Skip to content
HiveHiveSan Francisco, CA

Security Compliance Manager

Leads security compliance programs, manages audits (ISO, SOC), implements ISMS, and oversees risk management. Requires 4+ years in risk assessments, 2+ years in audits, and strong knowledge of privacy laws like CCPA/GDPR.

Salary not listed
On-site4+ YOESecurity Engineering

About the role

Responsibilities

  • Manage Hive’s current risk management program
  • Manage external and internal audits, including reviewing materials that require attention for accuracy and properly adhering to regulatory expectations
  • Implement ISMS in coordination with executive and mid-level management
  • Develop reports that capture key business trends, highlights, lowlights, and metrics as the compliance programs are conducted. Provide status, recommended updates, and detailed metrics and evidence
  • Work with Engineering and Product teams to identify process improvements and efficiencies in areas of change management, access management and general technology process controls
  • Provide compliance, risk, and controls expertise to support information security and compliance initiatives
  • Protect the business by assisting with cyber security risk assessments
  • Maintain awareness of industry best practices for data maintenance handling as it relates to your role
  • Manage a comprehensive Governance, Risk and Compliance program
  • Adhere to and champion policies, guidelines and procedures pertaining to the protection of information assets
  • Manage external security, privacy, and compliance requirements, including both internal requirements for vendors as well as external requirements placed on Hive
  • Report actual or suspected security and/or policy violations/breaches
  • Define, develop, implement, and maintain our policies and processes that enable consistent, effective privacy practices that minimize risk and ensure the confidentiality of protected information, paper and/or electronic, across all media types and comply with applicable privacy laws and regulations
  • Support Hive’s security review process from beginning to end by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review), assembling relevant and appropriate documentation, drafting responses, scheduling and leading calls/meetings, and communicating follow-up activities
  • Serve as a subject matter expert for information security principles and practices (especially as they pertain to vendors and cloud security), and promoting a culture of security throughout the firm
  • Interface with staff throughout the firm to facilitate the efficient and secure use of technology services

Requirements

  • Bachelor's degree or related experience
  • Minimum 4+ years experience related to conducting risk-based assessment for information systems and/or operations
  • Minimum 1+ years experience running a comprehensive Governance, Risk and Compliance program
  • Minimum 2+ years experience leading industry standard (ISO 27001 or SOC 1/2) audits from either side
  • Strong knowledge of applicable privacy laws (CCPA/CPRA, GDPR)
  • Thorough understanding of vulnerability management, penetration testing, and attack simulations
  • Experience supporting enterprise-wide Security Compliance programs designed to anticipate, assess, and minimize control gaps and audit findings
  • Ability to communicate in a written and oral format to technical and non-technical audiences in a business-friendly manner
  • Demonstrated success in a competitive environment
  • Highly self-motivated and ambitious in achieving goals
  • Strong team player, but can work and execute independently
  • Driven; no one needs to push you to excel; that’s just who you are
  • Hungry to learn and actively look for opportunities to contribute
  • Highly organized and detail-oriented; can handle multiple projects and dynamic priorities without missing a beat

Skills

ISO 27001Soc 1/2GRCIsmsCCPAGDPRVulnerability ManagementPenetration TestingCloud SecurityRisk Assessment
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k
On-site3+ YOESecurity Engineering