Information Security Compliance Lead

About The Position

Requirements

• A strategic builder who has led SOC 2 Type II and ISO 27001 programs at a SaaS company (preferably early stage)
• Deeply knowledgeable about security compliance/GRC and vendor risk
• Excellent at customer-facing trust work (clear writing, good communication, fast and accurate knowledge)
• Would describe yourself as being relentlessly resourceful
• Pragmatic and automation-first. You design controls engineers actually follow
• Comfortable collaborating across Security, IT, Sales, and Legal to get things done

Responsibilities

• Own security compliance end-to-end
• Plan and run gap assessments, control design, evidence collection, and auditor coordination (SOC 2 Type II; ISO/IEC 27001:2022)
• Operate and improve our ISMS (risk assessment, internal audit, management review, corrective actions)
• Maintain policies, control testing cadence, asset inventories, and audit-ready evidence (e.g., Secureframe/Vanta)
• Lead vendor risk management and third-party due diligence
• Own security questionnaires & customer trust
• Own RFPs/DDQs/security questionnaires (SIG Lite, CAIQ, and custom) with clear SLAs
• Meet with customer security teams to explain security controls
• Build a living answers library and artifacts (policies, diagrams, pen test reports, BCP/DR, vulnerability management posture)
• Stand up and maintain a trust portal
• Partner with Sales/Legal/Security to unblock deals and negotiate security addenda
• Translate frameworks into lightweight, automated processes that fit a high-velocity startup
• Track and report meaningful compliance/risk metrics to leadership
• Help hire/mentor as the program scales

Benefits

• Competitive Compensation
• Relocation and Visa Support
• Medical Benefits
• Unlimited PTO
• Office Extras