Назад
17 часов назад

Risk & Compliance Lead (Cybersecurity)

210 000 - 270 000$
Формат работы
hybrid
Тип работы
fulltime
Грейд
lead
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Risk & Compliance Lead (Cybersecurity): Designing and managing the end-to-end security certification and audit program (SOC 2, ISO 27001) for an AI-native software creation platform with an accent on continuous compliance monitoring and risk register management. Focus on bridging the gap between technical controls and audit requirements, implementing AI governance frameworks like ISO 42001, and scaling the GRC function.

Location: Hybrid (Foster City, CA) - In-office requirement: Monday, Wednesday, and Friday

Salary: $210,000 – $270,000 + Equity

Company

AI-native software creation platform democratizing application development through natural language.

What you will do

  • Lead the end-to-end certification roadmap including SOC 2 Type II, ISO 27001, and future frameworks like ISO 42001.
  • Manage external auditor relationships and drive the annual audit calendar to ensure seamless renewals.
  • Own and maintain the master security risk register, including identification, scoring, and reporting to leadership.
  • Build continuous compliance monitoring systems to ensure control status reflects real-time state.
  • Develop core audit artifacts such as ISMS documentation, Statements of Applicability, and potentially FedRAMP SSPs.
  • Collaborate with GRC engineers to define and automate evidence collection and control monitoring.

Requirements

  • 8+ years in security compliance, IT audit, or GRC roles.
  • Direct ownership of at least one SOC 2 and/or ISO 27001 certification cycle.
  • Hands-on experience authoring and maintaining ISMS, SSP, or equivalent audit-facing documentation.
  • Proficiency with GRC automation platforms (e.g., Vanta, Drata, Anecdotes) and continuous monitoring.
  • Ability to analyze technical control evidence and engage in detailed technical discussions with engineers.
  • Must be based in or able to work from the Foster City, CA office on a hybrid schedule (Mon, Wed, Fri).

Nice to have

  • Experience scoping or pursuing ISO 42001 or other AI governance frameworks.
  • Familiarity with FedRAMP or other government compliance regimes.
  • Background in developer tools, platform, or AI/ML product companies.
  • Relevant certifications such as CISA, CISSP, or ISO 27001 Lead Auditor/Implementer.

Culture & Benefits

  • Competitive base salary and equity grants.
  • 401(k) program with a 4% match (US Only).
  • Comprehensive health, dental, vision, and life insurance.
  • Flexible Time Off (FTO), paid parental, medical, and caregiver leave.
  • Monthly wellness stipend and autonomous work environment.
  • In-office amenities and quarterly team gatherings.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →