RegScale is a continuous controls monitoring (CCM) platform that helps organizations automate and scale their security, risk, and compliance programs. We are at an inflection point, transitioning from startup execution to a disciplined, enterprise-ready engineering organization, and we are building the team that will take us there. As a platform handling sensitive security and regulatory data for enterprise and government customers, security is not a compliance checkbox at RegScale. It is a core engineering discipline woven into how we build software.

The Role

This is a high autonomy role for a seasoned security engineer who thrives at the center of a complex engineering organization. You are the primary application security practitioner at RegScale. You identify where the risk is, build the strategy to address it, and drive initiatives from concept to measurable improvement without a team beneath you and without direct authority over the engineers you depend on to execute.

Your reach spans all of engineering including Core Engineering, Platform and AI, Compliance as Code, Quality Engineering, SRE, Infrastructure, and the external security team. You succeed by making engineers more security conscious and embedding security into how software is designed, built, and deployed rather than finding vulnerabilities after the fact.

RegScale serves enterprises and government agencies under frameworks like FedRAMP, NIST, and CMMC. This role reports into SRE and Infrastructure and requires deep technical security expertise combined with the organizational influence and end to end ownership mindset needed to make security a shared engineering value.

Key Responsibilities

• Own the application security program end to end, identifying risks, setting priorities, building strategy, aligning stakeholders, driving implementation across engineering teams, and measuring outcomes.
• Conduct threat modeling and security design reviews early in the development process, embedding security thinking into architecture and feature design before code is written.
• Partner with developers across all engineering teams to shift security left, coaching on secure coding practices, reviewing code for vulnerabilities, and building security awareness as a shared engineering capability rather than a specialized handoff.
• Integrate security tooling and automated security checks into CI/CD pipelines including static analysis, dependency scanning, and secrets detection, ensuring actionable security signals.
• Own vulnerability management across the platform, triaging findings from internal testing, external assessments, and tooling, prioritizing remediation based on risk, and driving resolution to completion.
• Lead and coordinate penetration testing and security assessments, working with internal and external resources to scope, execute, and translate findings into engineering action.
• Define and maintain secure development standards and patterns that engineering teams can adopt, covering areas such as authentication, authorization, API security, and data-handling.
• Bridge engineering and the external security team, translating security requirements into engineering priorities and engineering constraints into security strategy, ensuring both sides operate with shared context and mutual accountability.
• Support compliance and regulatory requirements including FedRAMP, NIST, and enterprise customer security obligations, working with the Compliance as Code team to ensure security controls are implemented and evidenced effectively.
• Assess and address security risks introduced by AI features and integrations, including prompt injection, data exposure through AI interfaces, and third-party model risks, working closely with the Platform and AI team to ensure AI capabilities are built and deployed securely.
• Build visibility into the security posture of the platform through metrics, dashboards, and reporting that inform engineering leadership and support customer and auditor conversations.

Required Qualifications

• 10 or more years of application security experience with a demonstrated track record of owning security programs and driving initiatives end to end across complex engineering organizations.
• Deep expertise across the application security domain including threat modeling, secure design review, vulnerability assessment, penetration testing, and secure development practices.
• Proven ability to operate as a solo practitioner or small team lead, setting priorities independently, managing competing demands, and delivering outcomes without close supervision.
• Strong experience influencing engineering teams without direct authority, building credibility through technical depth, clear communication, and practical solutions that fit the realities of product delivery.
• Experience integrating security into CI/CD pipelines and modern software delivery practices, with a shift left mindset that prioritizes prevention over detection.
• Solid understanding of cloud security principles and how application security intersects with infrastructure security in a cloud native environment.
• Strong written and verbal communication skills, able to articulate security risk, strategy, and tradeoffs clearly to engineering teams, leadership, and stakeholders including customers and auditors.

Preferred Qualifications

• Experience in regulated industries with compliance frameworks such as FedRAMP, NIST 800-53, CMMC, or SOC 2. Direct FedRAMP authorization or continuous monitoring experience is a strong plus.
• Background in enterprise SaaS companies where security scaled across multi-tenant architectures and high stakes regulatory environments.
• Experience supporting penetration tests, bug bounty programs, or third-party security assessments and translating findings into prioritized engineering roadmaps.
• Familiarity with GRC platforms or compliance automation tools, bringing domain context that makes security decisions more credible with customers.
• Familiarity with AI security considerations including securing LLM integrations, prompt injection risks, AI governance, and emerging regulatory expectations around AI in compliance contexts.
• Relevant certifications such as OSCP, CISSP, or CSSLP, valued as evidence of structured knowledge, not as a substitute for demonstrated engineering capability.

RegScale is only able to hire US Citizens

RegScale is a continuous controls monitoring (CCM) platform purpose-built to deliver fast and efficient GRC outcomes. We help organizations break out of the slow and expensive realities that plague legacy GRC tools by bridging security, risk, and compliance through controls lifecycle management. By leveraging CCM, organizations experience massive process improvements like 90% faster certification times, and 60% less audit prep time. Today’s expansive security and compliance requirements can only be met with a modern, CCM based approach, and RegScale is the leader in that space.    
 
Position: 

RegScale is looking for a visionary UX Designer to shape the look, feel, and usability of our platform as we scale. This is a high-impact leadership role responsible for building and driving the design strategy across the RegScale platform and apps. You’ll be the creative force shaping how thousands of users interact with our product every day.   

As our sole UX designer, you'll have the unique opportunity to influence every aspect of the platform's user experience, from user journeys to visual design and brand expression. This role offers both creative independence and meaningful ownership—you'll work cross-functionally with product, engineering, and leadership to translate user needs into elegant, intuitive solutions that make compliance management effortless. 

Position must be a US Citizen. This is a remote position; however, candidate will be expected to travel to our R&D office in Knoxville, TN approximately once a quarter. If you’re ready to work on the most cutting-edge design challenges, we are excited to have you on our team.  

Key Responsibilities:  

• Own user interface design, user flows, and interaction patterns across all product features. 
• Own and evolve RegScale’s design language and user experience across our core platform and related applications. 
• Expand and maintain the design system, component libraries, and style guides to ensure consistency and scalability. 
• Lead design strategy and execution — from concept to delivery — ensuring world-class usability, consistency, and visual appeal. 
• Create interactive prototypes, wireframes, and high-fidelity mockups to communicate design intent. 
• Collaborate closely with Product, Engineering, and Customer Success to translate business goals and technical requirements into cohesive designs. 
• Advocate for design best practices and user-centric thinking across the company. 
• Conduct user research and usability testing to inform data-driven design decisions. This includes engaging directly with customers to learn about customer problems, understand how they currently perform work, and present design ideas and prototypes. 
• Ensure responsive, accessible, and scalable design as the platform matures. 
• Collaborate closely with front-end and back-end engineers to understand platform limitations. 

Required Skills: 

• 6+ years of professional UX/UI design experience, ideally in SaaS or B2B enterprise software. 
• Strong critical thinking and analytical skills: Ability to perform root cause analysis, ask probing questions, and challenge assumptions to uncover the real problem behind feature requests.  
• Curiosity and skepticism: Comfortable pushing back on requests to understand the "why" behind customer asks rather than taking requirements at face value. 
• Strong portfolio demonstrating the “why” behind an end-to-end design process (wireframes, prototypes, visual design). 
• Proficiency with modern design tools (Figma). 
• Experience with user research methodologies and usability testing. 
• Solid understanding of interaction design principles and information architecture. 
• Excellent communication and presentation skills. 
• A self-starter mindset with strong attention to detail and the ability to balance multiple projects in a fast-paced environment. 
• Familiarity with design systems and component-based design. 
• Bachelor’s degree in human-computer interaction or related field (or equivalent experience). 
• Must be a U.S. Citizen.

Preferred Skills: 

• Experience designing enterprise or B2B SaaS platforms 
• Knowledge of compliance, governance, or regulated industries 
• Experience automating tasks using AI 
• Basic understanding of web accessibility (WCAG standards) 
• Experience with prototyping tools and user testing platforms 
• Knowledge of HTML/CSS or basic development concepts 
• Demonstrated experience in design systems and component libraries 
• Experience building or leading a design team at a startup or high-growth company 

RegScale is a continuous controls monitoring (CCM) platform that helps organizations automate and scale their security, risk, and compliance programs. We are at an inflection point, transitioning from startup execution to a disciplined, enterprise ready engineering organization, and we are building the team that will take us there. Integrations are central to how RegScale delivers value, connecting the platform to the security, engineering, and business tools our customers depend on daily and ensuring compliance data flows reliably across complex enterprise environments.

The Role

Senior Software Engineers on the Integrations team own the design and delivery of the systems that connect RegScale to the outside world. You think in frameworks and patterns, building reusable foundations that make every subsequent integration faster, more reliable, and easier to maintain. You take ownership of your work from design through production and measure your success not just by what you deliver but by the quality and reusability of what you leave behind.

You will tackle genuinely hard problems including synchronizing millions of security findings while maintaining data integrity, building resilient integrations that handle rate limits and eventual consistency, and designing data models that work across diverse and unpredictable vendor APIs. You will work closely with Product, Customer Enablement, and Platform Engineering to ensure integrations are built on sound engineering foundations and reflect real customer usage patterns in the GRC domain.

This role is for an engineer who brings strong systems thinking, takes end to end ownership, and is energized by the challenge of making complex external ecosystems work reliably inside an enterprise compliance platform.

Key Responsibilities

• Take end to end ownership of integrations from requirements and architecture through implementation, testing, deployment, and production reliability.
• Design and build scalable, event driven integration frameworks that connect RegScale with external platforms including vulnerability scanners, SIEM and SOAR tools, cloud security platforms, ticketing systems, and identity providers.
• Build intelligent data ingestion pipelines that normalize, enrich, and contextualize security data from disparate sources, handling high velocity events and optimizing for throughput, consistency, and cost.
• Design reusable SDKs, templates, and integration patterns that accelerate future integration development for both internal teams and customers building custom connectors.
• Build and maintain robust API infrastructure including REST APIs, webhook architectures, and OAuth and OIDC flows, with resilient handling of API changes, versioning, and high data volumes.
• Identify technical risks and integration failure modes early, bringing proposed solutions and mitigation strategies rather than surfacing problems at the point of crisis.
• Implement comprehensive monitoring, alerting, and data quality checks across integration touchpoints, ensuring production reliability and fast diagnosis of issues across distributed systems.
• Partner with Product, Customer Enablement, and Platform Engineering to translate integration requirements and customer use cases into sound technical solutions that reflect real world GRC workflows.
• Contribute to engineering standards, code reviews, and technical mentorship, raising the quality and consistency of integration engineering across the team.

Required Qualifications

• 8 or more years of professional software engineering experience with a demonstrated track record of designing and delivering production grade, high-performance integration systems at scale.
• Deep expertise in API design patterns and integration architecture, with the judgment to choose the right approach for a given integration challenge.
• Strong foundation in distributed systems, event driven architectures, and asynchronous processing, including hands on experience with message queues and workflow orchestration.
• Proven ability to design reusable frameworks and patterns rather than point solutions, with measurable impact on the speed and quality of subsequent work.
• Experience with cloud platforms such as Azure, AWS, or GCP and a solid understanding of how infrastructure constraints shape integration architecture decisions.
• Deep knowledge of data modeling, ETL patterns, and data consistency strategies across heterogeneous systems.
• Strong written and verbal communication skills, able to work effectively across engineering, product, and customer facing teams and articulate technical tradeoffs clearly to both technical and non-technical stakeholders.

Preferred Qualifications

• Experience integrating with security or DevOps tools such as vulnerability management platforms, cloud security tools, CI/CD systems, or ticketing platforms. Familiarity with tools like Wiz, Tenable, or Jira is a meaningful advantage.
• Background in regulated industries or compliance focused platforms where data integrity, auditability, and security requirements shaped integration design decisions.
• Experience with streaming platforms such as Kafka, Kinesis, or Pub/Sub in a production integration context.
• Familiarity with OSCAL, SARIF, OCSF, or compliance data standards, bringing domain context that makes integration design decisions more informed and credible with enterprise and government customers.
• Experience building or contributing to developer facing SDKs or integration frameworks used by external teams or customers.

RegScale is only able to hire US Citizens

RegScale is a continuous controls monitoring (CCM) platform that helps organizations automate and scale their security, risk, and compliance programs. We are at an inflection point, transitioning from startup execution to a disciplined, enterprise ready engineering organization, and we are building the team that will take us there. This is a meaningful problem domain: the work you build directly helps organizations manage risk, meet regulatory requirements, and operate more securely at scale.

The Role

Senior Quality Engineers at RegScale are engineering partners. You are embedded in the work from the beginning, shaping how features are designed, what risks matter most, and how the team as a whole take's responsibility for quality.

Your primary contribution is strategic. You assess what it takes to build high quality software in a complex GRC domain, determine the right combination of manual and automated approaches for each situation, and work alongside developers to ensure quality is built in from the start. You bring strong problem-solving skills and the judgment to know where testing efforts will have the greatest impact given real world customer usage patterns.

You are comfortable writing automation when automation is the right tool, and equally comfortable making the case for exploratory or manual approaches when they are not. You think about quality as a system, not a checklist. This role is for a Quality Engineer who is ready to influence how an engineering organization builds software, not just verify that it works.

Key Responsibilities

• Develop and own quality strategies for features and releases, determining the appropriate mix of manual testing, automated testing, and developer contributed testing based on risk, complexity, and customer impact.
• Embed within scrum teams and partner with developers from the start of each sprint, contributing to requirement reviews, design discussions, and testability decisions before a line of code is written.
• Work with developers to ensure they are contributing meaningfully to unit and integration test coverage, providing guidance, review, and coaching on testing practices.
• Build, maintain, and extend automated test coverage across API, UI, and integration layers using sound engineering practices. Treat automation as a product that requires design, maintainability, and ongoing investment.
• Identify and prioritize testing based on real world GRC workflows and customer usage patterns, ensuring test coverage reflects how customers use the platform, rather than how it is implemented.
• Proactively identify quality risks early in the development cycle, bring proposed mitigation strategies, and escalate concerns with sufficient lead time for the team to act.
• Contribute to CI/CD quality gates, ensuring automated tests run reliably on every build and provide meaningful, actionable signal rather than noise.
• Analyze failures, escapes, and production defects to identify root causes and recommend systemic improvements that reduce recurrence across the team.
• Collaborate with Customer Enablement to incorporate real customer scenarios, edge cases, and support patterns into test coverage.
• Contribute to quality visibility by tracking and communicating test coverage, pass rates, escape rates, and trends in a way that informs engineering decisions.

Required Qualifications

• 8 or more years of quality engineering experience with a demonstrated track record of owning quality outcomes across the full development lifecycle, not just test execution.
• Strong problem-solving skills and the ability to develop quality strategies that determine the right approach for a given feature, release, or risk profile.
• Proven experience partnering with developers in an embedded or shift left model, influencing how teams write code rather than only testing after the fact.
• Solid automation engineering skills including API testing, UI automation, and integration testing, with the judgment to know when automation adds value and when it does not.
• Experience contributing to or owning CI/CD quality integration, including test reliability, pipeline health, and actionable test reporting.
• Ability to analyze defect patterns, escapes, and production issues and translate findings into systemic recommendations rather than one off fixes.
• Strong written and verbal communication skills, able to articulate quality risk and testing strategy clearly to both engineering peers and non-technical stakeholders.

Preferred Qualifications

• Experience in regulated industries or with compliance, security, or risk management platforms. GRC, FedRAMP, or NIST familiarity is a meaningful advantage given the depth of domain knowledge required to test effectively in this space.
• Background in enterprise SaaS companies where quality strategy had to account for enterprise scale, multi-tenant complexity, and high stakes customer environments.
• Experience with performance and load testing, particularly validating system behavior under enterprise scale conditions.
• Familiarity with security testing practices and secure software development in a compliance focused product context.
• Experience building or improving quality visibility through dashboards, metrics, and reporting that drive engineering decisions rather than just satisfy reporting requirements.

RegScale is only able to hire US Citizens

RegScale is a continuous controls monitoring (CCM) platform that helps organizations automate and scale their security, risk, and compliance programs. We are at an inflection point, transitioning from startup execution to a disciplined, enterprise ready engineering organization, and we are building the team that will take us there. This is a meaningful problem domain: the work you build directly helps organizations manage risk, meet regulatory requirements, and operate more securely at scale.

The Role

Senior Software Engineers at RegScale own their work end to end. You take a requirement, shape it into a sound technical approach, build it across the full stack, ensure it is tested and stable, and see it through to production. You are accountable for the quality and outcomes of what you deliver, not just the code you write.

You will contribute across customer-facing GRC capabilities including workflows, compliance features, reporting, and user experience, as well as the platform services and APIs that support them. You bring genuine capability at each layer of the stack: frontend, backend, and data. You raise the quality of the work around you through code review, clear communication, and a willingness to share what you know.

This role is for someone who is ready to operate with a high degree of independence, take pride in what they ship, and grow into broader technical influence over time.

Key Responsibilities

• Take end to end ownership of features, from understanding the requirement through design, implementation, testing, deployment, and post release stability.
• Deliver across the full stack including frontend experiences (Angular), backend services and APIs (.NET, C#, Python), and data layer design (PostgreSQL, SQL Server), with genuine capability at each layer.
• Write clean, testable, well-structured code and take personal responsibility for quality. Participate meaningfully in code review with the intent to raise the bar for the team.
• Design solutions that are maintainable and appropriately reusable, thinking beyond the immediate ticket to consider how your work fits into the broader system.
• Identify technical risks and delivery blockers early and bring proposed solutions, not just observations.
• Collaborate effectively across engineering functions including Quality Engineering, Platform, Architecture, and Infrastructure, and communicate technical decisions clearly to both engineering peers and non-technical stakeholders.
• Contribute to platform level work including API design, performance considerations, and service reliability as needed within your squad.
• Mentor and support less experienced engineers through code review, design discussions, and knowledge sharing.
• Participate in agile ceremonies, contribute to sprint planning, and take accountability for your commitments within the team.

Required Qualifications

• 8 or more years of professional software engineering experience with demonstrated full stack delivery across frontend, backend, and data layers.
• Proven track record of owning features end to end with accountability for quality, stability, and outcomes, not just individual components or assigned tasks.
• Strong software design fundamentals including API design, data modeling, separation of concerns, and component boundaries.
• Experience working independently in an environment with ambiguous requirements, able to create clarity and drive work to completion without close supervision.
• Demonstrated ability to mentor more junior engineers and contribute positively to team culture and code quality.
• Strong written and verbal communication skills, able to explain technical decisions and tradeoffs clearly to engineering peers and non-technical stakeholders alike.

Preferred Qualifications

• Experience in regulated industries or with compliance, security, or risk management platforms. GRC, FedRAMP, or NIST familiarity is a meaningful advantage.
• Background in enterprise SaaS companies, particularly those navigating growth and scaling challenges.
• Familiarity with cloud native development in Azure or comparable platforms such as AWS or GCP.
• Experience with observability, performance profiling, and diagnosing production issues.
• Exposure to AI and ML integration in product engineering contexts.

RegScale is only able to hire US Citizens

RegScale is a continuous controls monitoring (CCM) platform that helps organizations automate and scale their security, risk, and compliance programs. We are at an inflection point, transitioning from startup execution to a disciplined, enterprise ready engineering organization, and we are building the team that will take us there. This is a meaningful problem domain: the work you build directly helps organizations manage risk, meet regulatory requirements, and operate more securely at scale.

The Role

Principal Software Engineers at RegScale operate at the intersection of deep technical craft and organizational impact. A Principal Engineer at RegScale owns a system, a capability, an architectural boundary, or a set of patterns that other engineers build on top of. Your work has reach beyond your squad. The decisions you make and the standards you set shape how the broader engineering organization builds software.

You will work across customer-facing GRC capabilities and the platform primitives that underpin them including APIs, data services, SDK, scalability, and performance. You are expected to identify problems before they become crises, propose solutions that others can execute, and drive technical initiatives across team boundaries without relying on direct authority. You build consensus through credibility, clarity, and demonstrated judgment.

This role is for an engineer who is energized by technical complexity, has the communication skills to navigate organizational complexity, and measures their success not just by what they build but by the capability and confidence they leave behind in the teams around them.

Key Responsibilities

• Be a key member of the engineering leadership team, providing technical thought leadership that informs architecture, delivery, and product decisions across the organization.
• Own systems and capabilities end to end, not just features, with accountability for the technical direction, quality, and long-term health of what you lead.
• Identify architectural problems, scalability risks, and engineering patterns that need to change, and drive resolution with concrete proposals and cross team alignment.
• Design reusable, well-reasoned platform primitives and frameworks that reduce duplication and meaningfully accelerate the teams that consume them.
• Deliver across the full stack including frontend (Angular), backend (.NET, C#, Python), and data layer (PostgreSQL, SQL Server), with the depth to make sound architectural decisions at every layer.
• Lead technical initiatives across squad and functional boundaries, building alignment without direct authority through strong communication, credibility, and sound engineering judgment.
• Set engineering standards and patterns that others adopt in API design, data modeling, testing approach, and code quality, in partnership with the Architecture function.
• Proactively identify technical risk and delivery concerns weeks ahead of when they become problems, with proposed mitigations that protect business commitments.
• Develop the technical capability of the engineers around you through design reviews, mentorship, and active knowledge transfer. Measure part of your success by how much more effectively others operate because of your involvement.
• Communicate complex technical decisions and tradeoffs clearly to engineering leadership, product, and executive stakeholders.

Required Qualifications

• 12 or more years of professional software engineering experience with a portfolio of complex, cross cutting technical contributions that demonstrate system level thinking.
• Demonstrated ability to own systems or capabilities, not just features, with impact that extends across multiple teams or functional areas.
• Recognized as a technical authority who sets patterns others follow, drives adoption of standards, and shapes engineering culture through example and credibility.
• Track record of leading technical initiatives across organizational boundaries without direct authority, building consensus, navigating competing priorities, and delivering outcomes.
• Strong engineering instincts for tradeoffs including speed vs. sustainability, pragmatism vs. standards, and incremental delivery vs. architectural integrity.
• Experience proactively identifying systemic problems and proposing architectural solutions before they become crises, with concrete mitigation options that protect delivery commitments. Exceptional written and verbal communication skills, able to articulate technical strategy and tradeoffs to engineering leadership, product, and executive audiences.

Preferred Qualifications

• Experience in regulated industries or with compliance, security, or risk management platforms. GRC, FedRAMP, NIST, or OSCAL familiarity is a meaningful advantage.
• Background in enterprise SaaS companies navigating the transition from startup to scale, with direct experience managing technical debt, architectural evolution, and team capability development during that transition.
• Experience building or governing platform primitives including SDKs, CLIs, internal APIs, and shared services, with an understanding of what makes them reliable, adoptable, and maintainable across teams.
• Familiarity with AI and ML integration in production engineering contexts, particularly building reliable, observable, enterprise grade AI capabilities rather than proof of concept work.
• Cloud native experience in Azure or comparable platforms (AWS, GCP) with understanding of infrastructure constraints, deployment models, and cost implications at scale.
• Hands on experience with observability, performance profiling, and diagnosing complex production issues at enterprise scale.

RegsScale is only able to hire US Citizens

RegScale is a continuous controls monitoring (CCM) platform that helps organizations automate and scale their security, risk, and compliance programs. We are at an inflection point, transitioning from startup execution to a disciplined, enterprise ready engineering organization, and we are building the team that will take us there. AI is central to where RegScale is going, woven into how compliance programs are automated, monitored, and delivered at scale.

The Role

Senior AI Engineers at RegScale own the design and delivery of production AI systems end to end. You bring genuine breadth across the AI engineering stack including data pipelines, model fine tuning and evaluation, agent design and orchestration, MCP server development, and AI safeguards, and you understand how these disciplines connect. You make sound decisions across all of them, not just within a narrow specialization.

Your work lives inside Platform Engineering and is consumed by product teams building GRC features and by integrators connecting RegScale to the broader compliance ecosystem. You build primitives and frameworks others build on top of, and you raise the bar for how the engineering organization thinks about and delivers AI in production.

This role is for an engineer who brings the same rigor to AI systems as to any other production engineering discipline, including reliability, observability, cost management, and ongoing behavior in the real world.

Key Responsibilities

• Design, build, and operate AI systems in production with full ownership across reliability, performance, cost, observability, and ongoing model behavior.
• Build and maintain data pipelines that ingest, clean, transform, and version the data AI systems depend on, ensuring quality and traceability from source to model.
• Design and implement retrieval augmented generation pipelines, vector and graph search systems, and hybrid retrieval strategies that make compliance data accessible for AI driven features.
• Fine tune, evaluate, and monitor models against real world performance criteria, with a clear understanding of how to measure what matters in a compliance domain.
• Architect and build AI agent systems and orchestration layers that coordinate multi step reasoning, tool use, and decision making across complex GRC workflows.
• Build and maintain MCP servers that expose RegScale platform capabilities to AI systems, enabling reliable, secure, and observable AI integrations across the platform.
• Design reusable AI primitives and frameworks that product and integration teams can build on, accelerating AI feature development across the organization.
• Integrate AI capabilities into CI/CD pipelines with appropriate testing, evaluation gates, and deployment strategies that maintain production quality as models and data evolve.
• Partner with Platform Engineering, Core Engineering, and Compliance as Code teams to ensure AI capabilities meet enterprise reliability and security standards.
• Proactively identify risks in AI system behavior, data quality, and model performance, bringing proposed mitigations before they become production incidents.

Required Qualifications

• 8 or more years of software engineering experience with at least 4 years focused on building and operating AI or machine learning systems in production environments.
• Demonstrated track record of shipping AI features that customers depend on, with ownership across the full production lifecycle including reliability, observability, cost management, and ongoing model behavior.
• Strong data engineering fundamentals, including pipeline design, data modeling, transformation, quality validation, and performance monitoring at scale.
• Hands on experience with retrieval augmented generation, vector and graph databases, embedding models, and hybrid retrieval strategies.
• Experience designing and building AI agent systems and orchestration frameworks, including multi step reasoning, tool use, and failure handling in production contexts.
• Solid understanding of model fine tuning and evaluation, including how to define meaningful performance criteria for domain specific applications.
• Strong software engineering fundamentals applied to AI systems with production grade rigor.
• Strong written and verbal communication skills, able to articulate AI architecture decisions and tradeoffs to both technical and non-technical stakeholders.

Preferred Qualifications

• Experience building AI systems in regulated industries or compliance focused platforms where auditability, explainability, and data sensitivity shaped design decisions.
• Familiarity with secure MCP server development and protocols for exposing platform capabilities to AI systems.
• Background in enterprise SaaS companies where AI features had to meet enterprise reliability, security, and integration standards.
• Experience with inference cost optimization, caching strategies, and model selection tradeoffs at scale.
• Familiarity with GRC frameworks such as FedRAMP, NIST, or CMMC and the compliance domain more broadly.
• Experience with cloud native AI infrastructure in Azure or comparable platforms including model deployment, scaling, and monitoring.
• Contributions to or deep familiarity with open-source AI frameworks for orchestration, evaluation, and observability.
• Experience implementing and using data lake solutions (i.e. Snowflake, Databricks, Synapse Analytics, AWS Redshift) in a production environment.

RegScale is only able to hire US Citizens

RegScale is a purpose-built cyber GRC platform designed to enable the CISO to track and monitor security controls. We help organizations break out of the slow and expensive realities that plague legacy GRC tools by bridging security, risk, and compliance through controls lifecycle management. By leveraging RegScale's Continuous Control Monitoring (CCM) instrumentation, organizations experience massive compliance process improvements like 90% faster certification times, and 60% less audit prep time. Today's expansive security and compliance requirements can only be met with a modern, CCM-based approach, and RegScale is the market leader in that space. 

The Role 

RegScale is seeking a Product Solutions Owner, Commercial Solutions to lead our expansion into commercial enterprise markets — spanning industries like financial services, healthcare, and technology. This role is for someone who is fundamentally dissatisfied with how GRC has always been done and is driven to replace legacy, manual compliance programs with modern, automated, AI-powered approaches. 

You are not a requirements gatherer. You are an innovator. You've spent years inside compliance programs, felt the inefficiency firsthand, and now you want to tear it down and rebuild it with better tools. You think creatively about how software and AI can eliminate work that humans shouldn't be doing — and you have the credibility to convince compliance practitioners to trust the new way. 

Reporting to the Chief Product Officer, you'll serve as the solution owner for our commercial verticals. You'll work directly with customers and prospects to understand their scaling challenges, define prescriptive and repeatable workflows that make complex compliance manageable, and validate that our platform delivers real-world impact. The through line of everything you do is tooling innovation: using RegScale's platform and emerging AI capabilities to solve problems that legacy GRC tools have failed to crack for decades. 

Key Responsibilities 

• Own the commercial product strategy and execution roadmap across key industry verticals including financial services, healthcare, and technology, ensuring alignment with customer needs and market demands. 
• Serve as the subject matter expert (SME) for commercial Cyber GRC within the RegScale product organization — the go-to voice for how enterprises outside of government manage compliance at scale. 
• Drive the design of prescriptive, opinionated workflows that guide commercial customers through core compliance tasks — multi-framework management, continuous monitoring, audit response, and risk management — without requiring RegScale or compliance expertise to operate. 
• Partner with customers and prospects to identify pain points, use cases, and success criteria; synthesize those insights into data-informed product decisions. 
• Translate customer and market needs into clear, actionable product requirements for engineering and product teams; collaborate closely with Product Management and Engineering on solution design, prioritization, and validation. 
• Accept product builds for your area — ensuring solutions meet functional expectations and deliver genuine customer value before release. 
• Be the product org's primary innovator on tooling: constantly asking "how does software and AI eliminate this manual step?" and driving those answers into the platform roadmap. 
• Lead the integration of AI and automation to fundamentally reimagine — not just incrementally improve — how commercial organizations manage risk and compliance programs at scale. 
• Work with significant existing and prospective customers to develop public references and case studies that establish RegScale's credibility in commercial markets. 
• Partner with Sales, Marketing, and Customer Success to enable go-to-market readiness and ensure customers realize value from our solutions. 
• Represent RegScale at industry events, roundtables, and customer meetings as a trusted expert in commercial GRC. 

What We're Looking For 

• 10+ years of experience directly managing Governance, Risk, and Compliance programs within commercial enterprises — financial services, healthcare, technology, or similarly regulated environments. 
• A track record of applying software tooling and AI to modernize compliance programs — you've actually done it, not just recommended it. You know what it takes to move an organization from spreadsheets and email to instrumented, continuous compliance. 
• Deep, creative instincts for how automation changes what's possible: you don't accept "that's how compliance works" as an answer, and you've built or shaped tools that proved it. 
• Deep, hands-on familiarity with multi-framework compliance programs (e.g., NIST CSF, ISO 27001, PCI-DSS, HIPAA, SOC 2, HITRUST) and the operational complexity of running them simultaneously. 
• Proven ability to translate complex compliance requirements into actionable processes and technical requirements that non-experts can execute. 
• Experience scaling compliance programs through tooling and automation — you understand what it takes to go from manual, spreadsheet-driven programs to instrumented, continuous compliance. 
• Strong instincts for workflow design and customer experience — you've felt the friction of poor GRC tooling firsthand, you have strong opinions about how to fix it, and you've been frustrated enough to do something about it. 
• Experience collaborating cross-functionally across business, product, and technology teams. 
• Strong communicator — equally comfortable with executive stakeholders, technical contributors, compliance practitioners, and external audiences. 
• Passion for innovation and a genuine desire to modernize how enterprises approach compliance. 

Bonus Points For 

• Prior experience in a product, solution management, or consulting role within a SaaS or software company. 
• Familiarity with CCM, automation, or continuous compliance platforms. 
• Experience driving commercial go-to-market motions for technical products in regulated industries. 
• Thought leadership or market presence in the GRC space (speaking, writing, community participation).