Staff Engineer, Security Compliance (CISO Office)

Nscale is a GPU cloud provider engineered for AI, offering high-performance infrastructure for AI-focused companies. They are looking for a Staff Engineer, Security Compliance to build and operate a compliance program across their global AI infrastructure, embedding compliance into systems and ensuring audit readiness.

Responsibilities:

• Own and scale compliance programs across ISO 27001, SOC 2, NIST CSF, and applicable regulatory requirements such as NIS2
• Maintain control mappings to ensure requirements are aligned across frameworks and operational practices
• Manage evidence repositories and remediation tracking to support a consistent state of audit readiness
• Lead audit readiness and execution activities across compliance engagements
• Engage directly with auditors to support assessments and certification processes
• Improve evidence quality so controls can be clearly demonstrated and verified
• Report on audit posture and control effectiveness with clarity and consistency
• Build automation-first compliance systems that support scale and repeatability
• Implement continuous control monitoring (CCM) approaches to strengthen ongoing assurance
• Reduce manual compliance work through tooling, integrations, and AI-assisted workflows
• Partner with engineering teams to implement compliance as code within technical environments
• Validate that security and compliance controls are operating effectively in production
• Embed measurable and verifiable controls into systems rather than relying on manual checks

Requirements:

• 8–12 years of experience in security compliance, GRC, or assurance
• Deep expertise in ISO 27001, SOC 2, and NIST CSF
• Experience supporting or leading SOC 2 Type II and/or ISO certification efforts
• Strong understanding of cloud infrastructure and security controls
• Experience working directly with engineering teams in technical environments
• Track record of improving efficiency and reducing manual compliance work
• Experience with continuous control monitoring (CCM) is a plus
• Familiarity with GRC tools such as Vanta, Drata, or ServiceNow is beneficial
• Experience in cloud, AI infrastructure, or regulated environments is advantageous
• Relevant certifications such as CISSP, CISM, or ISO Lead Auditor are nice to have