Skip to content
LinearLinearUnited States

Compliance & Trust Lead

Lead Linear's compliance and trust program, managing SOC 2, ISO 27001, risk, third-party reviews, and GRC automation in a remote-first B2B SaaS environment.

Salary not listed
Remote7+ YOELegal

About the role

What you’ll do

  • Operate and extend Linear's compliance program end-to-end — maintain and mature our SOC 2 Type II, ISO 27001, and other relevant certifications (roadmap: ISO 27701, ISO 42001) while keeping audit overhead low and evidence collection as automated as possible
  • Be the primary point of contact for security questionnaires, customer trust reviews, and enterprise procurement conversations — turn what's often a bottleneck into a competitive advantage
  • Run our risk management program — identify emerging risks across the product, infrastructure, and vendor landscape, drive remediation with the right owners, and surface clear signal to leadership
  • Partner closely with engineering to embed compliance controls into how we build — shape policy and tooling so security requirements land early in the development process, not as a retrofit
  • Manage our third-party risk program — evaluate vendors and subprocessors, maintain our inventory, and ensure our supply chain meets the bar we hold ourselves to on both security and privacy
  • Help scale the GRC function with automation — reduce manual toil, build durable processes, and ensure the program grows with the business without linearly growing headcount

What we’re looking for

  • A seasoned GRC practitioner — you have 7+ years in compliance and customer trust, ideally in a B2B SaaS or developer tools environment, and you've seen enough audit cycles to know where the sharp edges are
  • Framework-fluent and privacy-aware — you have deep hands-on experience with SOC 2 and ISO 27001, understand how privacy regulations like GDPR and CCPA intersect with security controls, and can reason about new frameworks from first principles
  • A builder, not just an operator — you see manual compliance work as a problem to be designed away, default to scalable processes over manual workflows, have used tools like Vanta, Drata, or similar platforms to do it
  • A trusted partner, internally and externally — you work fluidly with engineering, legal, and customers alike; you can explain a control design to a skeptical customer, draft a crisp policy, and write a risk summary leadership will actually read
  • Autonomy-oriented — you're comfortable operating with significant independence, setting your own priorities, and knowing when to loop in leadership, without needing to be managed closely
  • Pragmatic over procedural — you optimize for reducing real risk, not checking boxes, and you know the difference

Tools & environment

  • This role sits close to the product and infrastructure we build. You don't need to be an engineer, but you should be comfortable navigating technical systems and working directly with the teams that build them. Our stack runs on Google Cloud with k8s, Postgres, and Node — understanding how it's put together matters for scoping controls and audits.
  • For day-to-day work, we use: Linear, GitHub, Slack, and Google Workspace for collaboration; Claude and ChatGPT for general AI tasks; Vanta for compliance automation and evidence collection

What we offer

  • Competitive salary and equity
  • Employee-friendly equity terms including early exercise in the US and extended exercise windows
  • Daily meal and coffee stipend on every workday
  • Paid co-working space or desk
  • Health coverage (based on country requirements)
  • 5 weeks paid vacation, plus local statutory holidays
  • 4 months paid parental leave
  • Paid month off after 4 years & every 2 years thereafter
  • Regular team events and off-sites
  • Remote-first with no required commute

Skills

SOC 2ISO 27001Iso 27701Iso 42001GDPRCCPAVantaDrataGCPKubernetes

Similar roles

Legal jobs
Crusoe

Legal Counsel

CrusoeNew York, NY

Legal Counsel supporting Crusoe's corporate finance and strategic transactions, including debt financings, capital markets deals, drafting/negotiation of credit agreements, due diligence, and covenant compliance. Requires JD, 7-10 years of complex transactional experience in finance/corporate deals, strong business judgment, and ability to manage high-stakes workstreams.

240k – 285k/yr
On-site7+ YOELegal
Ditto

PubSec Counsel

DittoAtlanta, GA +3

PubSec Counsel owns public sector contracting, negotiations, and legal compliance for U.S. Federal Government and defense programs at Ditto. Requires deep expertise in FAR/DFARS, government contracts, and building compliance frameworks in a fast-paced startup environment.

146k – 198k/yr
Remote7+ YOELegal
Checkr

Senior Regulatory & Policy Counsel

CheckrSan Francisco, CA

Senior Regulatory & Policy Counsel reporting to Director of Product and Privacy Legal. Monitors and analyzes AI, privacy, and background screening regulations; translates them into compliance guidance; conducts risk analyses; leads policymaker engagement and advocacy; partners with Product, Engineering, and Customer Success. Requires JD and 8+ years in regulatory law/policy/government affairs.

229k – 269k/yr
Hybrid8+ YOELegal
Dialpad

Sr. Commercial Counsel

DialpadAustin, TX

Senior Commercial Counsel negotiating complex enterprise SaaS, partnership, and vendor agreements. Provides strategic legal advice to sales and executive teams, builds AI-powered legal workflows and playbooks, and mentors junior counsel in a fast-paced AI SaaS environment.

Salary not listed
On-site8+ YOELegal
Firecrawl

In-House Counsel

FirecrawlSan Francisco, CA

Firecrawl's first full-time In-House Counsel will own legal for customer contracts, partnerships, and the novel legal issues around web data scraping, crawling, licensing, and public data access. Hybrid commercial and technical role requiring comfort redlining deals and advising engineers on data sourcing/serving compliance.

225k – 265k/yr
Remote6+ YOELegal