Lead SOC 2 and ISO programs through the full audit lifecycle, scoping, evidence collection, control testing, auditor management, and remediation tracking.
Drive Fieldguide’s journey towards additional compliance frameworks and standards from gap assessment to audits.
Own the mapping of controls across overlapping frameworks. Maintain corporate policies, standards, and procedures.
Manage external relationships with auditors, assessors, consultants, and customers. Coordinate audit timelines, responses, and remediation plans.
Build integrations that continuously gather compliance evidence from AWS, GitHub, identity providers, and internal systems. Replace manual screenshots and spreadsheets with automated, auditable pipelines.
Design and implement continuous control monitoring: surface drift, alert on failures, and maintain dashboards for compliance program health and KPIs.
Own and operate the GRC platform. Configure control mappings, manage integrations, and ensure the platform accurately reflects our posture.
Integrate compliance checks into CI/CD pipelines, infrastructure-as-code reviews, and deployment processes. Make compliance a natural part of how engineers ship code.
Build and maintain self-serve tools that streamline customer security questionnaires, trust center content, and due diligence processes.
Partner with GTM teams to handle strategic customer security assessments. Help articulate Fieldguide’s compliance posture in sales processes.
Reduce time-to-response on security reviews through automation and scalable processes.
Evaluate and monitor third-party vendors for security and compliance risk. Build and maintain the vendor assessment program.
Create and deliver security awareness training. Draft security best practices and drive company-wide adoption.
Requirements
6+ years in security compliance, GRC, or audit with direct experience managing SOC 2 and ISO 27001 programs through full audit cycles.
Experience with compliance automation platforms, especially building and automating controls and integrations.
Working knowledge of AWS security services, CloudTrail, Config, Security Hub, IAM, and the ability to query and integrate them programmatically.
Familiarity with infrastructure-as-code tools (Terraform, CloudFormation) and CI/CD pipelines.
Experience with AI governance frameworks (ISO 42001) or the intersection of AI compliance and traditional security compliance is a plus.
Prior experience in public accounting or audit firms, understanding our customers’ world from the inside, is a plus.
CISA, CISSP, CISM, or ISO 27001 Lead Auditor certification is a plus.
(Nice to have) Hands-on technical skills: you write production-quality code or scripts (Python, TypeScript, or similar) and can build integrations with APIs and cloud services.
(Nice to have) FedRAMP experience: you’ve been through at least one authorization or significant assessment, including SSP development, 3PAO coordination, and ConMon.
Tech Stack
AWS
Cloud
Python
Terraform
TypeScript
Benefits
Competitive compensation packages with meaningful ownership