About the role 

Roku is seeking a Technology Audit Manager to join its Finance & IT Compliance team. This role will lead and evolve Roku’s technology SOX compliance program, partnering closely with Engineering, Security, Product, and Finance teams to ensure scalable, high-quality controls across a rapidly growing and complex engineering environment. 

You will operate at the intersection of audit, technology, and automation, overseeing internal controls across enterprise systems, cloud infrastructure, data platforms, and cybersecurity. You will also drive controls-by-design for system implementations and business process transformations A key priority for this role is modernizing the IT SOX program through AI-powered automation and continuous auditing to improve precision, coverage, and efficiency. 

This is a high-impact, hands-on role for a proactive and driven professional who excels in fast-paced environments, collaborates effectively across teams, and brings the vision and execution focus to scale and modernize the compliance function alongside company growth. The ideal candidate brings strong experience in IT SOX and technology audits, along with a builder mindset, the ability to navigate ambiguity, and a track record of influencing cross-functional stakeholders. You should be equally comfortable diving into control details, partnering with engineering teams on system design, and driving strategic initiatives that enhance the overall control environment. 

For California Only - The estimated annual salary for this position is between $170,000 and 187,000 annually. Compensation packages are based on factors unique to each candidate, including but not limited to skill set, certifications, and specific geographical location. This role is eligible for health insurance, equity awards, life insurance, disability benefits, parental leave, wellness benefits, and paid time off. 

What you’ll be doing 

• Lead and oversee the company’s technology SOX compliance program, evaluating the design and operating effectiveness of IT general controls, automated controls, and key reports supporting financial reporting 
• Maintain a deep understanding of the organization’s end-to-end technology ecosystem and its impact on financial reporting, staying current on system changes, policies, regulatory guidance, and industry best practices 
• Own audit oversight for system implementations, technology transformations, and process automation initiatives, partnering cross-functionally to ensure controls-by-design, strong SDLC governance, and scalable SOX-readiness from pre-go-live through post-implementation 
• Lead cloud infrastructure audits across AWS and GCP environments, assessing controls over access management, network security, encryption, logging and monitoring, configuration management, and data residency; evaluate cloud-native security tools and drive control maturity 
• Drive AI-powered automation of internal controls testing by integrating with IAM platforms (e.g., Okta, AWS IAM) and GitLab to continuously monitor access risks, code changes, and CI/CD controls; leverage AI/ML and automation to detect anomalies and generate audit-ready evidence that enables continuous auditing and improves precision, coverage, and efficiency 
• Establish and maintain an AI controls automation governance framework, including model validation standards, quality thresholds, and human-in-the-loop checkpoints to ensure accuracy, auditability, and regulatory defensibility 
• Assess control deficiencies, perform root cause analysis, and drive remediation efforts to closure, including validation and re-testing of corrective actions 
• Coordinate with co-sourcing partners, external auditors, and control owners to ensure cohesive execution; act as a trusted advisor by anticipating stakeholder needs and delivering actionable insights 
• Prepare and review audit workpapers, reports, ensuring compliance with professional standards and delivering clear, data-driven insights 

We’re excited if you have 

• 6–8+ years of relevant technology audit and IT SOX compliance experience, ideally combining Big 4 public accounting and in-house internal audit/SOX roles at a fast-paced public technology company 
• Bachelor’s degree in computer science, Information Systems, Finance, Accounting, or related field 
• Professional certifications such as CISA, CISSP, or CISM preferred; additional certifications (CPA, CIA, CFE) are a plus 
• Strong experience across technology audit domains, including IT general controls (ITGCs), automated controls (ITACs), cloud infrastructure, data engineering, DevOps processes, cybersecurity, system implementations, and business process automation 
• Hands-on experience designing and evaluating IT general and security controls in cloud environments (AWS, GCP); cloud certifications are highly desirable  
• Experience auditing or supporting enterprise platforms (e.g., NetSuite, Salesforce, Workday) and modern engineering environments (e.g., GitHub, CI/CD pipelines) 
• Solid understanding of SOX and broader compliance frameworks (SOC 1/2, GDPR, PCI-DSS) and security/governance standards (ISO 27001, COBIT, NIST) 
• Experience operating in high-growth, fast-paced environments, with the ability to scale processes and controls alongside business expansion 
• Strong leadership, communication, and project management skills, with the ability to collaborate effectively across technical and business teams 
• Self-driven and proactive, with the ability to manage multiple priorities and deliver high-quality results with minimal supervision 

Extra Credit 

• Master's degree in finance, accounting, computer science, IT, or related field  
• Strong understanding of finance and business processes, including quote-to-cash, revenue recognition, procure-to-pay, HR operations, and payroll 
• Hands-on experience with automation, AI, and analytics tools to drive audit efficiency and insights. Familiarity with GRC tools like Auditboard is a plus 
• Experience with identity and access management (IAM) and governance tools (e.g., Okta, SailPoint, CyberArk), including user access reviews (UAR), role design, and segregation of duties (SoD) analysis 
• Proven ability to quickly learn and adapt to evolving emerging technologies, including AI, cloud, payments, data platforms, and modern engineering environments, within the media & entertainment industry 

#LI-RR1 

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our San Francisco office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our San Francisco office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

We are seeking a SAP Security & Platform Systems Engineer. This specialized role is responsible for the secure architecture and technical integration of our SAP S/4HANA RISE environment. The ideal candidate will bridge the gap between traditional SAP Security and modern Cloud Platform administration, ensuring robust, compliant, and well-connected SAP systems.

What You'll Do:

• SAP Security & Access Governance
  • Access Model Ownership: Design, build, and maintain S/4HANA business roles, Fiori catalogs, and authorization groups.
  • Identity Management: Perform configuration and troubleshooting of user provisioning and authentication workflows.
  • Compliance & Audit: Participate in technical efforts for SOX and ITGC audits, managing GRC/IAG (including SoD rulesets and Emergency Access/Firefighter) and providing technical evidence.
  • System and Data-Level Security: Perform vulnerability Assessment, secure Fiori apps/Web services and govern security measures at the CDS-view and OData service layer
• Platform Connectivity & System Administration
  • Cloud Ecosystem Integration: Design and manage technical trust configurations (SAML 2.0, OAuth 2.0, Principal Propagation) across S/4HANA, BTP, and SAP Analytics Cloud (SAC) etc.
  • BTP Management: Administer BTP subaccounts, service entitlements, and technical destinations.
  • Secure Connectivity: Install, configure, and monitor SAP Cloud Connectors to maintain secure data transfer between the RISE private cloud and BTP/external services.
  • Certificate Authority: Manage the full lifecycle of X.509 certificates and SSL handshakes within the entire SAP landscape.
  • RISE Coordination: Serve as the technical liaison with SAP RISE operations for system-level changes (e.g., refreshes, kernel parameters, OS configurations).

What You'll Need: 

• 10+ years in SAP technical roles, with a minimum of 3 years focused on S/4HANA and the Business Technology Platform (BTP).
• Expert proficiency in PFCG, SU24 optimization, and Fiori security architecture.
• Direct, practical experience with the SAP BTP Cockpit and SAP Cloud Connector.
• Proven ability to troubleshoot and manage Identity Protocols: SAML, OAuth2, and OpenID Connect (OIDC).
• Direct experience managing SOX/ITGC compliance requirements in a regulated or publicly traded company, reduce SOD violations
• Skilled in performing comprehensive end-to-end traces (e.g., ST01, browser traces, Cloud Connector logs) to diagnose connectivity and authorization issues. 
• Investigate and resolve Authorization-related issues, performing root cause analysis to prevent future breaches.
• Clear understanding of the SAP RISE shared responsibility model.

Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications.

At Archer we aim to attract, retain, and motivate talent that possess the skills and leadership necessary to grow our business. We drive a pay-for-performance culture and reward performance that supports the Company’s business strategy. For this position we are targeting a base pay between $152,100 - $190,100. Actual compensation offered will be determined by factors such as job-related knowledge, skills, and experience.

We are an equal-opportunity employer committed to creating a diverse and inclusive workplace. All qualified applicants will receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws. 

By applying, you agree to be bound by our candidate privacy policy.

Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities, and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archer’s People Team at people@archer.com. Reasonable accommodations will be determined on a case-by-case basis.

Role 

We are looking for a Staff Information Systems Engineer based in San Jose (Hybrid, 3 days in office), reporting to the Manager, End User Engineering in the IT Digital Employee Experience department.

The Staff Information Systems Engineer (End-User Computing) defines and drives the strategy and architecture for Zscaler’s secure, cloud-first employee workspace across Windows, macOS, BYOD, and mobile (iOS & Android), ensuring devices are compliant, resilient, and scalable. The role connects End User Engineering(Digital Employee Experience) objectives to day-to-day execution by leading automation, self-service, and zero-touch deployment initiatives, integrating core platforms, and mentoring engineers to improve productivity, reduce risk, and modernize the end-user experience.

What you’ll do (Role Expectations)

• Define EUC strategy and future-state architecture across Windows, macOS, BYOD, and mobile (iOS/Android)
• Lead automation, self-service, and zero-touch provisioning initiatives
• Integrate and optimize core platforms (e.g., Workspace ONE/Intune/Jamf, Automox, Okta, Azure AD)
• Drive security, patching, and vulnerability remediation in partnership with Security
• Provide technical leadership (L4 escalation) and mentor engineers

Who You Are (Success Profile)

• You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. You adapt to what’s needed, navigating seamlessly between high-level strategy and hands-on execution.
• You are a positive force. You approach hard problems with constructive energy and a 'can-do' spirit that is contagious, inspiring your team to stay focused on the solution.
• You are data-driven. You use data and analytics to find the truth, measure what matters, and guide informed decisions. You value evidence over assumptions, replacing "I think" with "I know" to drive better outcomes.
• You operate with urgency. You understand that in a high-growth environment, speed and quality are not mutually exclusive. You have a relentless focus on execution and a bias for action, delivering high-impact results quickly to win for the customer and the team.
• You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust.

What We’re Looking for (Minimum Qualifications)

• 8+ years in endpoint engineering/systems architecture, including prior lead ownership of enterprise-scale initiatives in a global environment
• Expert-level administration of at least one endpoint management stack (Workspace ONE / Intune (MEM) / Jamf) plus strong experience with patching at scale (e.g., Automox)
• Advanced automation skills (PowerShell, Python, and/or shell) with proven delivery of API-driven integrations/workflows across IT/Security/HR systems
• Demonstrated capability to drive zero touch provisioning, endpoint security, vulnerability remediation, and audit readiness in partnership with Security (Zero Trust mindset)
• U.S. citizenship due to the nature of the customers assigned to this role

What Will Make You Stand Out (Preferred Qualifications)

• Hands-on experience with Workspace ONE and Automox for end-to-end endpoint lifecycle management and patch/vulnerability management at scale
• Exposure to AIOps, VDI(Desktop as Service), and advanced self-service/self-healing programs, with measurable outcomes (e.g., reduced ticket volume, faster MTTR, improved device compliance)
• Proven success in FedRAMP/regulated environments, including building repeatable audit evidence, control workflows, and strong partnerships with Security/GRC

#LI-YC2 #LI-Hybrid

Role

We are looking for a Cybersecurity Risk Management Principal to join our team. This is a hybrid role, going in to the San Jose, CA office 3 days a week.  You'll be reporting to the Sr. Director, Enterprise Risk Management within the Security GRC department. You will serve as a technical leader and subject matter expert, conducting sophisticated risk assessments and maintaining the strategic risk register to protect our global infrastructure. You'll bridge the gap between deep technical adversary tactics and high-level business impact to drive remediation across the enterprise.

What you’ll do (Role Expectations)

• Lead comprehensive cyber risk assessments using qualitative and quantitative methods, such as FAIR, to identify and articulate threats to business stakeholders

• Build and maintain a dynamic cyber risk register, ensuring prioritized risks and mitigation strategies are tracked and socialized with executive leadership

• Run the day-to-day operations for Security Policy Exceptions and Risk Acceptance processes to ensure compliance and balanced risk-taking

• Partner with Internal Audit, Compliance, and Security teams to embed risk management frameworks deeply into the enterprise risk lifecycle

• Apply the MITRE ATT&CK framework to analyze adversary techniques and translate that intelligence into actionable enhancements for the organization’s security posture

Who You Are (Success Profile)

• You thrive in ambiguity. You're comfortable building the path as you walk it. You thrive in a dynamic environment, seeing ambiguity not as a hindrance, but as the raw material to build something meaningful.

• You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. True ownership involves leveraging dynamic range: the ability to navigate seamlessly between high-level strategy and hands-on execution.

• You are a problem-solver. You love running towards the challenges because you are laser-focused on finding the solution, knowing that solving the hard problems delivers the biggest impact.

• You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust.

• You are a learner. You have a true growth mindset and are obsessed with your own development, actively seeking feedback to become a better partner and a stronger teammate. You love what you do and you do it with purpose.

What We’re Looking for (Minimum Qualifications)

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or a related field

• 10+ years of experience in cybersecurity risk management with a focus on risk assessments and threat modeling

• Proficiency in the FAIR framework for risk quantification and the MITRE ATT&CK framework

• Expert-level communication skills with the ability to translate complex technical risks into clear, actionable insights for business audiences

• A results-driven approach to security risk management with a proven track record of solving complex security challenges

What Will Make You Stand Out (Preferred Qualifications)

• Advanced certifications such as CISA, CISSP, CISM, CRISC, or FAIR

• A Master’s degree in a technical or business-aligned field

• Prior experience leading a Compliance or Cyber Risk management function within the technology industry

#LI-BH1 #LI-Hybrid

You will serve as the technical lead for the sales team, focusing on solving complex security challenges for prospective customers across our SouthWest Region (CA, NV, AZ, & NM). The mission of this role is to drive successful product evaluations and provide expert technical guidance to secure new business within the regional market. You will bridge the gap between technical functionality and strategic business value to ensure high customer satisfaction and deal closure.

Responsibilities

• Lead the technical pre-sales cycle by executing product demonstrations and managing proof-of-value (POV) engagements to meet customer success criteria.
• Conduct discovery meetings and research the competitive landscape to architect technical solutions that address specific customer security and infrastructure gaps.
• Develop account-based penetration strategies and sales objectives in collaboration with sales executives to secure contracts with Fortune 500 companies.
• Provide ongoing technical training on platform integrations and security principles to internal sales executives and external channel partners.
  
  

Minimum Qualifications

• Multiple years of professional experience specifically in a Sales Engineering role within the software industry.
• Experience delivering technical presentations and product demonstrations to both C-suite executives and end-user technical teams.
• Technical background in internet security principles, including networking topology, TCP/IP protocols, firewalls, and routers.
• Professional experience selling software solutions to Fortune 500 enterprises.
  
  

Preferred Qualifications

• Hands-on experience with endpoint security technologies such as AV, EDR, and Next-gen AV.
• Working knowledge of cloud security principles and vulnerability management frameworks.
• Experience using or implementing APIs within a security infrastructure.
• Proficiency with scripting languages, specifically Python, for technical solutioning.
• Technical understanding of application-layer protocols including HTTP and SMTP.
  
  

#LI-LW1 #LI-REMOTE

The EHS Specialist executes day-to-day environmental, health, and safety programs across Zone 5 Technologies manufacturing operations. Working under the direction of the Director of Operational Excellence (OpEx), this role is the hands-on technical owner of compliance activities, hazard assessments, industrial hygiene monitoring, incident documentation, and safety training delivery. The Specialist does not set EHS strategy or manage staff but is independently accountable for ensuring that established programs are properly implemented, records are meticulously maintained, and emerging hazards or compliance gaps are identified and escalated promptly.

The ideal candidate brings solid field-level EHS knowledge and is comfortable operating in the complex hazard environment unique to aerospace manufacturing, including composite and beryllium materials, energetic materials, RF/EMF, ionizing radiation, and classified program areas with the discipline and attention to detail required in a regulated defense contractor environment.

Key Responsibilities:

Regulatory Compliance & Permitting Support

• Conduct routine compliance inspections and walkthroughs to verify adherence to Local, State, and Federal requirements; document findings and initiate corrective action requests

• Maintain EHS compliance records, permit documentation, and regulatory filing calendars; prepare draft permit reports and renewal packages for EHS Manager review and submission

• Collect and compile data for required regulatory reports including Tier II, TRI Form R, EPCRA Section 313, OSHA 300/300A logs, and stormwater monitoring reports

• Support hazardous waste management operations: waste characterization, manifest preparation, container labeling and inspection, and LQG/SQG recordkeeping in compliance with RCRA

• Assist in preparing for and supporting regulatory agency inspections and third-party audits; gather evidence packages, escort inspectors on the floor, and document inspection findings under manager supervision

• Monitor compliance calendars and alert the Director of OpEx to upcoming deadlines, permit renewals, and reporting obligations

Hazard Identification & Risk Management

• Conduct Job Hazard Analyses (JHAs) for new and modified manufacturing tasks, maintenance activities, and non-routine operations; coordinate reviews with supervisors and document approvals

• Perform industrial hygiene monitoring tasks: collect air samples, conduct noise dosimetry surveys, and administer ergonomic assessments using established protocols; submit samples and compile results for EHS Manager interpretation

• Assist in day-to-day specialized hazard programs under established procedures: RF/EMF, composite and carbon fiber exposure controls, beryllium awareness, confined space entry, and LOTO/LOTOTO

• Maintain and update the chemical inventory and SDS/GHS library; review incoming chemical requests against approved substances list and flag new hazards.

• Support classified area EHS controls: conduct periodic inspections of controlled-access areas in coordination with the FSO and program security teams; document findings and corrective actions

• Participate in Process Hazard Analysis (PHA) reviews as an EHS technical contributor alongside engineering and operations teams

• Administer the respiratory protection program: coordinate fit-testing scheduling, maintain fit-test records, verify proper respirator selection, and track medical clearance status

Emergency Preparedness & Incident Management

• Maintain site emergency response plan (ERP) documents, contact lists, emergency equipment inventories, and evacuation maps; coordinate annual reviews with the Director of OpEx.

• Support incident investigations by conducting scene preservation, photographing physical evidence, gathering witness accounts, and entering findings into the EHS management system; conduct root cause analysis (RCA).

• Track and follow up on corrective and preventive actions (CAPAs) arising from incidents, near-misses, inspections, and audits; verify completion and document closure evidence

• Maintain OSHA 300/300A injury and illness logs with accuracy; flag recordability questions to the Director of OpEx for determination

• Coordinate emergency response drills and tabletop exercises: schedule participants, set up scenarios, document exercise outcomes, and track corrective actions

• Serve as a trained first responder resource during hazmat spill events and facility emergencies.

Training & Safety Culture

• Deliver EHS training sessions for new hires, annual refreshers, and specialized hazard-specific programs; manage attendance records and completion documentation in the LMS

• Administer the near-miss and hazard reporting program: process submissions, acknowledge reporters, route items for investigation, and track closure

• Develop training aids, visual safety communications, toolbox talk materials, and job aids for manufacturing floor audiences under guidance

• Partner with supervisors and engineers to reinforce EHS requirements during daily operations, pre-job briefings, and toolbox talks

Environmental Sustainability & Stewardship

• Track and compile facility waste stream data: hazardous waste generation volumes, universal waste, non-hazardous solid waste, and recycling; maintain monthly logs for regulatory reporting

• Monitor air emissions sources and stormwater management controls; collect samples and document inspections per permit requirements

• Maintain the chemical management program: track chemical inventory quantities, ensure proper storage segregation, and support substitution evaluations for hazardous substances

Program Administration & Reporting

• Maintain the EHS management system (EHSMS) with current inspection records, incident data, training completions, chemical inventory, and corrective action status

• Compile EHS metrics and leading/lagging indicator data (injury rates, inspection completion, training compliance, near-miss frequency) for EHS Manager review and dashboard reporting

• Maintain organized EHS files, permit binders, and program documentation in compliance with recordkeeping retention requirements

• Research regulatory updates and emerging EHS best practices; summarize findings for EHS Manager review

Required Qualifications:

• 3–5 years of hands-on EHS experience in a manufacturing, defense, or industrial environment

• Working knowledge of OSHA 29 CFR 1910 General Industry standards and basic EPA environmental compliance requirements

• Experience conducting JHAs, safety inspections, and incident investigations in a manufacturing setting

• Familiarity with industrial hygiene sampling methods, PPE selection, and hazardous materials handling

• Strong attention to detail and accuracy in regulatory recordkeeping and documentation

• Effective written and verbal communication skills; ability to deliver training and interact with production floor personnel

• Ability to obtain and maintain a U.S. Government Secret security clearance

Preferred Qualifications:

• Bachelor’s degree in Occupational Health & Safety, Environmental Science, Industrial Hygiene, Engineering, or closely related field (or Associate’s degree with equivalent experience)

• Associate Safety Professional (ASP) working toward CSP, OSHA 30-Hour General Industry, or HAZWOPER (24 or 40 hour) certification

• Experience in aerospace, defense, or government contracting environments

• Familiarity with RF/EMF safety standards (IEEE C95.1, ICNIRP), laser safety (ANSI Z136.1), or beryllium/composite hazard programs

• Experience with energetic materials, pyrotechnics, or propellant handling per DDESB standards

• EHSMS / GRC platform experience (KPA, Cority, Vector solutions, VelocityEHS, or equivalent)

Core Competencies:

Technical

• OSHA General Industry compliance inspection and recordkeeping

• Job Hazard Analysis (JHA) and Process Hazard Analysis (PHA) support

• Industrial hygiene sampling: air monitoring, noise dosimetry, ergonomic assessment

• Hazardous waste characterization, manifesting, and RCRA recordkeeping

• Incident investigation support and CAPA tracking

• EHS training delivery and LMS administration

• EHSMS data entry, metrics compilation, and compliance calendar management

Behavioral

• Attention to detail and accuracy in a regulated documentation environment

• Field presence and credibility on the manufacturing floor

• Proactive identification and escalation of hazards and compliance gaps

• Reliability and follow-through on corrective action commitments

• Collaborative approach with supervisors, engineers, and security personnel

• Composure and sound judgment during emergency response situations

Work Environment & Physical Requirements:

• Primarily manufacturing floor, regular exposure to noise, chemical vapors, vibration, and temperature extremes

• Required to wear PPE including respirators (fit-test required), hearing protection, chemical-resistant gloves, and safety glasses.

• Ability to lift up to 35 lbs; prolonged standing, walking, and climbing across large production floor and rooftop/utility areas

• Must be able to work in controlled-access areas following applicable security protocols

• Occasional off-hours response required for environmental releases, serious incidents, emergency drills, or after-hours sampling

THE ROLE
The Senior Manager, Security Operations – Detection Engineering & Incident Response will lead and evolve Pure’s Security Operations (SecOps) function across Detection Engineering, Threat Intelligence, and Incident Response (CIDR). The mission is to transform SecOps into a proactive, intelligence-driven, and outcome-oriented program that measurably reduces enterprise risk and strengthens security posture across cloud, SaaS, infrastructure, and endpoint environments.

This role sits at the intersection of detection, incident response, threat hunting, attack surface management, and platform security. You’ll build and mature a high-signal detection and response system — from telemetry pipelines to actionable alerts — ensuring every detection maps to real attacker behavior and closes meaningful risk paths.

You’ll partner closely with leaders across GRC, Product Security, Infrastructure, IAM, and Engineering to operationalize risk-informed detections, mature IR processes, and drive measurable improvements in security posture.

WHAT YOU’LL DO

• Lead and mature the Detection Engineering and CIDR functions across threat detection, response workflows, incident triage, and automation

• Build and maintain a comprehensive detection inventory categorized by threat type, log source, MITRE mapping, and detection method

• Drive continuous validation through red team, purple team, and atomic testing

• Own key SecOps metrics such as MTTD, MTTR, and alert quality to improve signal-to-noise ratio and detection confidence

• Oversee ingestion of telemetry (AWS, Azure, SaaS, endpoint, network) into Splunk and SOAR pipelines

• Ensure incident response workflows are automated, repeatable, and outcome-focused

• Lead post-incident reviews and root-cause analyses, tracking corrective actions to closure

• Correlate threat intelligence, detection gaps, and hunt findings into prioritized roadmap updates

• Drive detection-to-remediation loops by partnering with ASM, Infra, IAM, AppSec, and GRC teams

• Produce dashboards that connect technical posture to business risk and ownership metrics

• Lead scenario-based tabletops, detection drills, and incident simulations

We are primarily an in-office environment and therefore, you will be expected to work from the Santa Clara, CA office in compliance with Pure’s policies, unless you are on PTO, work travel, or other approved leave.

WHAT YOU BRING

• 10+ years in cybersecurity, including 5+ years in detection, incident response, or SecOps leadership

• 5+ years of people management experience, including direct management of security engineering, detection engineering, or incident response teams, with responsibility for coaching, performance management, and team development.

• Proven experience leading detection engineering and incident response teams at enterprise scale

• Deep expertise with:

  • SIEM (Splunk preferred), SOAR (Tines, XSOAR), and EDR (CrowdStrike)

  • Cloud telemetry and detection (CloudTrail, GuardDuty, VPC flow)

  • Threat modeling, MITRE ATT&CK, and TTP-to-detection lifecycle

• Experience with detection-as-code practices, version control, and CI/CD pipelines

• Hands-on skills validating detections through replay, simulation, and log mining

• Familiarity with frameworks such as CIS Controls, NIST 800-53, and SOC 2

• Ability to translate complex security data into clear, executive-level insights

• Proven cross-team collaboration with Infra, GRC, Product Security, and App teams

• Strong written and verbal communication with an emphasis on clarity and measurable outcomes

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related technical field, or equivalent practical experience

Preferred Qualifications

• Experience operating in hybrid cloud and SaaS-heavy environments

• Understanding of attacker behavior, threat intel feeds, and threat hunting workflows

• Familiarity with secrets detection, data exfiltration indicators, and IAM anomaly detection

• Certifications such as CISSP, GCIH, GCIA, OSCP, AWS Security, or equivalent

• Master’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, Business Administration (MBA), or a related field

#LI-ONSITE 

#LI-TH3

The Impact You’ll Be Contributing to Moloco: 

The Program Manager within the Enterprise Compliance Office (ECO) drives execution of Moloco’s global compliance priorities by translating strategy into structured, measurable, and repeatable delivery. You’ll lead high-impact, cross-functional programs, bring structure to ambiguity, and build scalable systems that enable the business to grow across multiple regions and regulatory environments. You’ll gain deep exposure to how a modern and global compliance organization operates while developing expertise at the intersection of compliance, operations, and data-driven execution.

This role will report to the Enterprise Compliance Officer & Associate General Counsel (Employment & Ethics) and will partner cross-functionally across Legal, Security/GRC, Product, Engineering, People, Finance, and Business teams to coordinate complex global compliance initiatives, manage dependencies, and ensure that our most important compliance commitments are delivered on time with high quality. In addition to core program management responsibilities, this role incorporates targeted analytical capabilities to strengthen evidence readiness, data quality, and operational rigor across compliance workflows.

This role is based near our Menlo Park, CA office and follows a hybrid in-office schedule.

The Opportunity: 

• Lead end-to-end program management for enterprise global compliance initiatives, coordinating across teams to deliver on commitments, risks, and milestones.
• Create and drive integrated program plans and workflows, including roadmaps, milestones, dependencies, resourcing, decision points, and standardized intake and routing processes. Track intake volume, cycle time, handoffs, and rework drivers.
• Apply creative, practical problem-solving to navigate ambiguity and develop scalable solutions across complex compliance challenges.
• Define and manage the program delivery approach, including plan structure, operating cadence, and change control.
• Drive cross-functional alignment across Legal, People, Security/GRC, Product, Engineering, and business teams.
• Sequence work and manage interdependencies across initiatives to ensure timely delivery of program milestones.
• Track overall program health, identify risks or delays, develop risk mitigation plans, and escalate issues as needed to keep work on track.
• Operate program governance, including decision logs, RAID tracking, status reporting, and escalation management through resolution.
• Ensure audit and regulatory readiness by tracking commitments and delivering high-quality, complete, and well-documented outputs suitable for governance and executive review.
• Establish and manage remediation pipelines, ensuring clear ownership, severity, timelines, and evidence of closure.
• Build and maintain program metrics and dashboards, including KPIs, OKRs, and KRIs, to improve visibility and predictability. Analyze compliance data, documentation, and workflows to identify gaps, inconsistencies, and opportunities for improvement.
• Strengthen evidence quality and documentation standards in partnership with control owners and stakeholders.
• Develop and scale repeatable program infrastructure, including playbooks, templates, workflows, and tooling, to improve operational maturity.

How Do I Know if the Role is Right For Me? 

• 8-10+ years of relevant compliance experience, including in-house experience, preferably in fast-paced, high-growth or startup environments.
• Strong program management foundation, with experience leading complex, cross-functional initiatives (PMO experience or certification preferred).
• Experience in compliance, legal, risk, privacy, security, audit, or regulated environments.
• Ability to translate ambiguity into structured plans, manage shifting priorities, and drive execution.
• Strong communication and drafting skills, with the ability to influence executive stakeholders and collaborate cross-functionally.
• Highly organized, proactive, and self-directed, with a hands-on, “roll up your sleeves” approach and ability to manage multiple priorities.
• Experience building or supporting:
  • Program governance frameworks (cadence, reporting, escalation)
  • Metrics, dashboards, and reporting structures
  • Audit readiness or evidence tracking processes
• Demonstrated ability to:
  • Analyze data, documentation, and workflows to identify gaps and improve processes
  • Maintain high-quality documentation and evidence standards
  • Partner with stakeholders to operationalize compliance requirements into scalable processes.
• Familiarity with tools such as Jira, Confluence, GRC platforms, and other program, project, or workflow management systems.
• Comfortable working in a fast-paced, global environment with multiple stakeholders and competing priorities.

The Security Governance Team

If you want to be a part of a dynamic, forward-thinking Governance, Risk and Compliance organization focused on building a best-in-class, cutting edge governance program, come join the Security Governance Team at Okta. As a critical foundation of GRC, the Security Governance team’s mission is to provide the documentation, policy adherence, and advisory backbone needed to drive secure operations and behaviors at Okta and position the company as a global leader in security best practices. We are seeking a dedicated and detail-oriented Principal Data Security Engineer to join our team. The ideal candidate will drive Okta’s internal data security strategy and uplift capabilities for safeguarding sensitive information throughout the company.

The Role

The Principal Data Security Engineer will be the business owner of Okta’s data protection tool suite and will be responsible for envisioning, implementing, and maturing data security strategies across Okta, including enforcement of data retention, authoring and implementing data encryption and obfuscation minimums, establishing secure key management best practices, uplifting data handling controls and safeguards, and automating security workflows. This role demands a high level of technical expertise and deep experience with data security applications and services, such as Okta, Crowdstrike, and Palo Alto Networks. This role will work closely with a wide array of internal stakeholders, such as Data Loss Prevention (DLP) Engineering, Defensive Cyber Operations, Defensive Cyber Engineering, and Legal, as well as technology and cloud support teams. This role requires a thorough understanding of DLP technologies such as data security posture management (DSPM), endpoint detection and response (EDR), and cloud access security broker (CASB) as well as significant working experience in the data security and protection domain.

The right candidate will have experience operating in a mature security control environment, will have a strong background in managing mature data security and privacy functions in corporate settings, and will possess a proven track record of successfully implementing complex projects in cross-collaborative teams. The ideal Principal Data Security Engineer will be able to identify and drive appropriate data security strategy that mitigates Okta’s key security risks, including recommending enhancements such as compensating controls and other preventative measures.

The Principal Data Security Engineer will have strong familiarity with security compliance frameworks (e.g., NIST, ISO, PCI) and will be competent in summarizing complex scenarios for management review. If you are a self-starter who wants to make a difference in a global cloud security company, come help us lead the way.

What you'll be doing

• Serve as the business owner of Okta’s data protection tool suite
• Evaluation and implementation of security tools and services
• Design, establish, and implement the strategy for a multi-year data security maturity roadmap
• Identify patterns and trends in data loss incidents to enhance preventative and detective measures
• Collaborate with the Cyber Defense Team and Technology, Data & Intelligence (TDI) Team to realize data security controls within Okta’s data security technology stack
• Oversee and manage the development, implementation, and uplift of DLP rules
• Work closely with technology teams, Legal, Compliance, and other business units to ensure execution of comprehensive data protection strategies
• Provide clear and concise reports and documentation on data loss incidents and resolutions
• Ability to manage complex projects, including identifying dependencies and evaluating impact

What you'll bring to the role

• Bachelor’s degree in Information Security, Computer Science, or equivalent experience 
• 10+ years of experience in information security with a focus on data security and privacy
• Strong understanding of data protection principles and technologies
• Experience with network security, endpoint security, and cloud security solutions
• Certifications such as CISSP, CISA, CISM, or CDPSE are preferred
• Demonstrated experience working in commercial security roles aligned with security compliance frameworks (e.g., NIST, ISO, PCI)
• Experience in building productive relationships and driving collaboration with both technical and non-technical teams
• Clear ability to communicate the desired business outcomes and requirements to technologists building solutions
• Ability to operate effectively in a remote environment
• Self-starting, self-motivated, self-directed, and self-sufficient

Requirements

• Deep understanding of data security, data protection, and data privacy workstreams and related tooling (DSPM, DLP, CASB..etc)
• Demonstrated experience managing projects and data security tool implementations at a large/comparably sized company, ideally in a regulated industry; and/or Big 4 candidates with related engagement experience
• Strong security background; security certification preferred (e.g., CISA, CISM, CISSP, CDPSE)
• Bachelor’s degree or higher in cybersecurity or a related technical focus area and/or equivalent practical experience
• Strategic thinker with strong analytical and critical thinking skills
• Experience managing small teams and/or more junior team members is strongly preferred

#LI-SM1

#LI-HYBRID

P16924_3342877

ABOUT THE TEAM

The Corporate Assurance Team manages enterprise cybersecurity governance, risk, and compliance (GRC) by implementing and operationalizing global compliance frameworks across Anduril's corporate and product environments. The team serves as the bridge between regulatory requirements and engineering execution, ensuring that Anduril's rapidly evolving technology stack meets the highest standards of security and compliance.

ABOUT THE JOB

The Compliance Engineer is a technically hands-on role responsible for driving automation, compliance, and security engineering principles into the design, integration, and operation of Anduril's internal systems. This individual will be instrumental in securing Anduril's software development process by translating complex compliance requirements into scalable, automated, and developer-friendly solutions.

The ideal candidate brings a strong DevSecOps background with deep expertise in cloud infrastructure security, embedded systems security, and federal compliance frameworks. They are equally comfortable writing Terraform modules as they are interpreting NIST controls, and they thrive at the intersection of security policy and engineering execution.

This is not a paperwork-driven compliance role. This is a builder's role. You will architect and automate compliance infrastructure that enables Anduril's engineering teams to deploy secure, compliant applications by default — removing bottlenecks rather than creating them.

WHY THIS ROLE MATTERS

At Anduril, compliance is not a checkbox — it is an engineering discipline. The Compliance Engineer plays a critical role in ensuring that Anduril can move fast without compromising the security and regulatory posture required to serve national defense missions. By building compliance into the foundation of our infrastructure, you will directly enable engineering teams to focus on what they do best: building transformative technology that protects those who protect us.

KEY RESPONSIBILITIES

Infrastructure & Automation

• Design, develop, and maintain Infrastructure as Code (IaC) and Policy as Code (PaC) that enforce compliance with NIST SP 800-171 and 800-53, CMMC, and other applicable frameworks, enabling developers to deploy CMMC-certified applications using pre-packaged, compliant infrastructure templates.
• Architect, build, and deploy robust, scalable security controls across Anduril's corporate, development, and production cloud environments (AWS, Azure, GCP) and on-premise environments.
• Develop and automate IaC pipelines for managing and scaling cloud deployments securely and efficiently, including automated pipelines for deploying infrastructure, applications, and updates.
• Build automation for procedural compliance controls, generating compliance and audit artifacts at scale without manual intervention.
• Develop security models that integrate Continuous Monitoring (ConMon), DISA STIG scanning, and compliance reporting into a unified, automated workflow.
• Ensure that compliance requirements for rapid, secure deployments translate into robust, repeatable tool chains.

Compliance Engineering & Framework Implementation

• Analyze, interpret, and operationalize federal and industry cybersecurity regulations, including NIST SP 800-171 and 800-53, CMMC, FedRAMP, and SOC 2, translating regulatory language into actionable engineering guidance and enforceable technical controls.
• Evaluate system architectures and configurations to ensure alignment with required security controls for moderate-impact information systems.
• Interface directly with infrastructure teams to verify and enforce compliance across existing on-premise and cloud stacks, identifying gaps and driving remediation.
• Collect, review, and where necessary modify system architecture to meet evolving compliance requirements, ensuring that security is embedded into the design phase rather than bolted on after the fact.
• Conduct compliance testing, studies, and assessments of Anduril's products and integrated components to uncover potential weaknesses and validate control effectiveness.
• Develop, update, and maintain cybersecurity policies, standards, procedures, and playbooks in coordination with the Information Security Team.
• Stay current on changes to federal and industry cybersecurity regulations and proactively communicate their impact to engineering and leadership teams.

Cross-Functional Collaboration & Enablement

• Partner with engineers, the DevSecOps Team, and the Automation Team to implement and verify security controls in both corporate and product software environments.
• Act as a force multiplier by embedding security best practices into the workflows of infrastructure, application, and product teams, particularly for environments holding mission-critical data.
• Support and expedite the new software onboarding process by evaluating the technical requirements of new software for CMMC compliance and guiding developers through the path to compliant deployment.
• Coordinate and deliver briefings to ensure Anduril's technical teams understand their compliance obligations, translating complex security concepts for diverse technical and non-technical audiences.
• Brief security architectures and approaches to program leadership, providing clear recommendations and risk-informed guidance.
• Work closely with Information Systems leadership, project managers, and stakeholders to integrate compliance requirements into active projects and update or modify compliant systems as organizational needs evolve.
• Collaborate with other principals and subject matter experts to ensure end-to-end automation across the compliance lifecycle.
• Act as SME for security and automation topics during internal reviews, audits, and cross-team planning sessions.

Strategic & Advisory

• Develop strategies and implementation plans for compliance-related matters, advising management on risk posture, regulatory changes, and investment priorities.
• Institute best-practice procedures for compliance and risk mitigation across the organization.
• Guide technical and operational decision-making towards future product offerings and efficient organizational processes.
• Ensure the company's ongoing technical compliance with all applicable laws, regulations, and contractual obligations.
• Produce clear documentation and reporting on compliance testing outcomes, process improvements, and emerging risks.

REQUIRED QUALIFICATIONS

Education & Experience

• 3+ years of professional experience in Cloud Security, DevSecOps, Site Reliability Engineering (SRE), or a related security engineering role.
• Background in one or more of the following disciplines: Systems Security Engineering, Cybersecurity, Systems Engineering, Software Engineering, Computer Engineering, or Computer Science.
• Proven experience building and securing complex cloud environments at scale.
• 3+ years of hands-on experience working with compliance frameworks such as CMMC, NIST SP 800-171 and/or 800-53, and FedRAMP.
• Previous work on security engineering and architecture for defense/national security systems and/or complex embedded commercial systems is strongly preferred.
• Hands-on experience executing against recurring operational regulatory requirements (e.g., continuous monitoring, periodic assessments, audit cycles).

Technical Skills

• Deep proficiency in at least one major cloud provider (AWS, Azure, or GCP), with a strong understanding of cloud infrastructure and security concepts.
• Strong hands-on experience with Infrastructure as Code tools, particularly Terraform; experience with CloudFormation or Bicep is a plus.
• Demonstrated ability to build, deploy, and manage Terraform modules and infrastructure templates in production environments.
• Solid programming and scripting ability in one or more languages (e.g., Python, Go, Rust).
• Firm understanding of public cloud networking principles, including VPCs, subnets, routing, security groups, and network segmentation.
• Proficiency with core security concepts including encryption, authentication, identity and access management, and Zero-Trust Architecture (ZTA).
• Experience with continuous monitoring and security tooling such as Tenable, Splunk, Elasticsearch, or equivalent platforms.

Soft Skills & Competencies

• Ability to communicate compliance requirements clearly and effectively to engineering teams, development teams, and non-technical stakeholders.
• Strong understanding of the "why" behind product, systems, and security design decisions — not just the "what."
• Comfort working at the interface of compliance and infrastructure engineering, with the ability to context-switch between policy interpretation and hands-on technical work.
• Self-directed, with the ability to prioritize across multiple concurrent compliance and engineering initiatives.

Eligibility

• Must be eligible to obtain and maintain a U.S. Secret security clearance.

PREFERRED QUALIFICATIONS

• Experience hardening and monitoring Kubernetes clusters (EKS, GKE, AKS).
• Experience with Cloud Security Posture Management (CSPM) or cloud-native threat detection tooling.
• Familiarity with CI/CD pipelines and experience securing the software supply chain.
• Experience with security assessment methodologies and vulnerability management programs.
• Relevant certifications such as AWS Solutions Architect, Certified Kubernetes Administrator (CKA), CISSP, CISM, or CompTIA Security+.
• Experience working in fast-paced, high-growth defense technology environments

The Role

We are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.

You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.

This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.

What You’ll Do

1. Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
2. Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
3. Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
4. Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
5. Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
6. Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
7. Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
8. Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
9. Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
10. Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
11. Help mentor and develop more junior team members as the program and team scale

What We’re Looking For

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffs
• Experience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiable
• Strong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatory
• Proven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk silo
• Strong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiences
• Comfort with data; SQL experience or the ability to query and analyze data independently is a strong plus
• Experience supporting or leading regulatory exams in a financial services or fintech environment

Nice to Have

• Experience building a TPRM program from scratch at a high-growth company
• Familiarity with GRC platforms and common TPRM tooling
• Working knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)
• Prior people management or team lead experience

Flex takes a market-based approach to pay, ensuring compensation is commensurate with a candidate's experience and our internal leveling guidelines. For candidates located in our Tier 1 markets (NYC/ SF), the base salary pay range for this role is $176,000—$220,000 USD. For all other U.S. locations, Flex utilizes a geographic pay differential based on a cost of labor index. If you are located outside of the Tier 1 states listed above, your starting pay will be adjusted to align with the market conditions of your specific geographic zone. Please speak with your recruiter for additional information regarding the specific range for your location.

The Opportunity

As a Security Sales Specialist, you'll partner with Enterprise Account Executives to drive adoption of Datadog’s Security platform across key accounts. This is a high-impact role focused on positioning our Security solutions (Cloud SIEM, Cloud Workload Security, CSPM, and more) into new and existing customers—expanding our footprint and helping customers modernize their security stack in the cloud.

What You'll Do

• Act as the subject matter expert (SME) for Datadog Security products across a targeted account patch

• Collaborate closely with Enterprise AEs to support net new logo acquisition and expansion in strategic accounts

• Own and drive the security sales cycle from discovery to technical close, working closely with Sales Engineers

• Evangelize Datadog’s security story to security leaders (CISO, Security Architects, SecOps)

• Work cross-functionally with Datadog's partner, channel, and alliance teams to drive joint go-to-market motions

• Co-sell effectively with AEs and partners, contributing to deal strategy, solution alignment, and stakeholder engagement

• Stay informed on security trends and competitive offerings to differentiate Datadog
   

Requirements

• Proven success selling into security buyers (CISO, SecOps, GRC, etc.)

• Experience co-selling in a matrixed environment, supporting or partnering with AEs and cross-functional teams

• Strong understanding of the partner/channel sales model, including how to navigate and influence joint selling motions

• Familiarity with modern security solutions such as SIEM, CSPM, CWPP, container/Kubernetes security

• Ability to build strong relationships with internal stakeholders, partners, and customer technical teams

The Opportunity:

We are seeking an experienced and strategic leader to serve as Director, Information Sciences Governance, Risk & Compliance (IS GRC), reporting directly to the VP, IS Security, Risk, and Compliance. This person will be responsible for leading and maturing the IS GRC program, ensuring that IS governance processes, technology risk management practices, third-party risk management, and compliance activities effectively support business objectives and protect the organization.

As a key leader within Information Sciences, this individual will partner closely with Security, Infrastructure, Enterprise Applications, Data & Analytics, Legal, Privacy, Quality, Finance, HR, Procurement, and other cross-functional stakeholders to establish a scalable and pragmatic IS GRC framework. They will help the organization navigate a dynamic regulatory, technology, and business environment by strengthening controls, driving compliance readiness, improving risk visibility, managing third-party risk, and enabling informed decision-making across IS.

This role is ideal for a leader who can balance strategic program development with operational execution, build trusted partnerships across the organization, and translate regulatory, technical, and control requirements into practical processes that enable the business.

Key Responsibilities:

• IS GRC Program Leadership: Lead and evolve the Information Sciences Governance, Risk & Compliance program, including policies, standards, risk frameworks, compliance processes, and reporting.

• IS Governance: Develop, implement, and maintain governance structures, policies, standards, and procedures to support IS objectives, regulatory obligations, and internal accountability.

• Technology Risk Management: Establish and manage processes to identify, assess, prioritize, track, and report key IS, cybersecurity, data, third-party, and operational risks. Partner with stakeholders to develop mitigation and remediation plans.

• Third-Party Risk Management: Lead and mature the third-party risk management program for Information Sciences, including risk assessment and oversight of vendors, service providers, and technology partners. Partner with Procurement, Legal, Security, Privacy, and business stakeholders to evaluate third-party controls, contractual requirements, and remediation plans to ensure third-party services meet company risk and compliance expectations.

• Compliance Management: Oversee IS compliance initiatives related to applicable laws, regulations, contractual obligations, and internal policies. Coordinate control assessments, compliance reviews, and readiness efforts for audits and inspections.

• Internal Controls: Partner with IS and business teams to design, document, evaluate, and improve IT and IS-related controls and monitor their effectiveness over time.

• Policy and Standards Management: Drive the development, review, communication, and maintenance of IS policies, standards, baselines, and related procedures to ensure consistency, usability, and alignment with company requirements.

• Audit and Assessment Support: Coordinate and support internal and external audits, risk assessments, and evidence requests related to Information Sciences systems, processes, and controls. Track observations and corrective actions through closure.

• Cross-Functional Partnership: Build strong relationships across the business to understand technology risks, compliance obligations, and operational challenges, and to promote a culture of accountability and continuous improvement.

• Metrics and Reporting: Develop meaningful dashboards, metrics, and executive reporting to communicate IS program health, compliance posture, risk trends, and remediation progress to senior leadership.

• Training and Awareness: Promote awareness of IS governance, risk, and compliance responsibilities across Information Sciences and the broader organization through communication, training, and stakeholder engagement.

• Continuous Improvement: Stay informed about emerging regulations, industry trends, and best practices in IT/IS governance, cybersecurity compliance, privacy, and risk management, and incorporate them into program enhancements.

• This person will also coordinate with existing service delivery teams in Information Sciences to ensure that high levels of service and support are maintained.

Required Skills, Experience and Education:

• Bachelor’s degree or equivalent and a minimum of 10+ years of experience in Information Technology, Information Sciences, governance, risk management, compliance, internal audit, cybersecurity compliance, or related functions, including leadership experience in a regulated industry.

• Proven track record of building, managing, and scaling IS or IT GRC programs in complex organizations.

• Experience partnering across IS, security, legal, privacy, quality, procurement, finance, and business teams to drive risk-informed and compliant technology practices.

• Strong understanding of IT governance, technology risk management, internal controls, policy management, third-party risk management, and compliance operations.

• Experience working in regulated environments and with relevant frameworks and requirements such as SOX, GxP, GDPR/CCPA, ISO 27001, HITRUST, cybersecurity, privacy, IT general controls, vendor risk management, and audit readiness, as applicable.

• Experience supporting or leading control design, risk assessments, remediation activities, and audit or certification readiness efforts related to ISO 27001, HITRUST, or other relevant compliance frameworks.

• Ability to translate regulatory, audit, and control requirements into practical, business friendly IS processes, standards, and guidance.

• Entrepreneurial spirit; thrives in a fast-paced, high-growth, midsize company environment.

• Comfortable handling ambiguity and navigating through evolving processes, priorities, and organizational needs.

• Highly organized, with strong attention to detail and accuracy.

• Committed to meeting and exceeding high standards for quality and continuous improvement.

• Builds rapport and credibility as an effective strategic partner.

• Fosters team collaboration, breaks down silos, and is able to influence without authority.

• Skilled at conflict resolution, negotiation, and driving alignment across diverse stakeholder groups.

• Acts with urgency and sound judgment. Enjoys enabling others and solving complex problems.

• Ability to manage multiple initiatives, activities, and priorities simultaneously and autonomously.

• Strong written and verbal communication, presentation, and facilitation skills, with the ability to distill complex information for senior leadership.

Preferred Skills:

• Master’s degree or equivalent in Information Technology, Business, Risk Management, Cybersecurity, or a related field.

• Relevant certifications such as CISA, CISM, CRISC, CISSP, CGEIT, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, HITRUST CCSFP, or similar are preferred.

• Experience leading or supporting ISO 27001 and/or HITRUST implementation, certification, surveillance, or readiness programs is strongly preferred.

• Experience leading or supporting IT/IS governance, cybersecurity compliance, privacy, audit, or risk programs in the pharmaceutical, biotechnology, life sciences, or other highly regulated industries.

• Experience with third-party risk management, policy governance platforms, GRC tooling, control automation, and audit management solutions is a plus.

• Experience developing and operationalizing IS policies, standards, procedures, and control frameworks across enterprise applications, infrastructure, cloud environments, and data platforms is desirable.

• Experience developing executive-level reporting and dashboards for IT or IS risk and compliance programs is desirable.

• Experience standing up or maturing enterprise IT governance, security governance, third-party risk management, or technology compliance monitoring programs is a plus.

• Experience working with cross-functional stakeholders to align security, privacy, compliance, and business requirements into scalable operational processes is preferred. 

  #LI-Hybrid  #LI-YG1

Role Overview

ID.me is seeking a Technical Program Manager – Security Assurance to serve as the operational backbone of our external compliance programs. You will co-own the end-to-end lifecycle of controls, policies, and program-specific documentation for FedRAMP, ISO 27001, and SOC 2, with additional contributions to Kantara accreditation.

You will drive cross-functional alignment independently, owning outcomes rather than tasks. A unique requirement of this role is high proficiency with AI tools; our team utilizes purpose-built AI agents for evidence validation, control evaluation, and finding management. Fluency in AI-assisted workflows is essential.

This role is based out of our Mountain View, CA or McLean, VA offices and requires full-time in-office attendance.

Core Responsibilities

• 3+ years of experience operating security or compliance programs aligned to FedRAMP or NIST 800-53.
• 2+ years leading internal or external audits end-to-end, either as audit manager, program owner, or auditor.
• Experience managing control lifecycles, POA&M remediation, and continuous monitoring in a cloud-native environment (AWS or GCP).
• Hands-on experience with a GRC platform (LogicGate preferred) for control tracking, evidence management, and findings remediation.
• Demonstrated professional use of AI tools to support drafting, analysis, evaluation, or workflow automation within compliance or technical programs.

Preferred Qualifications

• Experience managing FedRAMP Continuous Monitoring and Significant Change Requests.
• Familiarity with NIST SP 800-63, digital identity systems, or Kantara accreditation.
• Certifications such as CISSP, CISA, CCSK, or ISO 27001 Lead Auditor.
• Experience in SaaS, FinTech, GovCloud, or other regulated technology environments.

#LI-JS1

Role Overview

ID.me is seeking a GRC Engineer to design, build, and operate AI agents that automate the compliance lifecycle across FedRAMP, ISO 27001, SOC 2, and Kantara accreditation programs.

This role is a technologist that focuses on solving GRC domain problems with automation and AI.. You will write code and build tooling to scale GRC capabilities and reduce the compliance burden.. You will own engineering AI capabilities while also have the skillset to dive into compliance issues as another set up hands..

The primary initial challenge is automated evidence collection. You will develop programmatic methods to extract evidence from source systems, feed it into evaluation agents, and enable continuous monitoring to replace traditional annual snapshots with ongoing automated assurance.

This role is based out of our Mountain View, CA or McLean, VA offices and requires full-time in-office attendance

Core Responsibilities

• Own the full development lifecycle for AI agents designed to automate evidence collection, evaluation, and continuous monitoring.
• Serve as the technical lead for LogicGate and our GRC SaaS integrations, ensuring the platform scales with our data needs.
• Develop programmatic methods to extract evidence from source systems (AWS, GCP, GitHub) and feed it into evaluation agents to replace traditional annual audits.
• Act as a high-bandwidth teammate capable of picking up slack in "traditional" GRC areas: policy authoring, change management, and manual controls enforcement.
• Support the team's deep-dive efforts into FedRAMP, ISO 27001, and SOC 2, translating domain expertise into automated agent logic.
• Build and maintain integration layers (MCP servers, APIs) that allow GRC tools to interact seamlessly with our internal ecosystem (Jira, BigQuery).
• Contribute towards preparing compliance documentation, control evidence, and control owners for internal and external audits

Basic Qualifications

• 5+ years of software engineering experience.
• Experience building AI/ML-powered applications or agentic systems.
• Proficiency in Python (or another language) and experience with API integrations/data processing.
• Familiarity with at least one compliance framework (FedRAMP, ISO 27001, SOC 2, or NIST).
• Experience with Git, CI/CD, and deploying production-grade services.

Preferred Qualifications

• Experience with the Anthropic Claude API, Model Context Protocol (MCP), or Claude Agent SDK.
• Experience extracting data from cloud infrastructure (AWS, GCP) or security tooling (SIEM, vulnerability scanners).
• Familiarity with GRC platforms (LogicGate, ServiceNow) or compliance data models.
• Experience with OSCAL (Open Security Controls Assessment Language).
• Background in highly regulated environments (FinTech, GovCloud, Healthcare).

#LI-JS1

About the Team

The Information Security organization at Postman operates across three pillars: Governance Risk & Compliance (GRC), Product Security, and Security Operations. We are a team of builders, not checkbox-checkers. We hold active SOC 2 Type II, ISO 27001, ISO 42001, and HIPAA compliance postures, and we are pursuing FedRAMP High and CMMC Level 2 authorization. Our security stack includes Wiz, SentinelOne, Okta, Jamf, and 1Password, and we operate across a multi-cloud environment.

The Offensive Security team is the "red" pulse of this organization. We don't just find bugs — we simulate the adversary to ensure our defenses hold up under real-world pressure. We focus on continuous security validation, AI-augmented adversary emulation, and offensive AI security research at Postman's scale.

The Opportunity

We are looking for a Senior Manager, Offensive Security who is as much a strategist as they are a hacker. You will own the strategic direction of Postman's offensive security program — including building out a dedicated Offensive AI Security capability from the ground up — and operate as a key partner to CISO leadership on threat-informed defense strategy.

This is not a role where you inherit a mature program and keep the lights on. You will shape what offensive security looks like at Postman for the next three years, with a specific mandate to make us an industry leader in adversarial testing of AI systems, agentic workflows, and LLM integrations.

You will lead a team that doesn't just "report" vulnerabilities but "demonstrates" them, using live exploits to build a deep, visceral security culture across the entire engineering organization.

What You’ll Do

Strategy & Program Ownership

• Set Strategic Direction: Define and execute the multi-year offensive security roadmap, aligning Red Team, Purple Team, and continuous validation capabilities to Postman's evolving threat landscape and business priorities.

• Build the Offensive AI Security Practice: Stand up and scale a dedicated offensive capability targeting AI/ML systems. This includes adversarial testing of LLM integrations, agentic workflows (MCP, tool-use chains), RAG pipelines, and model-serving infrastructure. You will define the methodology, tooling, and engagement frameworks from the ground up.

• Develop AI Threat Intelligence: Track and operationalize the rapidly evolving AI threat landscape — OWASP LLM Top 10, MITRE ATLAS, emerging attack research on agentic systems — translating external research into internal red team playbooks and detection hypotheses for Security Operations.

Hands-On Technical Leadership

• Red Team AI Systems at Depth: Go beyond checkbox assessments. Lead structured adversarial campaigns against Postman's LLM deployments, AI agents, and model pipelines — targeting prompt injection, tool-use abuse, data exfiltration via context manipulation, training data poisoning, model manipulation, and trust boundary violations in multi-agent architectures.

• Architect Autonomous Testing: Design and deploy AI-based penetration testing platforms and autonomous agents to perform continuous security validation across our API ecosystem.

• Continuous Validation: Move from manual pentesting to Continuous Offensive Security, integrating automated breach and attack simulation (BAS) into CI/CD pipelines, including AI model deployment pipelines.

People Leadership

• Lead & Cultivate: Build, manage, and scale a high-performing team of offensive security engineers — including specialized AI red team operators — providing mentorship, career development, and succession planning.

• Recruit for the Future: Identify and hire talent at the intersection of offensive security and AI/ML — a rare and competitive talent market. Build a pipeline that includes internal development paths for existing security engineers to cross-skill into AI red teaming.

Communication & Influence

• Drive Security Culture through "The Show": Lead live "Exploitable Demonstrations" — technical proof-of-concepts presented to engineering teams that show exactly how a vulnerability could be leveraged, turning abstract risks into tangible learning moments. Place particular emphasis on demystifying AI-specific attack vectors for non-ML engineers.

• Executive Communication: Translate offensive findings into business-level risk narratives for executive leadership, the board, and external stakeholders. Partner with GRC on audit evidence and compliance posture derived from offensive operations, including AI-specific risk frameworks (ISO 42001).

• Cross-Functional Partnership: Operate as a senior technical leader across Product Security, Security Operations, and Engineering, ensuring offensive findings — especially from AI red team engagements — drive measurable improvements in detection, response, and architecture.

About You

• Experience: Minimum of 8 years in offensive security (penetration testing, red teaming, vulnerability research, or exploit development) with at least 4 years in a people management or leadership capacity, including experience managing managers or tech leads.

• AI/ML Offensive Depth: Demonstrated experience attacking AI/ML systems — whether through adversarial ML research, LLM red teaming, agentic system exploitation, or building offensive tooling for AI targets. You understand the difference between prompt injection and indirect prompt injection, know what a tool-use confusion attack looks like, and can articulate why RAG poisoning is a supply chain problem.

• Strategic Acumen: Demonstrated ability to build and scale an offensive security program from the ground up or significantly mature an existing one. Experience setting OKRs, managing budgets, and presenting to executive leadership.

• Adversarial Mindset: Deep understanding of the modern threat landscape and how to apply it to cloud-native, API-first environments — extended to AI-native architectures.

• AI Offensive Tooling Fluency: Hands-on experience with AI-augmented pentesting tools (e.g., PentestGPT, Horizon3, custom LLM-based fuzzing) and purpose-built AI red team frameworks (e.g., Microsoft PyRIT, Garak, custom harnesses). Understanding of how to manage non-deterministic AI outputs in both offensive tooling and target systems.

• Pragmatic Storytelling: You believe that a well-executed exploit demo is more effective than a 50-page PDF. You can present a complex exploit chain — including an AI-specific attack path — to a room of developers in a way that is inspiring, not condescending.

• Engineering Fluency: You prefer building an automated "exploit-as-code" validator over performing the same manual test twice. You can architect evaluation harnesses and adversarial test suites for ML models.

Preferred

• Industry Presence: Track record of contributions to the offensive security or AI security community — conference talks (DEF CON, Black Hat, BSides, RSA), tool releases, published research, CVEs, or active participation in OWASP, MITRE, or similar working groups.

• Certifications: OSCP, OSCE, OSEP, GXPN, GPEN, CRTP, or equivalent hands-on offensive certifications. AI/ML-specific credentials (e.g., GIAC GMAI) are a differentiator.

• Cloud Security Expertise: Deep familiarity with AWS security primitives, cloud-native attack paths, and container/Kubernetes exploitation.

• API Security Depth: Experience with API-specific attack methodologies — BOLA, BFLA, mass assignment, GraphQL abuse, gRPC exploitation — reflecting Postman's core product domain.

• Compliance Awareness: Familiarity with how offensive security outputs map to SOC 2 Type II, ISO 27001, ISO 42001, FedRAMP, or CMMC control evidence. You don't run GRC, but you know how to feed it.

The reasonably estimated base salary for this role ranges from $275,000 to $300,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience. 

Strength in Trust

Our goal at OneTrust is to bring the power of trust to companies all over the world. Using cutting-edge technology and a real-world approach to compliance, privacy, security, ethics, and third-party risk, we’ve created a no-nonsense platform to help supercharge the global push for trust.

The Challenge

Your Mission

• Establish Trusted Advisor status with senior business and technology leaders.
• Develop and present strategic application and architectural design documents leveraging OneTrust best practices.
• Lead strategic workshops and develop high-level solution recommendations based on business objectives and feasibility trade-offs.
• Deliver thought leadership through presentations, webinars, and learning events to highlight customer use cases and reference architectures.
• Provide strategic subject matter expertise through advisory sessions, pre-sales support, and field assistance.
• Collaborate with external teams to align roadmaps and technical architectures with strategic business goals.
• Translate and implement strategic needs into functional OneTrust technology-driven solutions.
• Proactively identify and analyze strategic issues/obstacles and recommend appropriate courses of action.
• Successfully present to both implementation teams and C-level executives, earning their trust.
• Advocate for customers by providing strategic insights to the Product organization on future release needs and challenges.
• Refine and improve internal processes and methodologies based on strategic customer feedback and evolving industry standards.
• Manage multiple strategic engagements simultaneously, ensuring timely and successful delivery.
• Engage with customers to build long-term strategic relationships and ensure ongoing success.
• Mentor junior team members to enhance their strategic skills and knowledge.
• Establish structured feedback loops with customers to continuously improve OneTrust products and services.

You Are/Have

• Demonstrated ability in management, mentorship, and organizational behavior.
• Strategic thinker with the ability to quickly learn and apply new concepts, business models, regulations, and technologies.
• Deep aptitude for communicating complex business and technical concepts using visualization and modeling aids.
• Proven record of accomplishment of establishing trusted advisor relationships with senior stakeholders.
• Demonstrated expertise in customer-facing privacy and security consulting, implementation, and advisory roles.
• Impressive written and verbal communication skills, including proficient presentation abilities.
• Ability to work autonomously, prioritize, multitask, and perform appropriately under deadlines.

Your Experience Includes 

• BA/BS in a related subject is required
• 3-5 years of experience in a Privacy role
• Demonstrated success working with enterprise customers on technical products
• Proven ability to engage across corporate functions (Professional Services, Engineering, Sales and Product Management)
• Functional experience in troubleshooting software and web services
• Experience in using software for reporting and task management such as Salesforce preferred

Extra Awesome 

• Relevant certifications (CIPP/E, CIPP/US, CIPM, CIPT, FIP, GRCP, GRCA, AIGP, LPEC, etc.)
• Knowledge of privacy, ethics, security, data governance, risk management, compliance, or sustainability concepts or industry trends
• Intermediate/ Expert working knowledge of the following:
  • APIs (REST and SOAP)
  • File access, sharing, and/or management workflows (S3 and SFTP)
  • Various web application authorization types (Basic, Bearer, OAuth 2, API Key, Custom, Open ID Connect, etc.)
  • Related programming/scripting languages and libraries (JavaScript, Python, PowerShell, SQL, C#, Ruby, PHP, FreeMarker, etc.)
• Extensive experience implementing and troubleshooting integrations
• Excel at learning emerging technologies and creating technical solutions

Aurora is looking for a Staff Technical Program Manager (TPM) to lead complex security initiatives that span multiple engineering teams and security pillars. In this role, you will partner closely with security leaders, engineering teams, and technical architects to turn security strategy into concrete programs that improve the resilience and safety of Aurora’s systems. 

This role reports to the Security PMO within Aurora’s OneTech organization and sits in the Business Operations pillar. Programs in this role typically span multiple engineering teams and security pillars and may run for several quarters, requiring coordination across senior engineering and security leaders.

In this role you will

• Lead large cross‑team security programs that span Aurora’s security pillars, including Product Security, Cloud Security, Security Engineering, Security Operations, GRC, and Enterprise IT.
• Establish strong program governance across major initiatives, including roadmaps, risk tracking, dependency management, and escalation paths for complex security programs.
• Drive end‑to‑end execution of strategic security initiatives, from planning and roadmap development through delivery and operational handoff.
• Coordinate complex technical work across multiple teams, managing dependencies, removing blockers, and enabling engineering teams to deliver successfully.
• Provide clear visibility into program health through dashboards, leadership reviews, and regular updates to security and engineering leadership.

Required qualifications

• 8–10+ years of experience in technical program management, engineering program management, or security program management in a technology organization.
• 5+ years leading complex cross‑functional technical programs involving multiple engineering teams.
• Experience partnering closely with engineering teams on architecture, platform, or infrastructure initiatives, demonstrating strong systems thinking and technical depth
• Experience managing large‑scale technical systems programs, such as platform security initiatives, infrastructure modernization, or security architecture programs.
• Proven ability to coordinate multi‑team engineering efforts with significant technical complexity and long time horizons.
• Experience managing program governance, cross‑team dependencies, and risk mitigation across multi‑quarter initiatives.

Desirable qualifications

• Experience working in large engineering organizations or high-scale systems, such as distributed systems, cloud infrastructure, or safety-critical platforms.
• Experience delivering programs in security, infrastructure, or platform engineering environments
• Familiarity with security standards or frameworks such as ISO 27001, ISO 21434, or NIST CSF.
• Experience with portfolio planning, PMO frameworks, or large‑scale program governance in engineering organizations.
• Familiarity with security tooling ecosystems, such as vulnerability management platforms, SIEM/SOAR, SAST/DAST, IAM, or cloud security platforms.
• PMP, PgMP, Agile, or SAFe certifications, or equivalent program management training.

The base salary range for this position is $181,000-$262,000. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits. 

#LI-KS1

#Mid-Senior

About the role

We are seeking a multifaceted Corporate Security Engineer who will lead everything that protects our endpoints, networks, collaboration platforms and enterprise data. You will partner closely with IT Infrastructure, Detection & Response, and GRC teams to ensure security controls are effective, scalable, and aligned with business operations. In this role, you are expected to define the roadmap, make architectural decisions, and represent Corporate Security across the company. 

At Applied Intuition, you will:

• Define the value proposition and service model for corporate Security capabilities including but not limited to network hardening, monitoring, infrastructure hardening, data security posture.
• Manage and optimize email security platforms to protect against phishing, malware, business email compromise and advanced email threat protection.
• Continuously improve detection capabilities, reduce false positives, and enhance threat visibility across corporate endpoints.
• Design and implement enterprise DLP policies across endpoints, email, and collaboration platforms including aspects of data security, insider Risk, data classification, data encryption, and ensuring compliance with data privacy regulations.
• Strengthen internal network security posture including segmentation, monitoring, and secure access controls.
• Collaborate with infrastructure teams to ensure secure configuration of network services and corporate connectivity.
• Lead vulnerability management efforts across corporate endpoints and infrastructure.
• Define SLAs for patch remediation and continuously track compliance.

We're looking for someone who has:

• Hands-on familiarity with enterprise data security tooling (DLP platforms, CASB/SSE, DSPM, EDR/XDR).
• 8+ years of experience in enterprise or corporate security.
• Strong experience with endpoint security technologies (EDR/XDR).
• Experience managing email security platforms and phishing defense.
• Hands-on experience implementing and managing DLP programs.
• Experience with vulnerability management tools and patching programs.
• Solid understanding of enterprise network security principles.
• Ability to work cross-functionally with IT, infrastructure, and engineering teams.
• Familiarity with modern device management platforms (MDM/UEM).
• Strong communication skills with both technical and non-technical stakeholders.

Nice to have:

• Security certifications such as CISSP, GIAC, or similar.
• Experience building automation or improving operational efficiency in security operations.

Compensation at Applied Intuition for eligible roles includes base salary, equity, and benefits. Base salary is a single component of the total compensation package, which may also include equity in the form of options and/or restricted stock units, comprehensive health, dental, vision, life and disability insurance coverage, 401k retirement benefits with employer match, learning and wellness stipends, and paid time off. Note that benefits are subject to change and may vary based on jurisdiction of employment.

Applied Intuition pay ranges reflect the minimum and maximum intended target base salary for new hire salaries for the position. The actual base salary offered to a successful candidate will additionally be influenced by a variety of factors including experience, credentials & certifications, educational attainment, skill level requirements, interview performance, and the level and scope of the position.

Please reference the job posting’s subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the location listed is: $180,000 - $230,000 USD annually. 

About the role

We are seeking a multifaceted Enterprise Security Lead who will lead everything that protects our endpoints, networks, collaboration platforms and enterprise data. You will partner closely with IT Infrastructure, Detection & Response, and GRC teams to ensure security controls are effective, scalable, and aligned with business operations. In this role, you are expected to define the roadmap, make architectural decisions, and represent Corporate Security across the company. 

At Applied Intuition, you will:

• Define the value proposition and service model for corporate Security capabilities including but not limited to network hardening, monitoring, infrastructure hardening, data security posture.
• Manage and optimize email security platforms to protect against phishing, malware, business email compromise and advanced email threat protection.
• Continuously improve detection capabilities, reduce false positives, and enhance threat visibility across corporate endpoints.
• Design and implement enterprise DLP policies across endpoints, email, and collaboration platforms including aspects of data security, insider Risk, data classification, data encryption, and ensuring compliance with data privacy regulations.
• Strengthen internal network security posture including segmentation, monitoring, and secure access controls.
• Collaborate with infrastructure teams to ensure secure configuration of network services and corporate connectivity.
• Lead vulnerability management efforts across corporate endpoints and infrastructure.
• Define SLAs for patch remediation and continuously track compliance.

We're looking for someone who has:

• Hands-on familiarity with enterprise data security tooling (DLP platforms, CASB/SSE, DSPM, EDR/XDR).
• 8+ years of experience in enterprise or corporate security.
• Strong experience with endpoint security technologies (EDR/XDR).
• Experience managing email security platforms and phishing defense.
• Hands-on experience implementing and managing DLP programs.
• Experience with vulnerability management tools and patching programs.
• Solid understanding of enterprise network security principles.
• Ability to work cross-functionally with IT, infrastructure, and engineering teams.
• Familiarity with modern device management platforms (MDM/UEM).
• Strong communication skills with both technical and non-technical stakeholders.

Nice to have:

• Security certifications such as CISSP, GIAC, or similar.
• Experience building automation or improving operational efficiency in security operations.

Compensation at Applied Intuition for eligible roles includes base salary, equity, and benefits. Base salary is a single component of the total compensation package, which may also include equity in the form of options and/or restricted stock units, comprehensive health, dental, vision, life and disability insurance coverage, 401k retirement benefits with employer match, learning and wellness stipends, and paid time off. Note that benefits are subject to change and may vary based on jurisdiction of employment.

Applied Intuition pay ranges reflect the minimum and maximum intended target base salary for new hire salaries for the position. The actual base salary offered to a successful candidate will additionally be influenced by a variety of factors including experience, credentials & certifications, educational attainment, skill level requirements, interview performance, and the level and scope of the position.

Please reference the job posting’s subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the location listed is: $180,000 - $230,000 USD annually. 

About the role

We are looking for a multifaceted Risk and Compliance Lead to lead our security compliance initiatives across the organization. You will be responsible for ensuring adequate security controls to identify and mitigate risk across the organization. Additionally, you will collaborate with legal, engineering, operations and customers, as necessary, to ensure the state of compliance is well communicated.

At Applied Intuition, you will:

• Own and mature the security GRC program, including policy lifecycle management, risk register maintenance, and control framework alignment across the organization
• Conduct comprehensive enterprise and product-level risk assessments to identify, prioritize, and track risks against the company's risk appetite - translating findings into actionable remediation plans for stakeholders
• Lead, manage and support compliance efforts such as, but not limited to, SOC2, ISO 27001, ISO 9001, TISAX, and federal/defense requirements - owning audit readiness, evidence collection, and remediation tracking end to end
• Drive Third Party Risk Management (TPRM) program, including vendor assessments, contract security reviews, and ongoing monitoring of critical third parties
• Build and maintain the GRC program infrastructure - including risk tracking, compliance tooling, reporting cadences, and executive-level risk reporting
• Partner with Legal, Engineering, IT, and Operations to embed compliance and risk requirements into business processes, product development, and infrastructure decisions
• Develop and maintain security policies, standards, and procedures that are practical, enforceable, and aligned to regulatory and contractual obligations
• Support customer-facing security assurance activities including questionnaires, audits, and contractual security reviews

We're looking for someone who has:

• 6+ years of experience in security GRC, risk management, or compliance program ownership - with a track record of building or maturing programs, not just executing within them
• Hands on experience in running Enterprise Risk Assessments aligned with industry standard frameworks, risk register ownership, and translating technical risk into business-level impact
• Past experience of running Security Maturity Assessments against NIST 800-53, CCF, and more
• Deep hands-on experience managing SOC 2, ISO 27001, and TISAX audits - including scoping, control mapping, evidence coordination, and auditor management
• Experience running Third Party Risk Management programs including vendor tiering, security assessments, and ongoing monitoring
• Ability to interpret compliance frameworks in practical terms and drive cross-functional remediation without direct authority
• Strong communication skills - comfortable presenting risk posture and program status to executive leadership and board-level stakeholders
• Experience with GRC tooling such as Vanta, Drata, OneTrust, or similar platforms

Nice to have:

• Experience with Automotive security and safety compliance frameworks such as ISO 21434, ISO 26262
• Certifications such as CISSP

Compensation at Applied Intuition for eligible roles includes base salary, equity, and benefits. Base salary is a single component of the total compensation package, which may also include equity in the form of options and/or restricted stock units, comprehensive health, dental, vision, life and disability insurance coverage, 401k retirement benefits with employer match, learning and wellness stipends, and paid time off. Note that benefits are subject to change and may vary based on jurisdiction of employment.

Applied Intuition pay ranges reflect the minimum and maximum intended target base salary for new hire salaries for the position. The actual base salary offered to a successful candidate will additionally be influenced by a variety of factors including experience, credentials & certifications, educational attainment, skill level requirements, interview performance, and the level and scope of the position.

Please reference the job posting’s subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the location listed is: $160,000 - $190,000 USD annually. 

About the Role

We're hiring a Security & IT Lead to own information security and compliance programs across Mill. This is a senior individual contributor role.

You'll be the security authority for the company — setting the standard for how Mill protects data, manages risk, and earns the trust of employees, customers, and enterprise partners. You'll also serve as Mill's internal technical authority over our managed IT provider — ensuring the quality, reliability, and scalability of IT services, not just their security posture. You'll own our compliance frameworks, lead our SOC 2 program, and ensure Mill's internal and external systems are secured to a high standard. This role requires someone who is self-directed, cross-functional, and equally comfortable in technical and policy-oriented work.

What You'll Own

Information Security. Own Mill's information security posture end-to-end — across internal systems (identity and access management, endpoint protection, SaaS tools) and external/customer-facing platforms. Define and enforce security policies, access controls, and data classification standards. Serve as the primary escalation point for security incidents. Manage security tooling across the stack including phishing simulation, endpoint management, and access governance platforms. Conduct regular access reviews, risk assessments, and vulnerability reviews.

Compliance Programs. Lead Mill's SOC 2 program from roadmap through audit readiness and ongoing maintenance — coordinating cross-functional tasks, owning policy documentation, and managing relationships with external auditors. Maintain and evolve Mill's Policy & Procedure Library with regular reviews. Field security questionnaires from enterprise customers and prospective partners. Evaluate and scope additional compliance frameworks as the business grows (ISO 27001, CCPA, etc.).

IT Operations & Oversight. Act as the internal technical owner of Mill's relationship with our managed IT provider. Define SLAs, review architecture decisions, approve changes, and hold the provider accountable for service quality, reliability, and cost-effectiveness. Own the IT roadmap — including network infrastructure, endpoint fleet, collaboration tooling, and onboarding/offboarding workflows. Evaluate new tools and vendors for both operational fit and security risk. Ensure IT standards (network design, device management, VPN, etc.) meet Mill's needs as we scale.

AI & Emerging Technology. Contribute a security perspective to Mill's AI adoption efforts — reviewing AI tools for data handling risk, contributing to acceptable use policies, and ensuring Mill's AI governance posture keeps pace with adoption.

What We're Looking For

• 5–8 years spanning IT operations and information security, ideally in a role that combined both
• Demonstrated experience owning or significantly contributing to a SOC 2 audit (Type 1 or Type 2)
• Hands-on familiarity with identity and access management (Okta, OneLogin, or similar), MDM/endpoint security, and cloud SaaS security
• Experience building and maintaining security policies, risk registers, and compliance documentation
• Strong cross-functional communicator — able to work with Engineering, Finance, and People Operations to drive policy approvals and remediation
• Familiarity with GRC frameworks and risk standards (NIST CSF, ISO 27001, SOC 2 Trust Services Criteria)
• Experience managing or technically overseeing an outsourced/managed IT provider (MSP) — setting standards, reviewing deliverables, and driving accountability
• Self-directed; comfortable operating without a large security team beneath them

Nice to Have

• CISSP, CISM, CISA, or Security+ certification
• Experience at a hardware/IoT or consumer product company
• Familiarity with business systems environments (ERP, e-commerce, CRM)
• Experience with access governance tooling (e.g., AccessOwl, Vanta, Drata)

The estimated base salary range for this position is $185k to $210k, which does not include the value of benefits or a potential equity grant. A wide range of factors are considered in making compensation decisions, including but not limited to skill sets, market conditions, experience and training, licensure and certifications, and business and organizational needs.

Sr Manager, InfoSec Governance Risk and Compliance (GRC)

(San Francisco Bay Area, California, United States)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

COMPANY OVERVIEW

At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. 

We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. 

Learn more at www.ivalua.com. Follow us on LinkedIn and Twitter.

THE OPPORTUNITY

CONTEXT:

Our InfoSec team is dedicated to building, maintaining, and continuously improving Ivalua’s Information Security program globally. We provide peace of mind and assurance of protection and safety to our customers. In this fast-growing environment, the GRC program is critical to ensuring compliance with industry standards and certifications, managing risks, and supporting business growth.

ROLE:

We are currently looking for an experienced InfoSec Governance Risk and Compliance (GRC) Sr Manager to lead a global team and own the GRC program worldwide. Reporting to the InfoSec leadership, you will manage and develop a high-performing team, drive compliance efforts, and serve as a subject matter expert on security frameworks and standards.

WHAT YOU WILL DO WITH US

• Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team.
• Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others.
• Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
• Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
• Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
• Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua’s security posture to prospects and customers.
• Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
• Lead the Security Awareness and Training program to promote a culture of security across the organization.
• Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
• Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
• Develop, maintain, and enforce InfoSec policies, standards, and plans.

YOUR PROFILE

If you have the below experience and strengths this role could be for you:

Skills and Experience:

• At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.). 
• At least 3+ years experience as a direct leader, managing a team. The position will be part of an established global team with opportunity to grow the team
• Strong knowledge of security frameworks such as NIST SP 800-53, NIST 800-171, ITAR, PCI DSS, SOC2, and FedRAMP.
• Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
• Excellent project management, analytical, and problem-solving skills with keen attention to detail.
• Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
• Self-motivated with a high degree of initiative and ability to work independently.
• Ability to handle multiple competing priorities and deadlines efficiently.
• Bachelor’s degree in related field preferred or equivalent experience with proven skills

Soft Skills:

• Excellent interpersonal, communication, and organizational skills.
• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
• High degree of initiative, dependable, and able to work well with limited supervision.

WHAT HAPPENS NEXT

If your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply today!

Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you!

Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role.

Interviews will be conducted virtually via video or on-site with face-to-face meetings.

LIFE AT IVALUA

• Hybrid working model (3 days in the office per week)
• We're a team dedicated to pushing the boundaries of product innovation and technology
• Sustainable Growth, Privately Held
• A stable and cash-flow positive Company since 10 years
• Snacks and weekly lunches in the office
• Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity
• Unlock and unleash your full professional potential with our exceptional training and career development program
• Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued
• Regular social events, competitive outings, team running events, and musical activities,
• Comparably recognized Ivalua for the following (https://www.comparably.com/companies/ivalua) : 

Powered by People - Powered by You!

United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/

Experience life at Ivalua - check out our captivating video! Gain insight into our unique company culture and get a glimpse of what it's like to work with us.

Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents.

The compensation range for this position reflects the cost of labor across our US locations and is based upon careful and continual market research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience.

Title: Manager, InfoSec Governance Risk and Compliance (GRC)

Range minimum: USD 112000

Range maximum: USD 208000

Additional compensation / rewards: Ivalua also offers exceptional benefits including medical, dental, vision and transportation.

#LI-SG1

#LI-HYBRID

About this opportunity:

We are looking for an experienced Senior Manager, IT Infrastructure to lead the team through the architecture, design, and implementation of infrastructure technologies that will be critical in providing the technology platform Freenome needs to scale its business. This role will involve new technology implementations and managing the support of current infrastructure including working with supporting vendors. 

The Senior Manager, IT infrastructure will have a deep and broad knowledge of networking, virtualization, server, storage, and operating system technologies, both on-premise as well as in the GCP cloud. This position will work closely with the Information Security team to ensure a compliant and secure infrastructure environment. 

The role reports to the Director, IT. This role will be a Hybrid role.

What you’ll do:

• Leads team of network engineers, system administrators, lab system administrators to support Freenome infrastructure (On prem, Labs and GCP).
• Problem Solving, collaboration, solid comprehension of cloud, virtualization, storage, networking, software and hardware, strategic planning, leadership, mentorship, creating and giving presentations.
• Identify, create, and apply process improvement to increase product and service quality to achieve business objectives.
• Contributes to defining the department's long-term strategy and goals.
• Collaborate with the Help desk and Business Application team to define and implement the infrastructure needed for day to day operations.
• Ensures data security and disaster recovery protocols are in place. Ensuring compliance with regulatory requirements.
• Develops and creates standardized processes and procedures to guide documentation and knowledge base development for IT infrastructure operations support.
• Develops and supports standards for enterprise-wide use of resources. Recommends enterprise level strategies and goals for infrastructure hardware and software procurement and deployment. Writes detailed scopes of work for staff projects.
• Plan, communicate, and deploy changes to IT infrastructure per standard change management process and scheduled maintenance windows. Coordinate IT change and maintenance activities with business stakeholders.
• Maintains IT infrastructure and network diagrams, asset/equipment inventory and IT change/incident logs.
• Supports IT audits and conduct IT systems/network vulnerability scanning, patching and hardening.
• Manage external vendor relationships. 

Must haves:

• 7+ years’ experience in a technology leadership/management role.
• Strong management and technical skills, most notably architect-level skills in virtualization, systems administration, scalable upgrade and migration strategies, networking, and storage. Possess the technical expertise with virtualization and network infrastructure technologies such as VMware vSphere, LAN and WAN.
• 5+ years of experience managing or maintaining enterprise IT infrastructure (Network, IaaS, PaaS, and/or Security).
• Experience in a continuous improvement environment with a track record of achieving significant continual development.
• Strong project management, problem solving, organizational, relationship, communication, and negotiation skills (oral and written) are required.
• 7+ years of experience with Windows 10/11, Windows server, DAS/NAS/SAN, Google workspace, and GCP.
• Strong knowledge of security access controls, policies, groups, rights, and permissions.
• Familiarity with IT GRC (BCDR, ITSM/ITIL, SOX, ISO, PCI, HIPAA, GMP, GDPR, FDA 21 CFR Part 11).
• Ability to document and explain complex technical solutions to management and other non-technical staff.
• Strong customer service and time management skills, with the ability to work effectively in a dynamic, and fast-paced environment.
• Flexibility to work weekends and after hours for IT projects/maintenance (on occasion).

Nice to haves:

• Bachelor's degree in MIS/CIS, Computer Science or equivalent professional experience.
• Industry certifications such as ITIL, CCNA, MCITP, MCSA, MCSE, VCP, Cloud+, Security+ preferred.
• Experience with GMP systems and IT systems change management process.
• Experience with Juniper, Meraki, Netapp, VmWare, and Google workspace.

Benefits and additional information:

The US target range of our base salary for new hires is $180,975 - $232,575. You will also be eligible to receive equity, cash bonuses, and a full range of medical, financial, and other benefits depending on the position offered.  Please note that individual total compensation for this position will be determined at the Company’s sole discretion and may vary based on several factors, including but not limited to, location, skill level, years and depth of relevant experience, and education. We invite you to check out our career page @ freenome.com/job-openings/ for additional company information.  

Freenome is proud to be an equal-opportunity employer, and we value diversity. Freenome does not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

Applicants have rights under Federal Employment Laws.  

• Family & Medical Leave Act (FMLA)
• Equal Employment Opportunity (EEO)
• Employee Polygraph Protection Act (EPPA)

#LI-HYBRID

Job Purpose:
BTIG is seeking an Associate who will help lead and evolve the governance engine of a global, mid-sized investment bank to support our next phase of growth.  You will report directly to the CISO and be responsible for security assurance, compliance operations, and technology risk management.  You will help maintain control readiness, perform testing and evidence collection, and support risk and vendor assessments for internally developed systems and SaaS applications.  Your work will directly protect the firm's reputation and enable its business.  We don’t expect you to know every regulatory framework on day one. We do expect you to write exceptionally well, ask smart questions, and possess the grit to see difficult tasks through completion. 

Duties & Responsibilities:

IT Governance, Risk and Compliance (GRC) 

• Third-Party Risk Management (TPRM): Own the vendor security review process.  You will assess third-party vendors to ensure compliance with the firm's standards, requiring understanding of our core business processes, attention to detail, and the persistence to chase down answers. Obtain and meticulously review SOC reports (e.g., SOC 1, SOC 2) for critical third-party service providers, evaluating their adherence to 'Complementary Controls at User Entities' and ensuring our internal alignment. 
• Client & Regulatory Due Diligence: Support the completion of external security questionnaires.  You will articulate BTIG’s security posture to institutional clients and regulators, translating technical controls into clear, professional narratives. 
• IT Controls & Audit Collaboration: Assist with internal SOX IT controls audits and access control reviews across our technology stack, including in-house developed systems and third-party SaaS platforms.  You will work with engineering teams to verify that permissions are correct and ensure evidence is gathered efficiently. Actively participate in external IT audits, specifically focusing on validating and documenting controls related to access management, change control, and system operations for key systems that handle financial data. 
• Business Continuity & Disaster Recovery (BCDR): Assist the CISO in maintaining and testing the firm's Business Continuity and Disaster Recovery plans, including documentation updates, tabletop exercises, and coordination with Infrastructure and Operations teams to ensure recovery time objectives (RTOs) are achievable. 

Operational Support 

• Policy Development: Assist in drafting and maintaining information security policies and procedures. 
• Perform risk assessments and gap analyses for IT systems that handle PHI and financial data. 
• Automate and monitor controls through scheduled reviews, scripts, or tooling to reduce manual effort and improve coverage. 
• High-Touch Support: Experience directly supporting executives is valuable here; you will act as a bridge between the CISO and various business units, requiring professionalism and discretion. 

AI & Innovation 

• AI Governance: Support the CISO in defining the guardrails for Generative AI that balance innovation with risk (e.g., data leakage, appropriate use). 
• Applied AI/Automation: Utilize prompt engineering and automation tools to streamline governance workflows. If you can script it or prompt it to save time, we want you to build it. 

Requirements & Qualifications:

• Education: Bachelor’s degree in a related field or equivalent experience. While not required, preferred certifications include Security+, CISA, CRISC, or CISSP. 
• Experience: 2–4 years of experience in IT Governance, Risk & Compliance (GRC), IT Security Risk Management, Risk Audit, Data Privacy Investigation, Technology Risk, and/or Information Security (ideally with a background in Financial Services). 
• Security Framework Knowledge: Working familiarity with standard security frameworks such as NIST CSF, ISO 27001/27002, COBIT, SOC 2 type 2 and CIS controls, etc. 
• Analytical Skills: Experience reviewing IT solution requirements and implementing security controls. Strong analytical and risk assessment skills with the ability to design compensating controls for security vulnerabilities and assess business impact of security tools and policies. 
• General Technical Proficiency: Microsoft Office 365 and associated applications; Excel, Teams, Forms, PowerQuery, etc. 
• Growth Mindset: You are resilient and don't get discouraged by manual processes; you look for ways to optimize them. 
• Communication: Excellent written communication is non-negotiable. You must be able to explain complex technical risks to non-technical stakeholders clearly and concisely. 
• AI Familiarity: Demonstrated interest or experience with LLMs (ChatGPT, Claude, Copilot). Experience with prompt engineering or Python scripting for automation is highly valued. 
• Curiosity: You read about LLM risks, changing regulations or new breaches for fun. You are technically apt enough to converse with engineers but focused on governance. You never have enough knowledge about the business or systems you help oversee. 

Important Notes:

• Must be authorized to work full time in the U.S., BTIG does not offer sponsorship for work visas of any type
• No phone calls please, the applicant will be contacted within two weeks if successful

About BTIG:

BTIG is a global financial services firm specializing in institutional trading, investment banking, research and related brokerage services. With an extensive global footprint and more than 700 employees, BTIG, LLC and its affiliates operate out of 20 cities throughout the U.S., and in Europe, Asia and Australia. BTIG offers execution, expertise and insights for equities, equity derivatives, ETFs and fixed income, currency and commodities. The firm’s core capabilities include global execution, portfolio, electronic and outsource trading, investment banking, prime brokerage, capital introduction, corporate access, research and strategy, commission management and more.
 
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. BTIG is an equal opportunity employer Minorities/Females/People with Disabilities/Protected Veterans/Sexual Orientation/Gender Identity.

Compensation: 

• BTIG offers a competitive compensation and benefits package. Salary range is based on a variety of factors including, but not limited to, location, years of applicable experience, skills, qualifications, licensure and certifications, and other business and organization needs.
• The current estimated base salary range for this role is $110,000.00 - $140,000.00 per year. Please note that certain positions are eligible for additional forms of compensation such as discretionary bonus or overtime. 

Disclaimer: https://www.btig.com/disclaimer.aspx.