Key skills
AWSCloudDistributed SystemsLeadershipStakeholder ManagementRisk ManagementCommunication
About this role
Role Overview
- Own and lead compliance programs and audit processes (SOC 2, PCI DSS, GDPR, HIPAA/HITECH) from planning through successful completion.
- Drive evidence collection, documentation, and audit readiness, ensuring high-quality and timely delivery.
- Act as a primary point of contact for external auditors, customers, and prospects on security and compliance matters.
- Lead security discussions with enterprise customers, including deep-dive reviews and security questionnaires.
- Oversee internal and external assessments across systems, services, and teams.
- Own and evolve the Third-Party Risk Management program, managing and monitoring the security compliance of vendors and partners.
- Maintain, enhance, and scale security controls and compliance processes across the organization.
- Partner with engineering and product teams to translate compliance requirements into practical implementations.
- Track and drive remediation efforts, ensuring accountability and timely resolution.
- Produce and present audit and compliance reports to internal stakeholders and leadership.
- Act as a strategic advisor by promoting security awareness and staying ahead of evolving regulatory and compliance trends.
Requirements
- 6+ years of experience in Information Security, Governance Risk & Compliance (GRC), Audit, or Risk Management.
- Strong hands-on experience with frameworks such as SOC 2, PCI DSS, GDPR, HIPAA/HITECH.
- Proven experience owning and leading audits and compliance initiatives.
- Experience working with cloud-based and distributed systems (preferably AWS).
- Strong project and stakeholder management skills, with the ability to manage multiple concurrent initiatives.
- Strong analytical and problem-solving skills, with a solution-oriented mindset.
- Ability to translate complex security and compliance concepts into clear documentation and business-friendly language.
- Strong communication skills with experience engaging both technical teams and external stakeholders.
- High level of curiosity, adaptability, and proactive ownership in navigating evolving security challenges.
- Excellent written and spoken English.
- Nice to Have: Experience with ISO/IEC 27001 and ISO/IEC 42001. Relevant certifications such as CISA, CISM, CRISC, CISSP, ISO/IEC 27001 Lead Auditor, ISO/IEC 42001 Lead Auditor.
Tech Stack
- AWS
- Cloud
- Distributed Systems
Benefits
- A fast-growing, high-impact environment where you can drive meaningful improvements in security and compliance.
- High level of ownership, autonomy, and influence.
- Collaborative and mission-driven culture.
- Team events, offsites, and travel opportunities.
- Free gym membership (with a fun commitment to use it!).
- Diverse international team (18+ languages, 11+ nationalities).