Key skills
AWSAIIAM
About this role
Role Overview
- Own Ona’s full security and compliance program
- building the architecture, automations, and trust infrastructure
- Future-proof Ona's SOC 2 compliance posture for the AI era: continuous control monitoring, audit readiness, policy architecture, and program evolution
- Elevate the Ona’s Trust Center to become primarily self-serve
- Steward GDPR and CCPA across the full data lifecycle
- Drive IAM to zero-touch and carry every incident from infrastructure alert to engineering diagnosis
- Forge a queryable layer across Ona's full compliance posture
Requirements
- You work in alignment with our operating principles
- You treat compliance as a revenue asset.
- You leverage AI and automation.
- You bring technical fluency to everything you own.
- Owned a SOC 2 Type II program end-to-end — the controls, the evidence, the auditor, the roadmap
- Hands-on AWS security experience: triage first, escalate second
- Operated inside a technical product company where understanding the product was part of the job
- Managed access management at organizational scale with a demonstrated bias toward automation
- Worked with compliance automation tooling — Vanta, Drata, or equivalent
- Familiar with GDPR, CCPA, or equivalent privacy frameworks at an operational level
- Security certifications (CISSP, CISM, CCSP) noted, not required.
Tech Stack
- AWS
Benefits
- Flexible paid time off including holidays that are most meaningful to you
- Employee-friendly equity terms (extended exercise)
- Health insurance (country-specific)
- Retirement (country-specific)
- Wellness allowance
- Premium work-from-home equipment
- Regular company off-sites