Skip to content
RainRainNew York, NY

Regulatory & Security Compliance Manager

Leads compliance programs for fintech regulations like SOC 2, GDPR, PCI, and DORA. Manages audits, policies, risk remediation, and cross-team adherence with 3+ years experience in regulated industries.

Salary not listed
Hybrid3+ YOESecurity Engineering

About the role

Responsibilities

  • Own Rain’s compliance program across DORA, SOC 2, SOC 1, GDPR, and PCI, ensuring we meet and exceed regulatory and audit requirements
  • Lead all compliance audits and certifications end-to-end — including renewals, observation periods, and new certifications
  • Maintain and evolve Rain’s policies, keeping them up-to-date, consistent across entities, and aligned with regulatory expectations
  • Ensure operational adherence by partnering with engineering, security, legal, and operations
  • Build a proactive compliance culture, helping the team understand obligations and embedding compliance into day-to-day decision making
  • Identify gaps and risks early, then drive remediation plans to keep Rain audit-ready at all times
  • Assist the team in other compliance-related activities, including actionalize and refine KYB, KYC, and AML processes and procedures based on best practices informed by operational data

Requirements

  • 3–7+ years of compliance, GRC, or security assurance experience, ideally in fintech, payments, SaaS, or other regulated industries
  • Deep familiarity with SOC 2, SOC 1, GDPR, PCI, and other compliance frameworks, with a proven track record of leading successful audits
  • Excellent program management skills — you can coordinate across teams, manage timelines, and keep multiple compliance workstreams moving
  • Strong attention to detail with the ability to turn complex requirements into clear, actionable tasks
  • Strong communication and influence skills, able to work with everyone from engineers to executives to external auditors

Nice to Have

  • Experience in card issuing, stablecoins, payments, or cross-border fintech products
  • Familiarity with ISO 27001, DORA, or other emerging global regulations
  • Experience with tools like Vanta

Benefits

  • Unlimited time off (minimum 10 days required)
  • Flexible working (remote or office)
  • Comprehensive health, dental, vision plans
  • 401(k) with 4% company match
  • Equity plan
  • Health and wellness spending
  • Team summits

Skills

SOC 2Soc 1GDPRPCIDoraGRCVantaISO 27001KybKycAML
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering