Description:

The Assurance, Risk, and Compliance (“ARC”) Initiatives team at MongoDB owns the strategy, governance, and delivery of our most critical cross-functional risk and compliance initiatives. We design and execute programs that support compliance audits, risk assessments, employee awareness and enablement, and the implementation of common control frameworks, along with consistent operating cadences that align key stakeholders, accelerate decision making, and drive the execution of initiatives that reinforce MongoDB’s assurance, risk management, and compliance objectives. We define and track key metrics and deliver clear and timely, executive reporting to provide transparency, measure progress, and ensure lasting operational resilience and governance.

We serve as the central coordination point for ARC-wide initiatives, connecting Product, Engineering, Security, and Legal teams around clear priorities, milestones, and outcomes. Our focus is on building scalable governance structures, defining decision-making frameworks, and establishing repeatable ways of working so that complex efforts can be executed consistently across the team.

The Policy Program Manager is a mid-to-senior level individual contributor role responsible for leading the development and operationalization of policies and procedures aligned to established control frameworks. You will drive end-to-end ownership of policy lifecycle management, from drafting and review through implementation and ongoing maintenance, while coordinating inputs across teams to ensure accuracy, consistency, and adoption. Additionally, you will lead documentation standardization efforts, facilitate stakeholder reviews, and perform gap analyses to continuously strengthen and mature our ARC policy framework.

Responsibilities:

• Lead the end-to-end execution of company-wide compliance programs, including the annual security policy and procedure review cycle
• Design and implement scalable frameworks for policy lifecycle management (creation, review, approval, publication, and retirement)
• Establish standards, templates, and governance processes to ensure consistency and clarity across all compliance documentation
• Maintain a centralized, audit-ready repository for policies, procedures, and supporting artifacts
• Act as the primary point of contact for cross-functional teams (HR, Legal, Engineering, Product)
• Drive alignment, gather inputs, and ensure timely completion of policy updates and compliance deliverables
• Ensure policies and procedures align with regulatory, security, and internal control requirements
• Support internal and external audits by maintaining complete, accurate, and accessible documentation
• Translate audit findings and regulatory changes into actionable policy program updates
• Maintain the integrity of project-specific Jira boards and Confluence pages. Ensure all project artifacts are organized, up-to-date, and ready for leadership review or external audit
• Develop and maintain dashboards to report on program health, completion rates, and obstacles. Present status updates and metrics to leadership
• Evaluate existing program workflows and implement improvements to increase efficiency, reduce manual effort, and improve the stakeholder experience

Requirements:

• 5-8 years of program management experience, ideally within an Information Security or high-growth technology environment
• Experience creating and managing policy and procedure programs or governance frameworks
• Deep understanding of security and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, NIST CSF)
• Strong proficiency in managing full-lifecycle projects, including scoping, planning, risk mitigation, and change control
• Advanced experience with Jira and Confluence, including the ability to build custom dashboards and manage complex documentation repositories
• Maintain and support a GRC/policy management platform to ensure consistent policy administration and system usability
• Excellent interpersonal skills with the ability to hold cross-functional stakeholders accountable to deadlines in a professional and effective manner
• Exceptional attention to detail and the ability to manage multiple overlapping priorities without losing sight of milestones
• A proactive, self-directed approach to work. You enjoy taking ownership of a program and building the structure necessary for its success

Responsibilities & Expectations

• You are expected to be the owner of your assigned programs. While you will work closely with technical SMEs, you are responsible for the logistical success of the workstream. Your success is measured by the timely completion of program goals, the clarity of your reporting, and your ability to anticipate and resolve project bottlenecks
• You don't just track tasks; you own the success of the program

Scope & Complexity

• The scope is horizontal and impacts multiple departments across MongoDB
• Managing complex programs that require coordination with various business units, ensuring that project delays in one area do not derail the overall compliance roadmap

Authority & Impact

• You have the authority to manage the timelines and execution steps of your assigned programs
• Your impact is reflected in the strength of policy program management and organizational readiness you drive; by overseeing and coordinating these workstreams, you ensure the Compliance team consistently meets foundational policy requirements and aligns with external audit expectations

Expertise

• You will develop deep expertise in compliance and audit operations
• You will become the go-to resource for designing, scaling, and executing policy and compliance programs within a cloud-first organization. This role is responsible for independently and collaboratively developing and managing policies and procedures, with a strong understanding of compliance frameworks and the ability to interpret and operationalize control requirements

Leadership

• Leadership in this role is demonstrated through influence and mentorship. While you may not have direct reports, you will guide cross-functional teams in developing and standardizing policies/supporting documentation, as well as provide mentorship on policy governance, standardized documentation practices, and compliance alignment

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

REQ ID: 1273402887

Role overview

The Principal IT Systems Administrator is the most senior individual contributor on the IT Systems team, setting technical direction for core platforms, endpoints, networks, and security within IT Operations. This role drives reliability, scalability, and automation.

You will lead complex initiatives, serve as a top escalation point, and partner across the business to ensure infrastructure and endpoints enable productivity while meeting security and compliance needs.

What you'll do

• System Configuration & Administration: Design and implement complex configurations for core IT platforms (identity, collaboration, infrastructure, SaaS). Establish configuration management, lead performance/reliability improvements, and automate repetitive tasks.
• Workspace & Endpoint Management: Design enterprise-wide endpoint strategies (macOS, Windows, mobile). Develop and enforce security policies, automate software/OS deployments via MDM/EMM, and own compliance reporting.
• Network & Infrastructure: Design and implement complex network configurations (LAN/WAN/Wi-Fi/VPN/voice) for scalability and security. Maintain monitoring, automate network management, and lead infrastructure projects (e.g., migrations, new site buildouts).
• Security Engineering & Operations: Define and drive security strategies within IT Systems (identity, access, endpoints, networks). Integrate security tools (SSO/MFA, EDR, DLP), enforce access policies, and act as a technical lead during critical security incidents.
• Incident Management & Reliability: Define and implement incident response strategies, lead Post-Incident Reviews (PIRs) to drive corrective action, develop runbooks, and oversee on-call rotations.
• Documentation & Knowledge Management: Define documentation standards (architecture, SOPs, runbooks) and ensure knowledge bases are accurate, comprehensive, and easily discoverable.

What you'll bring

• Extensive experience (typically 8+ years) in IT systems engineering/administration, with significant time in senior/lead roles on enterprise-scale environments.
• Deep expertise in: Core IT systems (identity, collaboration, directory), Endpoint management (MDM/EMM, lifecycle), Network infrastructure (switching, routing, VPN), and Security controls (EDR, SSO/MFA).
• Demonstrated ability to design complex configurations, lead large cross-functional projects, and influence architectural decisions.
• Strong automation mindset and proficiency with scripting/infrastructure-as-code (Python, PowerShell, Terraform).
• Proven track record leading major incidents and PIRs.
• Excellent cross-functional collaboration and communication skills, comfortable engaging all levels.
• Experience in environments with security, regulatory, or audit requirements (SOC 2, SOX).
• A bias toward ownership, documentation, and mentorship.

Nice to have: Experience in a high-growth SaaS or technology company, familiarity with CarGurus tools (Okta, Google Workspace/M365, Jamf, Intune), and experience partnering with Security Engineering and GRC.

About Klaviyo

Klaviyo empowers creators to own their destiny by making first-party data accessible and actionable like never before. We see innovators building incredible businesses every day using Klaviyo's platform, and we're here to make sure they have everything they need to succeed. We're a company that puts customers first, leads with curiosity, and builds with velocity.

We're looking for people who are excited about solving hard problems, who thrive in a fast-paced environment, and who want to make a meaningful impact on how businesses grow.

About the Role

We're looking for a Director of Security Risk and Trust who breaks the mold of traditional compliance leadership. This isn't a role where you'll spend your days pushing spreadsheets and chasing attestation deadlines—this is a role where you'll engineer solutions to governance and compliance challenges at scale, build systems that make security and trust a competitive advantage, and lead a team that operates at the intersection of security engineering, risk management, and regulatory compliance.

You'll own the strategy and execution of Klaviyo's Risk and Trust program, partnering deeply with Engineering, Product, Legal, IT, and business teams to embed compliance and risk management into how we build and operate—not bolt it on after the fact. You'll bring a strong technical foundation and an engineering mindset to everything you do, from designing automated compliance pipelines to developing governance frameworks for AI/ML systems. You'll need to be as comfortable reading Terraform configs and reviewing architecture diagrams as you are presenting risk posture to executive leadership.

This role reports to the CISO and is a critical member of the Security leadership team.

How You'll Make a Difference

Build and Own the Risk and Trust Strategy

• Define and execute a forward-looking strategy that scales with Klaviyo's growth, product evolution, and expansion into new markets and regulated industries
• Develop a risk management program that quantifies and communicates risk in terms the business can act on—not just heat maps, but data-driven models that inform real decisions
• Own the compliance roadmap across frameworks including ISO 27001, ISO 42001, ISO 27017, ISO 27018, SOC 2 Type II, HIPAA, GDPR, CCPA/CPRA, and emerging AI governance regulations, identifying where frameworks overlap and engineering unified control sets rather than duplicating effort
• Translate regulatory and compliance requirements into clear, actionable engineering requirements that development teams can implement without ambiguity

Engineer Solutions, Don't Just Document Them

• Build and maintain compliance-as-code infrastructure—automated evidence collection, continuous control monitoring, and policy-as-code implementations that reduce manual toil and increase assurance
• Design and implement tooling and integrations (leveraging APIs, scripting, and orchestration platforms) that connect GRC workflows with engineering systems (CI/CD pipelines, cloud infrastructure, identity platforms, etc.)
• Partner with Engineering and Platform teams to embed security and compliance controls directly into the software development lifecycle, infrastructure provisioning, and deployment pipelines without introducing toil or friction
• Evaluate, select, and optimize platforms and technologies, building automation that turns compliance from a periodic exercise into a continuous, real-time capability

Lead AI Security Governance

• Develop and implement a comprehensive AI/ML governance framework aligned with ISO 42001, the EU AI Act, NIST AI RMF, and emerging global AI regulations
• Partner with ML/AI and Data Science teams to establish security and compliance guardrails for model development, training data governance, model monitoring, and responsible AI deployment
• Conduct and oversee risk assessments specific to AI/ML systems, including risks related to data poisoning, model integrity, bias, prompt injection, and supply chain threats in the AI ecosystem
• Stay ahead of the rapidly evolving AI regulatory landscape and proactively position Klaviyo's governance posture to meet or exceed emerging requirements

Drive Cross-Functional Impact

• Partner with Product and Engineering leadership to ensure security and compliance are built into product design from day one—acting as a trusted technical advisor, not a blocker
• Collaborate with Legal and Privacy teams to operationalize regulatory requirements and ensure alignment between legal interpretation and technical implementation
• Work with Sales, Customer Success, and Trust teams to support customer-facing security and compliance needs, including customer audits, security questionnaires, and trust documentation
• Engage with executive leadership and the Board to communicate risk posture, compliance status, and strategic GRC investments in clear, business-relevant terms

Get Your Hands Dirty

• Roll up your sleeves and do the work—conduct technical risk assessments, review architecture designs, write automation scripts, troubleshoot control gaps, and dive into the details when it matters
• Personally lead critical compliance initiatives, audit responses, and incident-driven governance activities when the stakes are high
• Maintain deep technical currency by staying hands-on with cloud platforms (AWS, GCP, Azure), infrastructure-as-code tools, security tooling, and modern software development practices

What We're Looking For

Must-Haves

• 10+ years of experience in security, governance, risk, and compliance, with at least 5 years in a leadership role building and scaling programs at high-growth technology or SaaS companies
• Strong engineering and technical foundation—you've written code (Python, Go, or similar), built automation, worked in cloud-native environments, and can engage deeply with engineering teams on technical design and implementation
• Deep expertise across multiple compliance frameworks including ISO 27001, ISO 42001, ISO 27017, ISO 27018, SOC 2, HIPAA, GDPR, and SOX IT controls, with a demonstrated ability to rationalize and unify controls across overlapping frameworks
• Demonstrated experience in AI/ML security and governance, including familiarity with AI-specific risk frameworks, responsible AI principles, and the unique security challenges of machine learning systems
• Hands-on experience with cloud infrastructure and security (AWS strongly preferred), including understanding of IAM, networking, encryption, logging/monitoring, and infrastructure-as-code (Terraform, CloudFormation, etc.)
• Proven ability to build compliance-as-code and automated GRC capabilities, including evidence collection automation, continuous monitoring, and integration with engineering toolchains
• Exceptional cross-functional leadership skills—you've successfully partnered with Engineering, Product, Legal, and executive stakeholders to drive security and compliance outcomes without relying on authority alone
• Experience managing external audits and regulatory examinations end-to-end, with a track record of clean results and efficient audit processes

Strong communication skills with the ability to translate complex technical and regulatory concepts for diverse audiences—from engineers to board members

We are seeking an experienced and strategic Principal Security Architect to lead the design, implementation, and oversight of enterprise-class network and cloud security across our global infrastructure. This role blends deep technical expertise with strategic leadership and focuses on securing our on-premises data centers, public cloud platforms, and enterprise network edge using best-in-class tools like Palo Alto and Cisco.

This is a hands-on leadership role that influences global security architecture, mentors’ engineers, and collaborates with cross-functional teams to protect our digital assets at scale.

Key Responsibilities

Security Architecture & Engineering

• Lead the design and evolution of security controls across hybrid cloud and on-prem environments.
• Architect and implement network segmentation, next-gen firewall policies, and zero-trust access models.
• Define secure connectivity strategies across WAN, remote access, data centers, and cloud networks.

Technology Ownership

• Serve as SME for Palo Alto Networks firewalls, Prisma Access, and Panorama.
• Lead security configuration, lifecycle management, and policy enforcement on Cisco security platforms (ASA, ISE, Firepower, Umbrella).
• Harden security for multi-cloud platforms (AWS, Azure, GCP) including IAM, VPCs, firewalls, and API security.

Operations & Response

• Lead threat detection and response for network and infrastructure incidents.
• Collaborate with SOC, GRC, and infrastructure teams to close security gaps and maintain compliance.
• Continuously improve security monitoring, alerting, and forensics capabilities.

Security Automation & Tooling

• Integrate security into CI/CD pipelines and infrastructure provisioning via Terraform, Ansible, or Python.
• Automate security posture checks and drift detection in public cloud and data center environments.
• Work with vulnerability management platforms and integrate findings into remediation workflows.

Governance, Risk & Compliance

• Define security baselines and configuration standards for networking and infrastructure teams.
• Ensure compliance with frameworks such as ISO 27001, NIST, CIS, and industry-specific requirements.
• Participate in audits, risk assessments, and security reviews for new technologies and vendors.

Required Qualifications

• 10+ years of experience in infrastructure or network security, with 3+ years in a principal or lead role.
• Deep expertise in Palo Alto Networks products and Cisco security platforms.
• Strong understanding of cloud security architecture and native security tools in AWS, Azure, and/or GCP.
• Experience securing on-premise and hybrid data centers, including virtualization and SDN technologies.
• Proven experience designing and enforcing enterprise security policies across global networks.
• Solid knowledge of routing/switching protocols (BGP, OSPF), VPNs, DNS security, and NAC.
• Familiarity with SIEM, NDR, and EDR tools for detection and response.
• Scripting/automation proficiency (Python, Bash, PowerShell, or IaC tools).

Preferred Qualifications

• Certifications such as PCNSE, CISSP, CCNP Security, AWS/Azure Security Specialty.
• Experience with identity federation (SAML, OAuth), secrets management, and PKI.
• Background in segmentation frameworks (e.g., SCADA/ICS, OT security), or data loss prevention (DLP).
• Experience in DevSecOps or cloud-native security tooling.

We are an equal-opportunity employer and do not discriminate because of race, color, religion, sex, national origin, ancestry, marital status, veteran status, age, disability, sexual orientation or gender identity or expression or any other legally protected category. InterSystems is an E-Verify Employer in the United States.

Position Summary

Focus Financial Partners is seeking a proactive and detail-oriented Senior Risk Operations Specialist to support and strengthen our organization’s Cybersecurity program. This role is responsible for supporting key risk pillars: Vulnerability Management and Risk Management. A successful candidate will have knowledge of one or more of these areas and be able to assist with writing policy and process, supporting deployment of technology and handling incident response in a variety of environments. The candidate will also manage and maintain cybersecurity dashboards to track key performance indicators (KPIs) across all partner firms.

This role can be based in St Louis. MO; Boston, MA.

Primary Responsibilities

• Provide input into an evolving enterprise risk program, ensuring risks to data security are identified, quantified and documented.
• Develop and maintain information feeds for new and evolving vulnerabilities.
• Collaborate with other technical teams to assess vulnerability criticality and coordinate patch deployment.
• Participate in audits and assessments to demonstrate compliance and remediate findings.
• Execute cybersecurity training and awareness programs across partner firms.
• Work with the Head of Cybersecurity Risk to establish and track KPIs such as incident response times, policy compliance rates, and training completion.
• Provide regular reports to leadership and stakeholders.
• Act as a liaison between IT, compliance, and external partners to ensure cohesive security practices.

Qualifications

• Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent experience). Master’s preferred.
• 5+ years of experience in cybersecurity, policy development, or GRC (governance, risk, and compliance).
• Familiarity with cybersecurity frameworks (e.g., NIST, ISO 27001) and regulatory environments in financial services.
• Minimum of 5 years' experience with creating and maintaining real-time dashboards and reports to measure cybersecurity program effectiveness
• Excellent written and verbal communication skills.
• Industry certifications such as CISSP, CISM, or GIAC (GSEC, GCCC) are preferred.
• Prior experience in a multi-partner or financial services environment is preferred.
• Familiarity with privacy regulations such as GDPR or CCPA is preferred.
• Ability to manage multiple projects and stakeholders simultaneously.

This is an exempt position. The annualized base pay range for this role is expected to be between $100,000- $120,000.  Actual base pay could vary based on factors including but not limited to experience, subject matter expertise, geographic location where work will be performed, and the applicant's skill set.  The base pay is just one component of the total compensation package for employees.  Other rewards may include an annual cash bonus and a comprehensive benefits package, including but not limited to medical, dental, vision, life and 401(k). Please note that the job title is subject to change based on the selected candidate’s experience and education.

Role overview

Our Information Security team is responsible for ensuring the security of our customers and the safety of our data. As the Manager of Security GRC, you will guide the evolution of our established GRC function. You aren't just maintaining a program; you are maturing our capabilities to ensure that security is a tailwind for our business, transforming complex regulatory requirements into a competitive advantage.

You will be a strategic leader who balances high-standard execution with a focus on Revenue Enablement, ensuring our security posture removes friction from the enterprise sales cycle and reinforces our market position as a trusted partner.

What you'll do

• Take ownership of an established team to elevate our GRC maturity. You will develop and refine our Integrated Management System (IMS) across ISO 27001, 27017, 27018, and SOC 2 Type II.

• Modernize our risk reporting by leveraging quantitative risk management. You will move beyond qualitative "Red/Yellow/Green" charts to provide real-time, data-driven insights and financial risk projections using FAIR principles.

• Serve as a leading voice on our AI Governance Committee. You will guide the secure adoption of AI/LLM features within our product and oversee the governance of AI integration across our internal SaaS ecosystem, aligned with ISO 42001.

• Focus on GRC as a revenue driver. By maturing our compliance and risk functions, you will ensure our security trust posture supports global growth and instills immediate confidence in our largest enterprise customers.

• Partner with Product and Engineering to validate and mature technical controls within cloud environments (e.g. AWS, GCP) and cloud data warehousing environments (e.g. Snowflake). You will ensure that compliance is a seamless part of the CI/CD pipeline and agile software development lifecycle.

• Provide expert guidance on GDPR and CPRA, ensuring our risk management strategies remain resilient in a rapidly changing global privacy landscape.

What you'll bring

• You have 7+ years in Information Security and a track record of maturing established teams. You know how to keep team performance on track while maintaining momentum toward strategic goals.

• You have a deep understanding of AWS security services and Snowflake data governance. You are comfortable challenging and supporting technical teams to innovate and solve strategic challenges.

• You embody a growth mindset and use data and facts to inform priorities. Experience with SAFE Security or similar CRQM platforms is a significant plus.

• A Change Leader: You are comfortable with ambiguity and adapt quickly when priorities change. You encourage experimentation within your team to automate evidence collection and risk discovery.

• A Caring Collaborator: You lead with empathy and inclusion, building diverse teams that support one another. You are a cultural ambassador who can see things from others' viewpoints and reconcile multiple stakeholder views to drive results.

• A Clear Communicator: You bring people along with your vision. You can translate technical risk into business value for executive decision-makers and functional leaders.

Our Leadership Competencies:

We hire leaders who are a Catalyst for Impact, a Coach to their peers, a clear Communicator, an innovative Change Leader, and a Caring Collaborator. In this role, you will be expected to:

• Set high standards and take full ownership of the GRC roadmap.

• Proactively manage the growth of team members through clear feedback and experiential opportunities.

• Engage key decision-makers across business functions to support complex, cross-functional initiatives.

• Navigate organizational dynamics to establish accountability and ensure successful delivery of results.

Position Overview
Vectra is looking for an Manager of Audit & Compliance to plan and execute internal audits of the company’s IT processes, systems, and controls, helping ensure effective risk management and regulatory compliance. The position reports directly to the Sr. Director of IT Security and can be based in Austin, Boston, or Remote US.

Responsibilities

• Audit Planning & Execution: Develop and carry out a risk-based internal audit plan for IT operations, security controls, and compliance processes. Conduct audits from planning through reporting, evaluating the effectiveness of IT controls, policies, and procedures.

• Risk Identification & Remediation: Identify control gaps and IT-related risks during audits and recommend actionable improvements. Prepare clear audit findings reports and work with stakeholders on remediation plans. Track audit findings and drive remediation efforts to closure with accountable owners.

• Cross-Functional Collaboration: Work closely with IT, Security, Engineering, and other teams to gather evidence and facilitate audit processes. Serve as a liaison with external auditors and internal teams for any audit inquiries or compliance assessments. Ensure security controls and processes are well documented and demonstrated during audits.

• Compliance Support: Support external compliance audits and certifications (e.g. ISO 27001, SOC 2) by providing required documentation and coordinating audit logistics. Partner with compliance and GRC functions to align internal audit activities with regulatory requirements and company policies.

• Process Improvement & Documentation: Maintain comprehensive audit workpapers and documentation repositories using a modern GRC tool in order to meet quality and retention standards. Help build audit playbooks and improve audit workflows (e.g. automating evidence collection) to increase efficiency. Stay up-to-date on industry best practices and emerging regulations to continually enhance the IT audit program.

Qualifications

• Education & Certification: University degree in Information Systems, Computer Science, MIS, or a related field. Professional certification such as CISA (Certified Information Systems Auditor) or CIA is strongly preferred.

• Experience: 5+ years of experience in IT auditing, IT risk, or related compliance fields. Demonstrated experience leading or executing multiple IT audits end-to-end, including working with external or third-party auditors. Experience in a high-growth or technology-driven environment is a plus.

• Technical Knowledge: Strong understanding of IT governance, security, and compliance frameworks – e.g. ISO 27001, SOC 2, NIST 800-53, Sarbanes-Oxley (SOX), GDPR – and how they apply to enterprise environments. Familiarity with cloud platforms and enterprise IT controls (AWS, Azure, O365, etc.) and with IT general controls and processes.

• Tools: Experience with GRC or audit management tools (e.g. AuditBoard, Drata, Vanta) is a plus for streamlining compliance evidence and audit tracking.

• Soft Skills: Excellent communication skills, with the ability to clearly report findings and recommendations to both technical and non-technical stakeholders. Strong organizational and project management skills to handle multiple audits simultaneously. A collaborative, integrity-driven approach and a problem-solving mindset are essential.

WHAT WE DO

Our Security, Risk and Compliance consultants work with clients at all levels of the organization, from the C-suite to the shop floor, helping them to deliver on their most strategic initiatives. We’re known for making realistic, data-driven decisions that deliver value in tangible ways to our clients. Our clients ask for us on projects that require a superior combination of technical and business capabilities, people and management skills, and a collaborative mindset. We excel in understanding complex programs and strategic initiatives and breaking them into actionable pieces.

We are actively looking for professionals in the following areas:

• Compliance
• Information Security
• Risk Management
• Data Privacy

The ideal candidate’s experience may include but is not limited to the following:

• Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects
  • Sample projects/programs could include but are not limited to:
    • Compliance framework mapping and implementation,
    • Regulatory mapping and implementation
    • Audit, risk or regulatory remediation management,
    • Readiness for new laws and regulations,
    • Risk, Compliance or Information Security risk reporting and monitoring
    • Creation of roadmaps to mature or advance Risk, Compliance or Information Security Strategies/Programs/Controls
    • Design and enablement of cyber controls functions and processes
    • Change management related to regulatory adoption or compliance changes
    • Audit or certification readiness
  • Familiarity or direct experience with GRC/Cybersecurity solutions, tools and technologies
  • Control design or maturation for high-demand technical areas such as ERP, Identity and Access Management, Business Continuity and Resiliency, Cloud
  • Knowledge of and/or application of industry specific regulations, laws, and standards such as the EU-GDPR, CCPA/CPRA, HIPAA, PCI
  • Knowledge of and/or application of compliance and security frameworks and standards such as COSO, NIST, ISO
  • Management of regulatory, internal or external audits, or experience as an auditor
  • Projects or roles requiring coordination across lines of defense working with technical, business, compliance, risk and audit teams to deliver solutions
  • Work or projects with military or federal government agencies in Risk, Compliance or Information Security/Cyber Security sectors
  • Certifications: CIPP, CRCM, CRM, ARM, CISSP, CISM

QUALIFICATIONS

Required-

• Alignment to our core values: Excellence, Participation, Integrity, and Collaboration
• Hungry, Humble, Smart
• Demonstrated business and technology acumen
• Strong written and verbal communication skills
• Understanding and experience solving real business problems
• Proven track record of delivering results
• Experience working with and/or leading a team
• Ability to work across industries, roles, functions & technologies
• Authorization for permanent employment in the United States (this position is not eligible for immigration sponsorship)

Preferred-

• Bachelor’s degree
• 8+ years professional experience
• Experience across our service offerings

RegScale is a continuous controls monitoring (CCM) platform purpose-built to deliver fast and efficient GRC outcomes. We help organizations break out of the slow and expensive realities that plague legacy GRC tools by bridging security, risk, and compliance through controls lifecycle management. By leveraging CCM, organizations experience massive process improvements like 90% faster certification times, and 60% less audit prep time. Today’s expansive security and compliance requirements can only be met with a modern, CCM based approach, and RegScale is the leader in that space.

Position:

Do you believe that maintaining compliance as a business should be affordable, transparent, and easy? If yes, then we have a critical position in an innovative startup disrupting the compliance industry for you! We are seeking a subject matter expert in GRC to help us win more business as well as ensure value realization for our existing customers. We’re looking for you to play the SME role in new sales pursuits, in designing solution messaging, and in engaging with our existing customers to help them better their compliance and risk programs. This role will significantly influence our Go to Market execution and will be at the heart of the market and customer-facing interactions. If you like action, accountability, and building a business from the ground up, you’ll love this opportunity to join a hyper-growth market disrupter. 

The position must be a US Citizen and is subject to a background check and unannounced drug testing requirements. We recognize that our customers’ success is vital to our company’s success and have created a generous compensation package that includes a competitive OTE with significant stock options to help us recruit the most exceptional talent that is maniacally focused on delighting our customers and partners. We are excited to have you on our team if you’re ready to help redefine an entire industry and raise the bar for our organization.

Activities:

• Assist in pipeline development and sales pursuits using your Subject Matter Experience to align the RegScale value proposition to customer needs
• Co-develop messaging and value proposition materials with the sales and marketing teams
• Develop and lead Solution Workshops with prospects and existing customers to define business objectives, quantify business benefits, and determine the functional requirements to achieve them
• Help customers achieve their desired results from RegScale by leveraging your domain experience to drive valuable program outcomes
• Design and institute a value calculator to assess value received by customer organizations
• Collaborate with functional stakeholders to develop and execute customer, partner, and employee enablement programs

Proven Capabilities:

• Ability to build a plan and execute effectively to achieve quantifiable results, quarter over quarter
• High energy, hard worker ready to put in the hours necessary to build the business and reap the rewards that come with doing so
• Able to be flexible and agile in responding to evolving business priorities and dealing with ambiguity
• Able to collaborate effectively across the organization and with external stakeholders
• Able to build effective virtual teams with client and partner networks
• Experience successfully working with senior (C-level) executives to achieve specific outcomes
• Willing and able to address escalated stakeholder issues with speed and urgency
• Team player who thrives in cross-functional teams including Sales, Product, and Marketing
• Must be a self-starter who works well on diverse and blended teams

Education/Training, Qualifications, and Certification:

• You have 4+ years experience as a Risk and Compliance practitioner and/or 4+ years experience in presales engineering within the GRC / InfoSecurity market
• You have a strong network of relationships in Security and GRC ecosystem
• You have expertise in driving results and outcomes while solving complex business problems, as an individual contributor and through direct reports
• You use your excellent presentation, organizational, and communication skills to communicate complex concepts to diverse audiences
• You exhibit the ability to partner effectively with C-Suite, VP, and Director-level contacts in addition to the day-to-day users of technologies
• You have a Bachelor’s degree in Business, or related field or equivalent experience

RegScale is a CCM platform enhancing GRC outcomes. RegScale bridges security, risk, and compliance by overcoming speed, timeliness, and high costs. Our CCM platform and AI deliver GRC results, cutting costs and accelerating compliance. Achieve rapid certification, anticipate threats, and automate evidence collection. Organizations experience 90% faster compliance and 60% less audit prep.

Position:

Do you believe that maintaining compliance as a business should be affordable, transparent, and easy? If yes, then we have a critical position in an innovative startup disrupting the compliance industry for you! We are seeking a subject matter expert in GRC to help us win more business as well as ensure value realization for our existing customers. We’re looking for you to play the SME role in new sales pursuits, in designing solution messaging, and in engaging with our existing customers to help them better their compliance and risk programs. This role will significantly influence our Go to Market execution and will be at the heart of the market and customer-facing interactions. If you like action, accountability, and building a business from the ground up, you’ll love this opportunity to join a hyper-growth market disrupter. 

The position must be a US Citizen and is subject to a background check and unannounced drug testing requirements. We recognize that our customers’ success is vital to our company’s success and have created a generous compensation package that includes a competitive OTE with significant stock options to help us recruit the most exceptional talent that is maniacally focused on delighting our customers and partners. We are excited to have you on our team if you’re ready to help redefine an entire industry and raise the bar for our organization.

Activities:

• Assist in pipeline development and sales pursuits using your Subject Matter Experience to align the RegScale value proposition to customer needs
• Co-develop messaging and value proposition materials with the sales and marketing teams
• Develop and lead Solution Workshops with prospects and existing customers to define business objectives, quantify business benefits, and determine the functional requirements to achieve them
• Help customers achieve their desired results from RegScale by leveraging your domain experience to drive valuable program outcomes
• Design and institute a value calculator to assess value received by customer organizations
• Collaborate with functional stakeholders to develop and execute customer, partner, and employee enablement programs

Proven Capabilities:

• Ability to build a plan and execute effectively to achieve quantifiable results, quarter over quarter
• High energy, hard worker ready to put in the hours necessary to build the business and reap the rewards that come with doing so
• Able to be flexible and agile in responding to evolving business priorities and dealing with ambiguity
• Able to collaborate effectively across the organization and with external stakeholders
• Able to build effective virtual teams with client and partner networks
• Experience successfully working with senior (C-level) executives to achieve specific outcomes
• Willing and able to address escalated stakeholder issues with speed and urgency
• Team player who thrives in cross-functional teams including Sales, Product, and Marketing
• Must be a self-starter who works well on diverse and blended teams

Education/Training, Qualifications, and Certification:

• You have 2+ years experience as a Risk and Compliance practitioner and/or 4+ years experience in presales engineering within the GRC / InfoSecurity market
• You have a strong network of relationships in Security and GRC ecosystem
• You have expertise in driving results and outcomes while solving complex business problems, as an individual contributor and through direct reports
• You use your excellent presentation, organizational, and communication skills to communicate complex concepts to diverse audiences
• You exhibit the ability to partner effectively with C-Suite, VP, and Director-level contacts in addition to the day-to-day users of technologies
• You have a Bachelor’s degree in Business, or related field or equivalent experience