systems and tools.

Found is building tools that give self-employed people the security and peace of mind that has historically only been possible at big corporations.

As a Sr. Security Developer, you will collaborate with security and engineering leadership to architect a scalable and resilient vision for secure cloud environments. You will develop and implement programs to ensure the company’s systems are compliant with regulatory requirements and privacy laws. Act as a technical subject matter expert for cloud security requirements and initiatives.

Wealthsimple is on a mission to help everyone achieve financial freedom by reimagining what it means to manage your money.