Source Job

• Own and operate compliance programs such as SOC 2, ISO 27001, ISO27701, HIPAA, and TISAX.
• Lead and manage internal, external, and customer audits end-to-end.
• Track, remediate, and validate 100% of audit findings within agreed SLAs.

Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes. More than 500,000 organizations rely on Airtable to transform how work gets done and they strive to create a workplace where everyone has an equal opportunity to thrive.

• Lead SOC 2 and ISO programs through the full audit lifecycle.
• Build integrations that continuously gather compliance evidence from AWS, GitHub, identity providers, and internal systems.
• Evaluate and monitor third-party vendors for security and compliance risk.

Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. The company is based in San Francisco, CA, and built as a remote-first company with a team that is inclusive, driven, humble and supportive.

• Lead SOC 1 & SOC 2 (Type I/II) control scoping, testing, and reporting.
• Act as primary client contact, translating technical control requirements into clear, actionable guidance.
• Mentor and supervise junior auditors for alignment with standards.

Jobgether uses an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Their system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company.

• Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles.
• Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation.
• Facilitate risk assessments for systems, vendors, products, and business initiatives.

Astra is building mission-critical infrastructure for moving money at scale. Their platform processes billions in annual transaction volume with 99.9%+ uptime, powering real-time transfers, bank debits, card disbursements, and complex financial compliance systems.

• Own and maintain the compliance platform (Drata), including control mapping, evidence collection, continuous monitoring, and audit workflows
• Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks
• Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion

Payabli is a next-generation Payments Infrastructure and Monetization Platform purpose-built for vertical software companies. They empower software companies to manage and move money through a single infrastructure stack that delivers total control over the payments experience, scaling with PCI DSS 4.0 and SOC 2-compliant security.

• Own and lead enterprise-level compliance programs.
• Define and mature ISO 27001 and ISO 42001 control environments and SOX 404 ITGCs.
• Act as a subject matter expert and internal consultant for various teams.

Spring Health aims to eliminate mental health barriers with its clinically validated technology, Precision Mental Healthcare. They partner with over 450 companies, providing care for 10 million people and are valued at $3.3 billion.

• Assist in the preparation and execution of third-party audits and assessments.
• Support the development and maintenance of Eltropy’s GRC program.
• Conduct and manage vendor security assessments, maintain risk tracking, and ensure third-party compliance.

Eltropy is a FinTech company aiming to transform financial service access. They provide an AI-enabled digital conversations platform for community financial institutions to enhance operations, engagement, and productivity.

• Support the development, implementation, and maintenance of IT compliance policies, standards, procedures, and controls.
• Coordinate and support internal and external audits, including preparation of documentation, evidence collection, and remediation tracking.
• Perform periodic compliance assessments, gap analyses, and risk assessments against applicable frameworks and standards.

Xcelerate Solutions, founded in 2009 and located in McLean, VA, is a fast-growing company. The company is defined by a diversified workforce of dynamic and versatile professionals, with growth and development opportunities that contribute to individual and firm growth.

• Lead current ISO 27001, SOC 2, and PCI compliance initiatives.
• Spearhead initiatives to identify and improve security risks.
• Conduct Risk Assessments within customer systems.

Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across various domains. They seek long-term relationships with their employees and offer a competitive compensation package, including health, medical, life insurance benefits, and a defined contribution pension plan with company matching.

• Execute IT audit engagements, including audit planning, risk assessment, testing, documentation, and reporting.
• Provide expert technical expertise on mainframes, privileged access management, system configuration, and resiliency.
• Advise on security and compliance issues, including access control frameworks, audit logging, traceability, and cybersecurity fundamentals.

Jobgether uses an AI-powered matching process to ensure applications are reviewed quickly, objectively, and fairly. They identify the top-fitting candidates and share the shortlist with the hiring company.

• Work with private equity and portfolio company clients, consulting on how to apply an information security vision and strategy in alignment with customer business objectives.
• Work with customers to assess and address information security risks.
• Assist in managing customer security programs including the achievement and/or maintenance of key compliance initiatives such as SOC, ISO27001, NIST, PCI, and SOX.

Crosslake supports changemakers and helps them buy, build, and run better technology. They believe in a programmatic, proactive approach to actively manage technology throughout the investment lifecycle.

• Manage inbound security questionnaires from partner physician practices.
• Lead security evaluations for Aledade’s vendors and analyze SOC2 reports.
• Maintain and optimize our security response repository and identify bottlenecks.

Aledade empowers independent primary care, becoming the largest network of its kind in the US. The company fosters a collaborative, inclusive, and remote-first culture, aiming to improve healthcare for patients, practices, and society.

• Own, manage and be accountable for supporting our revenue team both on net new deals as well as renewals and RFIs when it comes to customer security reviews.

Flock Safety is a safety technology platform that helps communities thrive by taking a proactive approach to crime prevention and security. They're a high-performance, low-ego team driven by urgency, collaboration, and bold thinking.

• Manage and improve the Information Security Management System.
• Maintain compliance with key frameworks and certifications.
• Translate regulatory requirements into technical controls.

Jobgether uses an AI-powered matching process to ensure applications are reviewed quickly, objectively, and fairly against the role's core requirements. Their system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company.

• Develops and refines performance methodologies that support the cybersecurity requirements.
• Oversee independent assessments and review Security Impact Analyses (SIA).
• Incorporate compliance data into the Governance, Risk, and Compliance Tool (GRCT).

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. It is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development.

• Assess and improve client security and IT controls.
• Develop policies, processes, and risk assessments aligned to top frameworks like NIST, ISO 27001, and SOC 2.
• Translate technical and regulatory requirements into clear, actionable steps for our clients.

Hotman Group is a rapidly growing boutique firm redefining cybersecurity and GRC. They help business leaders earn and keep customer trust through expert guidance and a commitment to quality, fostering a collaborative environment where every voice matters.

• Perform audits of operational, compliance and financial processes.
• Provide independent yet collaborative services to healthcare customers’ senior leaders.
• Conduct risk assessments, execute internal audits and perform consulting project engagements.

Kodiak Solutions transforms the healthcare industry through technology-driven solutions, specializing in healthcare finance, unclaimed property, risk management, and revenue cycle management. With an innovative platform, they offer cloud-based systems, automated workflows, and advanced data management tools.

• Lead end-to-end audits: Scope, plan, and execute risk based IT audits; develop work programs.
• Operate in rapidly evolving technology domains: Perform audits in rapidly evolving areas including cybersecurity and cloud architecture.
• Drive remediation & improvement: Quantify risks, identify root causes, and recommend realistic improvements to processes and controls.

CDK Global is a leading provider of cloud-based software to dealerships and Original Equipment Manufacturers (“OEMs”) across automotive and related industries. Their cloud-based, software as a service (“SaaS”) platform enables dealerships to manage their end-to-end business operations. They are committed to creating an inclusive workforce where everyone is valued and considered an Equal Opportunity Employer.

• Lead compliance projects translating requirements to actionable plans.
• Develop/implement compliance programs and training to ensure alignment.
• Monitor progress/metrics, ensuring deadlines are met and objectives achieved.

Jobgether uses an AI-powered matching process to ensure your application is reviewed quickly and fairly against the role's core requirements. They identify the top-fitting candidates, and this shortlist is then shared directly with the hiring company where the internal team manages final decisions.

• Scale, automate, and optimize existing GRC, compliance, and customer assurance programs.
• Optimize and automate an existing third-party risk program by improving risk signal quality.
• Evaluate, implement and maintain GRC tooling with a focus on AI-powered automation to minimize operational overhead.

Monarch is a personal finance platform designed to simplify finances. They are a fully remote team of do-ers led by experienced entrepreneurs passionate about helping members reach their financial goals, hyper-focused on building a product people love and evolving based on user feedback.