Key skills
CloudAIOAuthCI/CDLeadershipRisk ManagementSales
About this role
Role Overview
- Compliance program maturity — Lead end-to-end audit execution across SOC 2, ISO 27001, ISO 42001, ISO 27701, HIPAA, and GDPR. Own auditor relationships, coordinate cross-functional evidence collection, and maintain year-round audit readiness.
- Next-generation framework adoption — Drive FedRAMP readiness: assess platform gaps, build roadmaps, and turn new certifications into planned projects rather than fire drills.
- Enterprise risk management — Build and mature Atlan's risk management program. Identify, assess, and track risks across security, operational, compliance, and third-party domains. Turn abstract risk conversations into measurable metrics with clear ownership and quarterly leadership reviews.
- Third-party risk management — Own Atlan's vendor security assessment program end-to-end: tiered vendor reviews, security questionnaires, risk scoring, and ongoing monitoring. Balance vendor risk against business need at scale.
- Compliance automation infrastructure — Integrate our GRC platform with cloud infrastructure, CI/CD pipelines, HR systems, and product engineering tooling to automate evidence collection and continuous control testing. Reduce manual audit prep effort significantly.
- Controls that prove themselves — Partner with engineering and product teams to design technical controls that automatically generate auditable evidence. Implement continuous testing that catches gaps before auditors do.
- Continuous controls monitoring — Design and operate real-time visibility into control effectiveness: automated dashboards, live control status, and alerting that surfaces gaps before audit cycles begin — not during them.
- Organizational compliance capability — Build awareness programs, run training for engineering and cross-functional teams, and create self-service dashboards that make compliance easy. Make secure-by-default the path of least resistance.
Requirements
- 5+ years owning SOC 2 Type II and/or ISO 27001 audits end-to-end — you've been the point person coordinating auditors, collecting evidence, and managing findings
- Hands-on experience across multiple frameworks: SOC 2, ISO 27001, ISO 42001, and at least two of GDPR, HIPAA, ISO 27701, FedRAMP, or CCPA
- Regulatory intelligence mindset — you track emerging requirements and build readiness roadmaps before compliance becomes urgent
- Experience with modern GRC platforms (Vanta, Drata, Secureframe, or similar) extended via API — not just out-of-box configuration
- Comfortable with REST APIs, JSON, OAuth, and CI/CD integrations
- Built or maintained risk registers, facilitated leadership risk reviews, and turned risk conversations into concrete action plans
- Customer-facing experience: security questionnaires, trust portals, or supporting enterprise sales cycles with compliance documentation
- Able to influence engineering, product, HR, legal, and IT without formal authority — you're an enabler, not a gatekeeper
- You actively use AI tools to accelerate compliance work: drafting control narratives, triaging risk findings, generating evidence summaries, and building AI-assisted workflows for continuous monitoring. You understand enough about AI systems to assess their risk implications — not just use them as productivity tools.
- You drive toward outcomes without waiting for perfect requirements. You identify problems and build solutions. You thrive in ambiguity.
Tech Stack
- Cloud
Benefits
- Competitive Compensation: We benchmark at the top of the market and keep compensation simple: strong base salary, performance-based variable pay, and impact-driven equity, so your total rewards grow in step with the value you create over time.
- Health & Wellness: From Day‑1 health, dental, vision, and mental health to pet‑care perks and flexible health stipends, we design benefits offerings that lead in each country we're in.
- Flexible Time Off & Leave Policies: We trust you to own your energy: flexible time off and modern leave so you can unplug properly, support yourself and your loved ones, and come back ready to drive an impact.
- Accelerated Growth & Learning: Develop at an uncommon velocity through cutting-edge tech, complex implementations, and an experienced team that values mastery.
- AI Native Culture: Atlan is where AI-native builders come to build the systems the future of work will run on. AI isn’t an add-on, it’s woven into how we build, think, and work every day, empowering every Atlanian to move faster and create a bigger impact.
- Global, Remote-First, High-Trust: Work from anywhere with a diverse team across 15+ countries, in a trust-first, async environment that gives you true flexibility and ownership over how you work.