Embed privacy-by-design principles into Docker products, services, and internal platforms.
Partner closely with Docker engineering and product teams to integrate privacy requirements into architecture decisions, SDLC processes, and CI/CD pipelines.
Design, develop, and maintain automated GRC and privacy workflows to support compliance monitoring, control testing, DPIAs, risk assessments, reporting, and audit readiness.
Lead SOC 2 and ISO programs through the full audit lifecycle.
Build integrations that continuously gather compliance evidence from AWS, GitHub, identity providers, and internal systems.
Evaluate and monitor third-party vendors for security and compliance risk.
Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. The company is based in San Francisco, CA, and built as a remote-first company with a team that is inclusive, driven, humble and supportive.
Lead the configuration and management of GRC tools to ensure integration with security systems.
Manage the main dashboard for SOC 2 reporting, ensuring accuracy and compliance.
Develop and maintain a comprehensive risk management program and conduct risk assessments.
Engine is transforming business travel into something personalized, rewarding, and simple. They have over 20,000 companies relying on Engine to support over 1 million travelers and billions in annual bookings each year and have been recognized as one of the fastest-growing travel and fintech platforms in North America.
Lead current ISO 27001, SOC 2, and PCI compliance initiatives.
Spearhead initiatives to identify and improve security risks.
Conduct Risk Assessments within customer systems.
Canadian Bank Note Company (CBN) is a leader and trusted provider of secure document and adjacent enterprise-level system solutions across various domains. They seek long-term relationships with their employees and offer a competitive compensation package, including health, medical, life insurance benefits, and a defined contribution pension plan with company matching.
Own the 24‑month global security roadmap developed with an external partner; drive planning, resource allocation, cross‑region rollout, milestone tracking, and KPI delivery.
Lead the cybersecurity transformation: redesign the security operating model, establish regional capability hubs, hire and upskill teams, and integrate security into engineering and product lifecycles.
Modernize security tooling and architecture: define global architecture for IAM, cloud security, vulnerability management, SIEM/XDR, DLP, and secure SDLC integrations; manage vendor selection and lifecycle.
Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
Assess and improve client security and IT controls.
Develop policies, processes, and risk assessments aligned to top frameworks like NIST, ISO 27001, and SOC 2.
Translate technical and regulatory requirements into clear, actionable steps for our clients.
Hotman Group is a rapidly growing boutique firm redefining cybersecurity and GRC. They help business leaders earn and keep customer trust through expert guidance and a commitment to quality, fostering a collaborative environment where every voice matters.
Serve as the primary vCISO and subject matter expert for multiple clients.
Lead data-centric cybersecurity programs aligned to business risk.
Manage, mentor, and develop vCISO team members.
Coretelligent partners with growing, highly regulated organizations that need secure, dependable IT environments built to scale. They deliver managed IT, cybersecurity, cloud, and strategy, through a model designed for consistency, transparency, and trust. They are building a team of professionals who care deeply about quality, ownership, and continuous improvement.
Scale, automate, and optimize existing GRC, compliance, and customer assurance programs.
Optimize and automate an existing third-party risk program by improving risk signal quality.
Evaluate, implement and maintain GRC tooling with a focus on AI-powered automation to minimize operational overhead.
Monarch is a personal finance platform designed to simplify finances. They are a fully remote team of do-ers led by experienced entrepreneurs passionate about helping members reach their financial goals, hyper-focused on building a product people love and evolving based on user feedback.
Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles.
Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation.
Facilitate risk assessments for systems, vendors, products, and business initiatives.
Astra is building mission-critical infrastructure for moving money at scale. Their platform processes billions in annual transaction volume with 99.9%+ uptime, powering real-time transfers, bank debits, card disbursements, and complex financial compliance systems.
Lead customer due diligence questionnaire (DDQ) and RFP response process and third-party risk management process.
Support enterprise sales with technical customer security discussions.
Lead SOC 2 Type II audit preparation, evidence collection, and remediation.
Vanilla is an AI-powered estate advisory platform that aims to modernize estate planning. They are a startup distributed across the U.S. with a mix of fully remote and hybrid roles that embraces flexibility and values curious builders and problem-solvers.
Own and operate compliance programs such as SOC 2, ISO 27001, ISO27701, HIPAA, and TISAX.
Lead and manage internal, external, and customer audits end-to-end.
Track, remediate, and validate 100% of audit findings within agreed SLAs.
Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes. More than 500,000 organizations rely on Airtable to transform how work gets done and they strive to create a workplace where everyone has an equal opportunity to thrive.
Own and maintain the compliance platform (Drata), including control mapping, evidence collection, continuous monitoring, and audit workflows
Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks
Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion
Payabli is a next-generation Payments Infrastructure and Monetization Platform purpose-built for vertical software companies. They empower software companies to manage and move money through a single infrastructure stack that delivers total control over the payments experience, scaling with PCI DSS 4.0 and SOC 2-compliant security.
Lead and mature Material Bank’s enterprise information security program.
Own the security risk management framework, including risk identification, scoring, tracking, and executive reporting.
Own detection, incident response, and resilience strategy.
Material Bank operates the world’s largest material marketplace for the architecture and design industry, connecting designers with materials from leading brands. They operate in 37 countries and their platform is the standard for design professionals around the globe.
You will review, challenge, and strengthen our systems, act as the security authority within engineering, define guardrails, and drive remediation when risks arise.
Operating independently, you’ll build the structure and standards needed as we scale.
Your mission is to own the company wide security strategy and architecture, ensure CIRO and SOC 2 alignment, and embed strong security practices across infrastructure, applications, and internal systems, while enabling engineering velocity.
Newton is changing how Canadians trade crypto, with the goal to make financial freedom something everyone can achieve by giving customers the tools and knowledge they need to navigate the crypto world. At Newton, you'll work with a remote team spread across Canada.
Conduct day-to-day risk ticket analysis and lead in-depth assessments of product launches and infrastructure changes.
Further operationalize and mature the One Twilio Risk Management framework leveraging risk management frameworks.
Build and optimize automated workflows that bridge the gap between compliance requirements and engineering productivity.
Twilio is shaping the future of communications, delivering innovative solutions to hundreds of thousands of businesses and empowering millions of developers worldwide. They have a strong culture of connection and global inclusion and are dedicated to remote-first work.
Design and test prompts to shape AI behavior and review outputs.
Build and maintain the “truth layer” for real-world GRC answers.
Evaluate and improve AI quality, ensuring responsible AI use.
Vanta helps businesses earn and prove trust by continuously monitoring and verifying their security. They empower companies to practice better security and prove it with ease, with a kind and talented team that consists of both people with and without prior security experience.
Drive and enable proactive identification, analysis, and remediation of security vulnerabilities.
Respond to manage pen testing and bug bounty programs.
Work in partnership with Software Architecture, Risk/Compliance, the SRE team, and other partners, to integrate security capabilities into the SDLC.
Subsplash builds The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. They are a family-owned and operated company of 290+ mission-driven people.
Own and lead enterprise-level compliance programs.
Define and mature ISO 27001 and ISO 42001 control environments and SOX 404 ITGCs.
Act as a subject matter expert and internal consultant for various teams.
Spring Health aims to eliminate mental health barriers with its clinically validated technology, Precision Mental Healthcare. They partner with over 450 companies, providing care for 10 million people and are valued at $3.3 billion.
Lead development of security strategy aligned to client business goals.
Guide risk management practices including risk registers and threat modeling.
Provide executive-level oversight of regulatory compliance programs.
Jobgether uses an AI-powered matching process to ensure applications are reviewed fairly. Their system identifies the top-fitting candidates and shares this shortlist with the hiring company.