Key skills
CloudAISaaSRisk ManagementCommunicationPenetration Testing
About this role
Role Overview
- Own Semaphore's SOC 2 and ISO 27001 readiness, evidence collection, and audit coordination.
- Keep policies, controls, procedures, and supporting documentation current and practical.
- Track compliance gaps and coordinate follow-through with the right owners.
- Handle customer security questionnaires, compliance requests, and vendor assessments with clear, reusable materials.
- Maintain practical risk, vendor review, privacy, and DPA workflows so customer commitments and internal practices stay aligned.
- Partner with Engineering and Infrastructure on technical control validation, penetration testing, access reviews, and cloud/on-prem governance.
- Keep security and compliance processes lightweight, clear, and owned, including emerging governance needs around internal AI use.
Requirements
- Based in Serbia, with 3+ years of experience in IT compliance, information security, risk management, privacy, audit, operations, or a related role with real ownership and accountability.
- Working knowledge of security, compliance, audit, or risk-management practices, with the ability to learn frameworks such as SOC 2 and ISO 27001 quickly.
- Experience owning or coordinating an important process end-to-end, such as audit evidence, policies, risk tracking, vendor reviews, customer questionnaires, access reviews, internal controls, or cross-functional operations.
- Strong written communication skills and the ability to make compliance topics clear to non-specialists.
- Good judgment: you can distinguish between real risk, audit formality, and unnecessary process.
- Ability to work independently in a remote company and keep many moving pieces organized.
- Nice to Have: Direct experience with SOC 2, ISO 27001, SaaS, cloud infrastructure, developer tools, or enterprise software.
- Familiarity with GDPR, DPAs, privacy operations, or customer assurance workflows.
- Experience working with Engineering or Infrastructure teams on security controls.
- Exposure to AI governance, third-party risk management, or security tooling, especially in companies adopting AI internally.
- Relevant certifications such as Security+, ISO 27001, CISA, CISSP, CIPM, CIPP/E, or similar.
Tech Stack
- Cloud
Benefits
- The impact of working on a product that's competing in a global market.
- Join a small team of around 30 full-time people who love what they do.
- A healthy 40-hour work week, a friendly and supportive work environment.
- Competitive salary.
- Company retreats.
- Space to learn continuously and choose the tools and equipment for your job.
- Paid trips to conferences and books of your choice.
- Interact with developers who use Semaphore and talk about the latest and greatest ways to develop and ship software.
- Paid membership at a fitness club of your choice.