Lead end-to-end PCI DSS compliance, including CDE scoping and reduction, control implementation/validation, and audit management.
Lead and support SOC 2 Type II attestation initiatives, including TSC mapping, evidence collection, control testing, and remediation tracking
Own the Third-Party Risk Management (TPRM) program, including vendor tiering, risk assessments, and security reviews
HighLevel is an AI-powered business operating system that gives agencies, entrepreneurs and SMBs the infrastructure to build, automate and scale. With over 2,000 team members across 10+ countries, HighLevel operates as a global, remote-first organization built for speed and ownership.
Support the execution and continuous improvement of Qohash’s security program.
Support risk assessments, track identified risks, and help coordinate remediation efforts.
Maintain security policies, standards, awareness materials, and support internal security training initiatives.
Qohash is building a foundational pillar of Canada’s digital sovereignty, believing security must scale differently. They look for bold, mission-driven individuals with technical depth and strategic clarity who collaborate across disciplines to protect sensitive data.
Monitor, assess, and maintain security controls within cloud environments.
Manage the overall Security Awareness program for Cority.
Provide Security Incident Response support and participate in the development of business cases and presentations on cloud security technologies.
Cority helps customers see and prevent risks across their operations in real time. They are recognized by top analysts and trusted by more than 1,500 of the most complex organizations worldwide.
Develop, maintain, and continuously improve GRC policies, standards, procedures, and control frameworks.
Lead and support SOC 2 Type II, ISO 27001, PCI DSS and other compliance initiatives, including evidence collection, control validation, and remediation tracking.
Partner with Security and Platform teams to ensure controls are technically implemented, not just documented.
HighLevel is an AI powered, all-in-one white-label sales & marketing platform that empowers agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. With over 1,500 team members across 15+ countries, we operate in a global, remote-first environment.
Design and maintain secure architectures across AWS, Azure, and GCP environments.
Collaborate with DevOps and Engineering to integrate security into CI/CD pipelines.
Monitor alerts, investigate incidents, and coordinate responses with the SOC.
Reveleer provides a cloud-based healthcare SaaS platform. They are an equal opportunity employer that values diversity and does not discriminate based on race, religion, or other protected characteristics.
Lead the ongoing maintenance and operation of secure cloud infrastructures, focusing on AWS and cloud-native technologies.
Secure applications built for cloud environments by automating security assessments, monitoring runtime environments, and integrating security practices into the development lifecycle.
Implement robust security controls for cloud workloads and data, including containers, virtual machines, and serverless architectures.
Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services and is recognized as a top workplace, earning more than 20 honors since 2021.
Own end-to-end compliance strategy and operations.
Conduct risk assessments and identify compliance risks.
Build compliance programs from ground up and coordinate compliance audits.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, Sprinto combines scale with expertise to deliver trust and compliance.
Support the design, implementation, and maintenance of secure cloud architectures in accordance with program and security requirements.
Conduct risk and vulnerability assessments and assist with developing mitigation strategies.
Implement and maintain security configurations to ensure the confidentiality, integrity, and availability of systems.
EXPANSIA, along with JHNA and CTSi, forms a Defense Technology platform delivering high-impact technologies to the U.S. Department of Defense and related national security customers. They operate as a multi-entity aerospace and defense technology and tech-enabled services and manufacturing enterprise positioned for scalable growth and operational excellence.
Safeguard assets and global reputation, acting as a strategic partner.
Lead risk mitigation strategies and ensure compliance with global standards.
Develop a world-class GRC program that aligns with strategic goals.
EcoVadis is the leading provider of business sustainability ratings. Our solutions are backed by an international team of experts and powerful technology. They analyze data and build sustainability scorecards that give companies actionable insights into their environmental, social and ethical risks.
Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.
Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.
Design, deploy, and manage security solutions within Cloud environments( Azure experience preferred).
Assist other security engineering and consulting needs as they arise.
Implement cloud security controls and monitor compliance frameworks (Azure Security Center, Azure Policy, etc.).
UChicago Medicine is a world-class academic healthcare system. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual.
Track and drive audit partners through the onboarding and enablement lifecycle; maintain internal trackers and coordinate across teams.
Keep the auditor directory accurate and current; verify accreditation status and update partner profiles.
Assist the SME in mapping audit evidence requirements to platform capabilities; prepare reference data and document findings.
Sprinto is an AI-native GRC platform that helps organizations manage risks, audits, vendor oversight, and continuous monitoring from a single connected platform. With a team of 350+ employees serving 3,000+ customers across 75+ countries, they combine scale with expertise to deliver trust and compliance.
Implement and manage the NIST Risk Management Framework (RMF) to achieve and maintain compliance.
Drive the data privacy program by conducting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
Design and execute a continuous internal audit program to validate the effectiveness of controls.
IonQ delivers solutions to solve the world’s most complex problems with quantum computing. IonQ's newest generation quantum computers, IonQ Tempo and IonQ Forte Enterprise, help customers and partners such as Amazon Web Services, AstraZeneca, and NVIDIA achieve 20x performance results.
Own and drive the company’s security strategy, roadmap, and overall posture
Lead threat modeling, secure code reviews, and architecture reviews
Build and maintain security tooling, automation, and infrastructure as code
Seesaw's mission is to provide every elementary student with joyful and connected learning experiences that lay the foundation for success in life. Trusted and loved by 25 million educators, students, and families worldwide, Seesaw is the only elementary learning experience platform.
Apply compliance frameworks to assess, design, and implement security controls.
Conduct compliance gap assessments and develop remediation plans.
Create and maintain key documentation tailored to client needs.
AHEAD builds platforms for digital business by weaving together advances in cloud infrastructure, automation and analytics, and software delivery. They prioritize creating a culture of belonging where all perspectives and voices are represented, valued, respected, and heard.
Lead Craft’s FedRAMP readiness program — defining the roadmap, owning the ATO timeline, and driving execution across engineering and security stakeholders.
Design and implement AWS GovCloud architecture that meets FedRAMP Moderate and High requirements.
Translate NIST 800-53 Rev. 5 controls into concrete, auditable, and continuously enforced technical implementations — not just documentation.
Craft is the leader in supplier risk intelligence, enabling enterprises to discover, evaluate, and continuously monitor their suppliers at scale. They are a post-Series B high-growth technology company backed by top-tier investors in Silicon Valley and Europe, headquartered in San Francisco with hubs in Seattle and Warsaw.
Secure cloud-based environments by designing and implementing native security solutions using services.
Drive Continuous RMF practices, automating control implementation and reporting through modern methodologies like Continuous Authorization to Operate.
Automate provisioning and configuration of IT environments and implement and manage security measures like firewalls, IDS/IPS, vulnerability scanning, encryption, and ICAM solutions.
Rise8 builds custom, secure software for government organizations, measuring success by impact: lives saved, time returned, and missions advanced. They believe customer experience starts with employee experience, so they take care of their employees and offer competitive pay and benefits, autonomy, growth, and a culture rooted in kindness, candor, and continuous learning.
Collaborates with the CSO Team to support the development, maintenance, and implementation of security standards.
Partner with IT to support the secure implementation of access controls and identity management
Participate in and contribute to initiatives for operating system, Docker images, Kubernetes/GKE and configuration hardening in the public cloud
Bestow is a leading vertical technology platform serving some of the largest and most innovative life insurers. They unify the fragmented, legacy value chain, enabling carriers to launch products in weeks instead of years. Bestow is backed by leading investors and trusted by major carriers.
Contribute to the Infrastructure Security team’s vision and strategic roadmap.
Manage an existing high-performing team of infrastructure security professionals and hire new members as appropriate.
Establish and implement security policies, procedures, standards, and guidelines in support of infrastructure security.
GitLab is the intelligent orchestration platform for DevSecOps. They enable organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. GitLab has more than 50 million registered users and is a high-performance culture is driven by their values and continuous knowledge exchange.