Responsibilities
- Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits; run control testing across the audit lifecycle.
- Serve as the subject matter expert across the company on compliance frameworks.
- Act as the primary point of contact for external auditors and assessors.
- Manage the Security and Privacy trust center.
- Maintain the risk register; drive risk identification, scoring, and reporting.
- Manage maintenance of compliance policies, standards, and procedures.
- Report on compliance posture to senior leadership.
- Scale the GRC function with AI and automation; build quick wins and scope requirements for Engineering to fully automate.
Requirements
- 5+ years of experience in GRC, IT audit, or information security compliance.
- Prior experience with HITRUST, SOC 2, and ISO 27001 audits.
- Hands-on experience with control design, evidence collection, and remediation in a cloud-native engineering environment.
- Proven ability to adapt communication style across engineers, operators, and executives.
- GRC Engineering mindset with prior experience using scripting and LLMs to automate repetitive tasks.
- Desire to be part of a high-performing, mission-driven team.
Nice-to-Haves
- Industry certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 Lead Auditor.
- Experience scaling GRC functions with AI and automation.
Compensation
Target salary range: $132,000 - $165,000 base. Eligible for equity incentive and competitive benefits including flexible PTO, Medical/Dental/Vision, 401(k), and more.