Leads execution of GRC compliance programs including SOC 2, ISO 27001, and data privacy certifications. Manages customer security assessments, RFP responses, and vendor risk for enterprise AI platform, requiring 3-5 years GRC experience in SaaS.
190k – 275k
On-site3+ YOELegal
About the role
Responsibilities
Drive compliance certifications including SOC 2 Type II, ISO 27001, PCI DSS, HIPAA, and CCPA
Automate or execute compliance evidence collection, ensuring all controls are properly documented and audit-ready
Maintain and improve security documentation including policies, procedures, and customer-facing security collateral
Support customer security assessments by preparing materials for security reviews and helping address technical inquiries from Fortune 500 security teams
Manage security and compliance topics in RFPs end-to-end, coordinating responses across engineering, product, and legal teams
Coordinate with contractors and vendors to maintain response quality and meet timelines during peak sales periods
Build and optimize repeatable processes to scale GRC operations to hundreds of enterprise customers
Partner with sales engineering to understand customer security requirements and proactively prepare responses for common concerns
Partner with Sales and Customer Success to accelerate deal velocity by proactively addressing customer security concerns with published content
Collaborate with Security, Engineering, and Product teams to translate compliance requirements into actionable technical controls and ensure new features meet regulatory standards
Establish vendor risk management programs to assess and monitor third-party security risks across our supply chain
Requirements
3-5 years of GRC experience in high-growth SaaS or technology companies, with direct responsibility for compliance programs
Proven track record successfully contributing to SOC 2, ISO 27001, or similar enterprise compliance certifications
Experience in data privacy regulations including CCPA, GDPR, and emerging AI governance frameworks
Strong project management skills with ability to coordinate cross-functional teams under tight deadlines
Excellent written and verbal communication skills to translate complex security concepts for diverse audiences
Working knowledge of technical security controls and ability to collaborate effectively with engineering teams
Nice-to-Haves
Experience with AI/ML compliance frameworks and understanding of unique risks in conversational AI systems
Background in healthcare or financial services with knowledge of HIPAA or PCI requirements
Track record of building GRC programs at companies scaling from startup to enterprise
Experience with GRC platforms like Vanta, Drata, or SecureFrame to automate compliance workflows
Understanding of cloud security particularly Google Cloud Platform compliance and security features
Product Counsel serving as embedded legal partner to product, engineering, and research teams at an AI video platform. Advise on generative AI issues including IP, copyright, right of publicity, privacy, and content moderation while building legal processes and triaging company-wide matters.
190k – 280k
On-site5+ YOELegal
Commercial Counsel
PostmanSan Francisco, CA
Commercial Counsel responsible for drafting, negotiating, and managing enterprise SaaS subscription agreements and strategic partner/channel/reseller agreements at Postman. Requires JD, 5-8 years B2B SaaS legal experience with strong focus on partnership deals, and ability to advise Sales and Partner teams.
190k – 230k
On-site5+ YOELegal
Governance, Risk & Compliance Manager
SigmaSan francisco, CA +1
Lead and scale enterprise GRC programs including governance frameworks, ERM, SOC 2/ISO 27001/HIPAA compliance, and third-party risk management. Partner across Legal, Engineering, Product, and Sales to enable secure business growth.
190k – 215k
On-site4+ YOELegal
Product Attorney
FivetranDenver, CO
Product Counsel advising Product and Engineering teams on IP, licensing, privacy, AI, and regulatory issues throughout the product lifecycle at a SaaS data company. Requires 4-7 years SaaS legal experience and a J.D.
190k – 238k
Hybrid4+ YOELegal
Product Counsel
InstacartUnited States
Product Counsel embedded with Instacart's product teams to provide strategic legal guidance on new international markets, hardware (Caper carts), and retailer platforms. Advise on e-commerce, privacy, payments, and compliance while using AI tools to streamline processes and act as an enabler to product, engineering, and business teams.