Description:

The Assurance, Risk, and Compliance (“ARC”) Initiatives team at MongoDB owns the strategy, governance, and delivery of our most critical cross-functional risk and compliance initiatives. We design and execute programs that support compliance audits, risk assessments, employee awareness and enablement, and the implementation of common control frameworks, along with consistent operating cadences that align key stakeholders, accelerate decision making, and drive the execution of initiatives that reinforce MongoDB’s assurance, risk management, and compliance objectives. We define and track key metrics and deliver clear and timely, executive reporting to provide transparency, measure progress, and ensure lasting operational resilience and governance.

We serve as the central coordination point for ARC-wide initiatives, connecting Product, Engineering, Security, and Legal teams around clear priorities, milestones, and outcomes. Our focus is on building scalable governance structures, defining decision-making frameworks, and establishing repeatable ways of working so that complex efforts can be executed consistently across the team.

The Policy Program Manager is a mid-to-senior level individual contributor role responsible for leading the development and operationalization of policies and procedures aligned to established control frameworks. You will drive end-to-end ownership of policy lifecycle management, from drafting and review through implementation and ongoing maintenance, while coordinating inputs across teams to ensure accuracy, consistency, and adoption. Additionally, you will lead documentation standardization efforts, facilitate stakeholder reviews, and perform gap analyses to continuously strengthen and mature our ARC policy framework.

Responsibilities:

• Lead the end-to-end execution of company-wide compliance programs, including the annual security policy and procedure review cycle
• Design and implement scalable frameworks for policy lifecycle management (creation, review, approval, publication, and retirement)
• Establish standards, templates, and governance processes to ensure consistency and clarity across all compliance documentation
• Maintain a centralized, audit-ready repository for policies, procedures, and supporting artifacts
• Act as the primary point of contact for cross-functional teams (HR, Legal, Engineering, Product)
• Drive alignment, gather inputs, and ensure timely completion of policy updates and compliance deliverables
• Ensure policies and procedures align with regulatory, security, and internal control requirements
• Support internal and external audits by maintaining complete, accurate, and accessible documentation
• Translate audit findings and regulatory changes into actionable policy program updates
• Maintain the integrity of project-specific Jira boards and Confluence pages. Ensure all project artifacts are organized, up-to-date, and ready for leadership review or external audit
• Develop and maintain dashboards to report on program health, completion rates, and obstacles. Present status updates and metrics to leadership
• Evaluate existing program workflows and implement improvements to increase efficiency, reduce manual effort, and improve the stakeholder experience

Requirements:

• 5-8 years of program management experience, ideally within an Information Security or high-growth technology environment
• Experience creating and managing policy and procedure programs or governance frameworks
• Deep understanding of security and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, NIST CSF)
• Strong proficiency in managing full-lifecycle projects, including scoping, planning, risk mitigation, and change control
• Advanced experience with Jira and Confluence, including the ability to build custom dashboards and manage complex documentation repositories
• Maintain and support a GRC/policy management platform to ensure consistent policy administration and system usability
• Excellent interpersonal skills with the ability to hold cross-functional stakeholders accountable to deadlines in a professional and effective manner
• Exceptional attention to detail and the ability to manage multiple overlapping priorities without losing sight of milestones
• A proactive, self-directed approach to work. You enjoy taking ownership of a program and building the structure necessary for its success

Responsibilities & Expectations

• You are expected to be the owner of your assigned programs. While you will work closely with technical SMEs, you are responsible for the logistical success of the workstream. Your success is measured by the timely completion of program goals, the clarity of your reporting, and your ability to anticipate and resolve project bottlenecks
• You don't just track tasks; you own the success of the program

Scope & Complexity

• The scope is horizontal and impacts multiple departments across MongoDB
• Managing complex programs that require coordination with various business units, ensuring that project delays in one area do not derail the overall compliance roadmap

Authority & Impact

• You have the authority to manage the timelines and execution steps of your assigned programs
• Your impact is reflected in the strength of policy program management and organizational readiness you drive; by overseeing and coordinating these workstreams, you ensure the Compliance team consistently meets foundational policy requirements and aligns with external audit expectations

Expertise

• You will develop deep expertise in compliance and audit operations
• You will become the go-to resource for designing, scaling, and executing policy and compliance programs within a cloud-first organization. This role is responsible for independently and collaboratively developing and managing policies and procedures, with a strong understanding of compliance frameworks and the ability to interpret and operationalize control requirements

Leadership

• Leadership in this role is demonstrated through influence and mentorship. While you may not have direct reports, you will guide cross-functional teams in developing and standardizing policies/supporting documentation, as well as provide mentorship on policy governance, standardized documentation practices, and compliance alignment

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

REQ ID: 1273402887

Title: Chief Information Security Officer (CISO)

Location: Morristown, NJ / Austin, TX(hybrid)

Reports To: Chief Technology Officer

About Hippo:

Hippo exists to protect the joy of homeownership. We believe that insurance should protect the things you treasure through an intuitive, modern experience. We provide tailored insurance coverage and preventative maintenance plans that keep you protected throughout your homeowner journey. We’ll also help you find coverage for everything life brings—from auto to flood—reimagining how you care for your home.

About the Role: 

Hippo is hiring a Chief Information Security Officer to lead cybersecurity strategy, security operations, and governance, risk, and compliance across the enterprise. You will be responsible for protecting Hippo's systems, data, and customers against an evolving threat landscape while ensuring the company meets its regulatory and compliance obligations as a publicly traded, multi-state insurance carrier. 

This role owns Hippo's SOC 2 program, leads security operations, and drives compliance with applicable state and federal cybersecurity regulations. You will also own identity governance, privacy and data protection strategy, and third-party risk management. This is a high-visibility leadership role that requires equal fluency in security engineering, regulatory compliance, and executive communication. 

About You: 

You are a seasoned cybersecurity leader who has built and run security programs at a publicly traded, regulated company. You have navigated regulatory examinations and SOX audit cycles, and you can move seamlessly between a technical incident response scenario and a board presentation. You think in terms of risk, you quantify what you can, and you communicate what you can't with intellectual honesty. 

You bring a builder's mindset to security. You understand that a great security program enables the business rather than slowing it down, and you know how to embed security into engineering culture without creating friction. Whether your background is in Insurtech, fintech, healthcare, or another heavily regulated sector, you understand multi-regulator environments and lead with clarity and high standards. 

What You'll Do: 

• Further develop and execute Hippo's enterprise cybersecurity strategy, aligned with business risk appetite and regulatory requirements
• Build and lead the security operations function, including threat detection, incident response, vulnerability management, and threat intelligence
• Own Hippo's SOC 2 program end-to-end, including control design, evidence collection, readiness assessments, and auditor engagement
• Lead the governance, risk, and compliance function, maintaining the cybersecurity risk register, policy framework, standards, and control library
• Drive compliance with applicable state and federal cybersecurity and insurance regulations
• Support SEC cybersecurity disclosure obligations in coordination with Legal and Finance
• Lead identity governance, including access certification, privileged access management policy, and separation of duties enforcement
• Own privacy and data protection compliance strategy, partnering with Legal on data handling, breach notification, and policyholder data protection
• Manage the third-party and vendor cybersecurity risk management program
• Report to the Board of Directors and Audit and Risk Committee on cybersecurity posture, risk trends, and incident activity
• Provide second-line oversight and security control design input to the SOX ITGC program
• Build and lead the security engineering function, owning secure design standards and threat modeling practices that ensure security is embedded from architecture through to deployment
• Build, mentor, and develop the cybersecurity team and drive a culture of security awareness across the organization
• Lead cybersecurity budgeting, roadmap planning, and technology rationalization
• Own disaster recovery and business continuity planning across the enterprise, working closely with the CIO and CTO to drive regular testing, validate recovery capabilities, and ensure organizational resilience is aligned to business and cybersecurity risk
• Own the enterprise Incident Response Plan, lead the Security Incident Response Team (SIRT) across the full incident lifecycle from detection and containment through recovery and post-incident review, define severity classifications and escalation paths, and ensure cross-functional stakeholders (Legal, Compliance, IT, and executive leadership) are engaged appropriately during active incidents
• Drive a continuous improvement program with outcomes tracked to remediation and reported to the Audit and Risk Committee
• Lead the enterprise response to supply chain vulnerabilities across open-source dependencies and third-party service providers, owning risk assessment, mitigation, and remediation 

Must Haves: 

• 10+ years of progressive experience in cybersecurity or information security, with at least 5 years in a senior security leadership role (CISO, VP of Security, or Head of Information Security)
• Experience at a regulated, publicly traded company, including direct involvement in SOX audit cycles
• Track record of building and managing security operations capabilities
• End-to-end ownership of a SOC 2 program, including control design, audit preparation, and remediation
• Experience with cybersecurity regulations in a regulated industry (financial services, insurance, or healthcare preferred)
• Strong GRC background with experience maintaining risk registers, policy frameworks, and control libraries
• Proven ability to present cybersecurity risk and incident information to boards of directors, audit committees, and regulators
• Experience managing third-party and vendor cybersecurity risk programs
• Excellent cross-functional leadership skills with a track record of partnering effectively with Legal, Finance, Internal Audit, and Engineering 

Nice to Have: 

• Experience in the insurance, Insurtech, or fintech industry
• Familiarity with privacy frameworks and data protection requirements (CCPA/CPRA, state breach notification laws)
• Relevant certifications such as CISSP, CISM, CRISC, or CISA
• Background in security engineering or application security in addition to GRC and security operations
• Experience managing cybersecurity programs across multi-entity corporate structures1 

Benefits and Perks:

Hippo treats its team members with the same level of dedication and care as we do our customers, which is why we’re fortunate to provide all of our Hippos with: 

• Healthy Hippos Benefits - Multiple medical plans to choose from and 100% employer covered dental & vision plans for our team members and their families. We also offer a 401(k)-retirement plan, short & long-term disability, employer-paid life insurance, Flexible Spending Accounts (FSA) for health and dependent care, and an Employee Assistance Program (EAP) 
• Equity - This position is eligible for equity compensation  
• Training and Career Growth - Training and internal career growth opportunities 
• Flexible Time Off - You know when and how you should recharge 
• Little Hippos Program - We offer 12 weeks of parental leave for primary and secondary caregivers 
• Hippo Habitat - Snacks and drinks available and catered lunches for onsite employees
  

The Morristown, NJ base pay range for this role is $237,500 - $390,000. Exact compensation may vary based on several job-related factors that are unique to each candidate, including but not limited to: skill set, experience, education/training, location, business needs and market demands.

Hippo is an equal opportunity employer, and we are committed to building a team culture that celebrates diversity and inclusion. Hippo’s applicants are considered solely based on their qualifications, without regard to an applicant’s disability or need for accommodation. Any Hippo applicant who requires reasonable accommodations during the application process should contact the Hippo’s People Team to make the need for an accommodation known. 

Title: Chief Information Security Officer (CISO)

Location: Austin, TX / Morristown, NJ (hybrid)

Reports To: Chief Technology Officer

About Hippo:

Hippo exists to protect the joy of homeownership. We believe that insurance should protect the things you treasure through an intuitive, modern experience. We provide tailored insurance coverage and preventative maintenance plans that keep you protected throughout your homeowner journey. We’ll also help you find coverage for everything life brings—from auto to flood—reimagining how you care for your home.

About the Role: 

Hippo is hiring a Chief Information Security Officer to lead cybersecurity strategy, security operations, and governance, risk, and compliance across the enterprise. You will be responsible for protecting Hippo's systems, data, and customers against an evolving threat landscape while ensuring the company meets its regulatory and compliance obligations as a publicly traded, multi-state insurance carrier. 

This role owns Hippo's SOC 2 program, leads security operations, and drives compliance with applicable state and federal cybersecurity regulations. You will also own identity governance, privacy and data protection strategy, and third-party risk management. This is a high-visibility leadership role that requires equal fluency in security engineering, regulatory compliance, and executive communication. 

About You: 

You are a seasoned cybersecurity leader who has built and run security programs at a publicly traded, regulated company. You have navigated regulatory examinations and SOX audit cycles, and you can move seamlessly between a technical incident response scenario and a board presentation. You think in terms of risk, you quantify what you can, and you communicate what you can't with intellectual honesty. 

You bring a builder's mindset to security. You understand that a great security program enables the business rather than slowing it down, and you know how to embed security into engineering culture without creating friction. Whether your background is in Insurtech, fintech, healthcare, or another heavily regulated sector, you understand multi-regulator environments and lead with clarity and high standards. 

What You'll Do: 

• Further develop and execute Hippo's enterprise cybersecurity strategy, aligned with business risk appetite and regulatory requirements
• Build and lead the security operations function, including threat detection, incident response, vulnerability management, and threat intelligence
• Own Hippo's SOC 2 program end-to-end, including control design, evidence collection, readiness assessments, and auditor engagement
• Lead the governance, risk, and compliance function, maintaining the cybersecurity risk register, policy framework, standards, and control library
• Drive compliance with applicable state and federal cybersecurity and insurance regulations
• Support SEC cybersecurity disclosure obligations in coordination with Legal and Finance
• Lead identity governance, including access certification, privileged access management policy, and separation of duties enforcement
• Own privacy and data protection compliance strategy, partnering with Legal on data handling, breach notification, and policyholder data protection
• Manage the third-party and vendor cybersecurity risk management program
• Report to the Board of Directors and Audit and Risk Committee on cybersecurity posture, risk trends, and incident activity
• Provide second-line oversight and security control design input to the SOX ITGC program
• Build and lead the security engineering function, owning secure design standards and threat modeling practices that ensure security is embedded from architecture through to deployment
• Build, mentor, and develop the cybersecurity team and drive a culture of security awareness across the organization
• Lead cybersecurity budgeting, roadmap planning, and technology rationalization
• Own disaster recovery and business continuity planning across the enterprise, working closely with the CIO and CTO to drive regular testing, validate recovery capabilities, and ensure organizational resilience is aligned to business and cybersecurity risk
• Own the enterprise Incident Response Plan, lead the Security Incident Response Team (SIRT) across the full incident lifecycle from detection and containment through recovery and post-incident review, define severity classifications and escalation paths, and ensure cross-functional stakeholders (Legal, Compliance, IT, and executive leadership) are engaged appropriately during active incidents
• Drive a continuous improvement program with outcomes tracked to remediation and reported to the Audit and Risk Committee
• Lead the enterprise response to supply chain vulnerabilities across open-source dependencies and third-party service providers, owning risk assessment, mitigation, and remediation 

Must Haves: 

• 10+ years of progressive experience in cybersecurity or information security, with at least 5 years in a senior security leadership role (CISO, VP of Security, or Head of Information Security)
• Experience at a regulated, publicly traded company, including direct involvement in SOX audit cycles
• Track record of building and managing security operations capabilities
• End-to-end ownership of a SOC 2 program, including control design, audit preparation, and remediation
• Experience with cybersecurity regulations in a regulated industry (financial services, insurance, or healthcare preferred)
• Strong GRC background with experience maintaining risk registers, policy frameworks, and control libraries
• Proven ability to present cybersecurity risk and incident information to boards of directors, audit committees, and regulators
• Experience managing third-party and vendor cybersecurity risk programs
• Excellent cross-functional leadership skills with a track record of partnering effectively with Legal, Finance, Internal Audit, and Engineering 

Nice to Have: 

• Experience in the insurance, Insurtech, or fintech industry
• Familiarity with privacy frameworks and data protection requirements (CCPA/CPRA, state breach notification laws)
• Relevant certifications such as CISSP, CISM, CRISC, or CISA
• Background in security engineering or application security in addition to GRC and security operations
• Experience managing cybersecurity programs across multi-entity corporate structures1 

Benefits and Perks:

Hippo treats its team members with the same level of dedication and care as we do our customers, which is why we’re fortunate to provide all of our Hippos with: 

• Healthy Hippos Benefits - Multiple medical plans to choose from and 100% employer covered dental & vision plans for our team members and their families. We also offer a 401(k)-retirement plan, short & long-term disability, employer-paid life insurance, Flexible Spending Accounts (FSA) for health and dependent care, and an Employee Assistance Program (EAP) 
• Equity - This position is eligible for equity compensation  
• Training and Career Growth - Training and internal career growth opportunities 
• Flexible Time Off - You know when and how you should recharge 
• Little Hippos Program - We offer 12 weeks of parental leave for primary and secondary caregivers 
• Hippo Habitat - Snacks and drinks available and catered lunches for onsite employees
  

Hippo is an equal opportunity employer, and we are committed to building a team culture that celebrates diversity and inclusion. Hippo’s applicants are considered solely based on their qualifications, without regard to an applicant’s disability or need for accommodation. Any Hippo applicant who requires reasonable accommodations during the application process should contact the Hippo’s People Team to make the need for an accommodation known. 

This is a builder role with a clear mandate: own and scale Hypori's ABM motion into the cybersecurity buyer. The Director of Account-Based Marketing will take ownership of Hypori's ABM program end-to-end — from ICP segmentation and account selection through pipeline influence and closed-won attribution — with a primary focus on cybersecurity decision-makers (CISO, CSO, Head of Security Engineering, Head of Endpoint/Mobile Security, Head of Zero Trust, Head of Insider Risk) inside Financial Services and Healthcare enterprises. This role requires hands-on execution across a modern ABM tool stack, the ability to operate in a resource-constrained environment, and a bias toward pipeline outcomes over activity metrics. The right candidate moves fast, instruments everything, and iterates based on signal, not opinion. 

Ideal Customer Profile & Target Personas 

Priority Industries: 

• Financial Services — large banks, asset managers, insurers, capital markets, fintech 

• Healthcare — IDNs, payers, providers, life sciences, digital health 

• Defense & Intelligence, DIB, and Federal Civilian (continued strategic coverage) 

Primary Cybersecurity Personas: 

• CISO / Deputy CISO / CSO 

• VP / Head of Security Engineering & Architecture 

• VP / Head of Endpoint, Mobile, or BYOD Security 

• VP / Head of Zero Trust, Identity, or Secure Access 

• VP / Head of Insider Risk, Data Loss Prevention, or Third-Party Risk 

• VP / Head of GRC, Compliance, and Audit (HIPAA, HITRUST, NYDFS, SOX, PCI-DSS) 

Responsibilities 

• Partner with sales on the account selection model and tiering framework (T1/T2/T3) across all GTM segments — with cybersecurity buying centers in Financial Services and Healthcare as the priority — and maintain alignment with AEs and segment pod leads 

• Design and execute multi-channel ABM plays tailored by tier, persona, and buying stage, including direct mail, paid social, content syndication, executive outreach sequences, and security-community sponsorships (RSA, Black Hat, FS-ISAC, H-ISAC, Gartner Security & Risk) 

• Lead bespoke, senior-led engagement for Tier 1 cybersecurity accounts (top 50 banks, top 25 health systems and payers, large DIB primes, Federal agencies); deploy sequenced automation for Tier 2 and Tier 3 coverage 

• Own and operate the ABM tool stack (Clay, ZoomInfo, Gong Engage, G2, LinkedIn Matched Audiences, 6sense/Demandbase as relevant) including enrichment flows, intent-trigger sequences (zero trust, BYOD, mobile security, insider risk, post-breach), and account scoring 

• Partner with the Senior Director of Marketing and Product Marketing Director to ensure ABM plays are backed by persona-specific content for the security buyer; surface gaps and brief copy needs across battle cards, one-pagers, and vertical assets for FinServ and Healthcare 

• Champion compliance-driven urgency (HIPAA, HITRUST, NYDFS Part 500, FFIEC, PCI-DSS, GLBA, CMMC) as a primary conversion lever; ensure messaging reflects the regulatory and breach-driven buying pressure inside cybersecurity teams 

• Own ABM pipeline attribution (influenced, sourced, and accelerated) and deliver weekly and monthly reporting tied to segment ARR targets, with a dedicated cybersecurity / FinServ / Healthcare cut 

• Define and document the handoff model between marketing-owned Tier 1 outreach and SDR-executed Tier 2/3 sequences; train SDRs on cybersecurity buyer context, security-aware messaging discipline, and CRM compliance 

• Manage the ABM budget with a pipeline-to-spend lens; recommend, justify, and kill spend based on performance data without escalation 

• Continuously evaluate and introduce tools, signals, and methodologies (CISO communities, dark-web breach signals, regulatory action triggers) that improve account penetration, engagement velocity, and pipeline conversion 

Qualifications 

• Bachelor's or Master's degree in Marketing, Business, or a related field; relevant certifications a plus 

• 6+ years of B2B marketing experience with 3+ years directly owning and operating an ABM program, not just supporting one 

• Cybersecurity industry experience required — demonstrated success marketing security software, SaaS, or platform offerings to CISO and security-leader buying centers 

• Vertical experience in Financial Services and/or Healthcare strongly preferred — understands the regulatory drivers, buying committees, and procurement realities in these verticals 

• Demonstrated experience building account tiering models, engagement plays, and pipeline attribution frameworks from the ground up 

• Hands-on experience with Clay, ZoomInfo, or equivalent enrichment and orchestration tooling in a production GTM environment 

• Proven pipeline attribution methodology, not just campaign or MQL reporting 

• Familiarity with security and compliance frameworks relevant to FinServ and Healthcare (HIPAA, HITRUST, NYDFS Part 500, FFIEC, PCI-DSS, GLBA, SOC 2) and to Federal/Defense (CMMC, FedRAMP, ITAR) is a strong plus 

• Proficient in ABM platform tooling including intent signal platforms (G2, Bombora, 6sense), LinkedIn Matched Audiences, and sequencing tools (Gong Engage, Outreach, or equivalent) 

• Hands-on experience with CRM platforms (Salesforce preferred) and account-level attribution reporting 

• Comfortable operating without a team beneath them at the outset; able to build, execute, and report independently while headcount scales with performance 

• MEDDPICC fluency or equivalent enterprise qualification methodology a plus 

• Proven ability to work cross-functionally with Sales, RevOps, and Product Marketing to align messaging, coverage models, and pipeline goals 

• Exceptional communication skills with the ability to translate ABM performance data into clear, executive-ready reporting 

Pay range:

• $160,000 - $180,000 USD + 20% Bonus

Position Overview
Vectra is looking for an Manager of Audit & Compliance to plan and execute internal audits of the company’s IT processes, systems, and controls, helping ensure effective risk management and regulatory compliance. The position reports directly to the Sr. Director of IT Security and can be based in Austin, Boston, or Remote US.

Responsibilities

• Audit Planning & Execution: Develop and carry out a risk-based internal audit plan for IT operations, security controls, and compliance processes. Conduct audits from planning through reporting, evaluating the effectiveness of IT controls, policies, and procedures.

• Risk Identification & Remediation: Identify control gaps and IT-related risks during audits and recommend actionable improvements. Prepare clear audit findings reports and work with stakeholders on remediation plans. Track audit findings and drive remediation efforts to closure with accountable owners.

• Cross-Functional Collaboration: Work closely with IT, Security, Engineering, and other teams to gather evidence and facilitate audit processes. Serve as a liaison with external auditors and internal teams for any audit inquiries or compliance assessments. Ensure security controls and processes are well documented and demonstrated during audits.

• Compliance Support: Support external compliance audits and certifications (e.g. ISO 27001, SOC 2) by providing required documentation and coordinating audit logistics. Partner with compliance and GRC functions to align internal audit activities with regulatory requirements and company policies.

• Process Improvement & Documentation: Maintain comprehensive audit workpapers and documentation repositories using a modern GRC tool in order to meet quality and retention standards. Help build audit playbooks and improve audit workflows (e.g. automating evidence collection) to increase efficiency. Stay up-to-date on industry best practices and emerging regulations to continually enhance the IT audit program.

Qualifications

• Education & Certification: University degree in Information Systems, Computer Science, MIS, or a related field. Professional certification such as CISA (Certified Information Systems Auditor) or CIA is strongly preferred.

• Experience: 5+ years of experience in IT auditing, IT risk, or related compliance fields. Demonstrated experience leading or executing multiple IT audits end-to-end, including working with external or third-party auditors. Experience in a high-growth or technology-driven environment is a plus.

• Technical Knowledge: Strong understanding of IT governance, security, and compliance frameworks – e.g. ISO 27001, SOC 2, NIST 800-53, Sarbanes-Oxley (SOX), GDPR – and how they apply to enterprise environments. Familiarity with cloud platforms and enterprise IT controls (AWS, Azure, O365, etc.) and with IT general controls and processes.

• Tools: Experience with GRC or audit management tools (e.g. AuditBoard, Drata, Vanta) is a plus for streamlining compliance evidence and audit tracking.

• Soft Skills: Excellent communication skills, with the ability to clearly report findings and recommendations to both technical and non-technical stakeholders. Strong organizational and project management skills to handle multiple audits simultaneously. A collaborative, integrity-driven approach and a problem-solving mindset are essential.

The GRC Engineer is a role within SpyCloud’s Governance, Risk, and Compliance (GRC) department, part of the Legal & Compliance organization. This position plays a critical role in strengthening SpyCloud’s compliance posture by driving audit readiness, scaling continuous control testing, and embedding compliance requirements into cloud-native systems and workflows.

This role partners closely with Engineering, Security, IT, Product, and Legal teams to ensure compliance requirements are implemented effectively within cloud environments. The GRC Engineer leads complex compliance initiatives while leveraging automation and scripting to improve efficiency, accuracy, and scalability.

What You'll Do:

• Compliance Program & Framework Management
• Lead and support compliance programs including SOC 2, ISO 27001, and CMMC, with a strong focus on cloud-native environments. 
• Coordinate internal and external audits, ensuring accurate evidence collection and alignment with technical stakeholders. 
• Support customer security reviews and questionnaires by clearly articulating SpyCloud’s cloud security controls and compliance posture.
• Audit Readiness & Continuous Controls
• Own continuous audit readiness across cloud platforms such as AWS, GCP, and Azure.
• Design and execute continuous control testing using automation and scripting (preferably Python). 
• Partner with Engineering and Security teams to ensure compliance is embedded into system design and change management processes.
• GRC Automation & Tooling 
• Build, maintain, and enhance automated evidence collection workflows using Vanta. 
• Integrate Vanta with cloud environments, identity systems, and CI/CD pipelines to support continuous compliance. 
• Collaborate with Engineering to implement automated compliance checks within cloud deployments.
• Governance, Policies & Standards 
• Develop and maintain security and compliance policies, standards, and procedures aligned with cloud architecture and operational practices. 
• Ensure governance documentation supports SOC 2, ISO 27001, and CMMC requirements while remaining practical for technical teams. 
• Translate complex technical requirements into clear, actionable controls.
• Risk Management 
• Lead risk assessments across cloud services, systems, and business processes.
• Identify, assess, and drive remediation of cloud security and compliance risks. 
• Partner with stakeholders to ensure risks are understood, prioritized, and addressed.
• Vendor Risk Management 
• Enhance vendor risk management workflows through automation and integration, including integration audits of third-party cloud services.
• Cross-Functional Collaboration 
• Work closely with Engineering, IT, Security, Product, and Legal teams to embed compliance into architecture and design decisions. 
• Serve as a subject matter expert for cloud compliance, control validation, and compliance automation.

Requirements:

• Experience
• 5+ years of experience in Governance, Risk & Compliance (GRC), security compliance, auditing, or related roles. 
• Demonstrated experience applying SOC 2, ISO 27001, and/or CMMC requirements to cloud environments. 
• Experience leading audit readiness activities and working directly with auditors.
• Strong collaboration experience with engineering and cloud operations teams.
• Education 
• Bachelor’s degree in Information Security, Computer Science, Engineering, or equivalent professional experience.
• Technical Skills Required: 
• Ability to understand and write code, preferably Python, to automate evidence collection and validate cloud controls. 
• Strong knowledge of cloud architectures, IAM, logging, monitoring, and cloud security best practices. 
• Hands-on experience using Vanta for compliance automation and integrations.
• Familiarity with SOC 2, ISO 27001, CMMC, NIST 800-53, and CIS Benchmarks.
• Soft Skills 
• Strong written and verbal communication skills. 
• Ability to work independently and manage multiple priorities. 
• Strong analytical, problem-solving, and collaboration skills.

Nice to Have:

• Certifications such as CISA, CISSP, CCSK, CCAK, or ISO 27001 Lead Auditor/Implementer.
• Experience with CI/CD pipelines, secure development practices, or cloud security engineering. 
• Experience conducting integration audits or third-party cloud risk assessments.

Location: Candidates must be based in Austin, TX

Join the rocketship fueling Axonius' growth! As a Sales Development Representative (SDR), you'll be at the forefront of our mission to be an industry leader. You'll play a vital role in generating qualified leads and driving revenue by creating market awareness and connecting with top prospects.

#LI-HYBRID #LI-LW1

Compensation:

• OTE: $80,000 60/40 split

Perks are uncapped commission potential with accelerators and monthly SPIFF opportunities. We also offer equity, free healthcare coverage (for the employee) among other great benefits!