Compliance Team Lead

Celigo
$100,000 - $125,000Remote

About The Position

The Compliance Team Lead is an individual contributor role positioned at the emerging lead level, designed to own the day-to-day execution of Celigo’s security compliance and risk operations. This role enables the Senior Director to operate strategically by taking ownership of core compliance workstreams: SOC 2 audit coordination, privacy rights fulfillment, policy governance, third-party risk assessments, and security questionnaire responses. A significant focus of this role will be supporting Celigo’s ISO 27001 and ISO 42001 certification initiative. Under the direction of the Senior Director, this role will partner with an external advisory firm to build Celigo’s integrated Information Security Management System (ISMS) and Artificial Intelligence Management System (AIMS) and will then own the ongoing management, maintenance, and operationalization of those management systems post-certification. This role also provides task-level guidance to the Security Risk & Compliance Analyst and supports their professional development. Both roles report directly to the Senior Director, Information Security & Compliance.

Requirements

  • Demonstrated ability to manage multiple concurrent compliance workstreams with competing deadlines and limited oversight
  • Working knowledge of SOC 2 Trust Services Criteria and audit evidence requirements; experience owning evidence collection for at least one full audit cycle
  • Foundational understanding of ISO 27001 requirements; exposure to ISMS implementation or gap assessment work is strongly preferred
  • Familiarity with privacy regulations, including GDPR, HIPAA, CCPA, and US state privacy laws; experience handling DSARs is a plus
  • Ability to review vendor security documentation, including SOC 2 reports, DPAs, and security questionnaires, and identify material risk gaps
  • Strong written communication skills; ability to draft policy language, compliance documentation, and client-facing security responses
  • Comfortable working cross-functionally with Engineering, IT, Legal, and Finance stakeholders
  • Ability to provide constructive task guidance to a junior team member
  • Self-directed with strong organizational skills; ability to operate effectively with minimal supervision
  • Proficient in the responsible use of AI tools (e.g., Claude, ChatGPT) to improve the efficiency and quality of compliance work; ability to identify recurring compliance tasks and develop AI-assisted workflows, prompts, and automation projects that reduce manual effort and improve program scalability
  • 3–5 years of experience in information security, GRC, compliance, privacy, or audit functions
  • Hands-on experience with SOC 2 audit cycles, including evidence preparation and auditor coordination
  • Experience in auditing a SaaS company, preferably with multi-tenant architecture
  • Experience with security policy development, review cycles, and stakeholder management
  • Familiarity with third-party risk assessment programs and vendor security review processes
  • Experience with GRC or compliance documentation platforms (e.g., Vanta, Drata, Confluence, or equivalent)
  • Exposure to ISO 27001 framework requirements preferred; ISO 42001 familiarity is a plus
  • Relevant certifications preferred but not required: CISA, CRISC, CIPM, CISSP, or equivalent

Nice To Haves

  • Exposure to ISMS implementation or gap assessment work is strongly preferred
  • Experience handling DSARs is a plus
  • ISO 42001 familiarity is a plus
  • Relevant certifications preferred but not required: CISA, CRISC, CIPM, CISSP, or equivalent

Responsibilities

  • Lead day-to-day SOC 2 Type II audit activities, including evidence collection, artifact management, control testing coordination, and auditor liaison for both the Integrator.io and CloudExtend platforms
  • Maintain the compliance calendar and ensure all control activities, access reviews, training attestations, and evidence requirements are completed on schedule
  • Oversee the administration of the KnowBe4 policy attestation platform; track completion rates and follow up on outstanding attestations to support audit evidence requirements
  • Lead the coordination and tracking of compliance evidence requirements across business units; document gaps and escalate to the Senior Director
  • Maintain and update the Celigo Risk Register, including open risk items, remediation timelines, and status
  • Serve as a primary internal resource supporting the build of Celigo’s ISO 27001 ISMS and ISO 42001 AIMS under the leadership of the Senior Director and in partnership with an external advisory firm
  • Contribute to gap assessments, control mapping, documentation development, and stakeholder interviews as part of the certification readiness program
  • Own the ongoing management and operationalization of the ISMS and AIMS post-certification, including management reviews, internal audit coordination, control monitoring, and annual recertification preparation
  • Maintain ISMS and AIMS documentation, ensuring policies, procedures, and evidence repositories remain current and audit-ready
  • Serve as the internal subject matter resource for ISO 27001 and ISO 42001 requirements as Celigo’s program matures
  • Handle Data Subject Access Requests (DSARs) in compliance with GDPR, UK GDPR, CCPA, and other applicable privacy regulations; maintain response logs and ensure timely fulfillment within regulatory deadlines
  • Support privacy compliance activities, including PIA coordination for new AI tools, DPA review, and regulatory change tracking
  • Monitor emerging regulatory requirements relevant to Celigo’s operating environment, including the Colorado AI Act and other applicable frameworks
  • Execute third-party vendor risk assessments in alignment with Celigo’s tiered risk framework; review SOC 2 reports, security questionnaires, and DPAs for material gaps
  • Maintain the vendor inventory and ensure all assessments are completed within the required cadences
  • Lead security review intake for new AI tools and OAuth-connected applications; flag findings and escalate to the Senior Director
  • Own Celigo’s security and privacy policy library, managing annual review cycles, stakeholder coordination, tracked-change workflows, and version control
  • Identify gaps between policy requirements and current operational practice; develop remediation tracking and monitor progress
  • Maintain compliance documentation repositories (Wiki, Google Drive) and ensure accuracy and accessibility of all compliance artifacts
  • Lead responses to client and prospect security, privacy, and compliance questionnaires; coordinate with the Security Risk & Compliance Analyst on intake and response workflows
  • Provide day-to-day task guidance, work assignments, and professional development support to the Security Risk & Compliance Analyst
  • Serve as the primary cross-functional point of contact for compliance inquiries from IT, Engineering, HR, Legal, and Finance

Benefits

  • Three weeks of vacation (starting year one)
  • Wellness days and holidays to recharge
  • Parental leave and a generous benefits package
  • Monthly tech stipend
  • Recognition and career development opportunities
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service