We are seeking an experienced Senior Engineer - ServiceNow Platform with deep technical expertise in IT Service Management (ITSM), IT Asset Management (ITAM), Platform Integrations, Discovery. The ideal candidate will have proven experience designing, implementing, and managing complex ServiceNow platform solutions. This role will involve overall platform implementation, driving innovation, ensuring system optimization, and responsible for solution design for platform delivery. Ideal candidates demonstrate strong leadership skills to guide technical teams and business stakeholders.

Key Responsibilities:

• Platform Strategy:
• Lead the overall design of the ServiceNow platform, ensuring alignment with business goals and industry and technical best practices.
• Collaborate with business leaders, stakeholders, and technical teams to develop and implement innovative solutions using ServiceNow platform.
• Define platform roadmaps, by ensuring scalability, performance, stability, and audit compliance.
• Lead the design of workflows, integrations, and modules to extend the ServiceNow platform’s capabilities.
• ServiceNow Implementation & Optimization:
• Drive the end-to-end implementation of ServiceNow solutions, focusing on Core foundation, ITSM, ITAM, ITOM, SecOPs, GRC, TPRM, and other relevant modules.
• Manage platform upgrades and ensure all applications are optimized and adhere to enterprise security and compliance standards.
• Provide technical guidance to configure, customize, and develop on the ServiceNow platform based on business needs.
• Manage the documentation of solutions, internal technical and process knowledge base materials, and training of process owners and stakeholders.
• Leadership:
• Provide process governance and technical best practices.
• Providing mentorship and guidance for a team of ServiceNow engineers
• Work closely with cross-functional teams (IT, Security, Engineering, Finance, HR) to drive adoption and ensure platform success.
• The ability to meet strict deadlines and other targets both individually and as the leader of multiple teams, strong decision maker.
• Stakeholder Engagement & Communication:
• Engage with executive leadership and management to understand business objectives, providing solutions that deliver tangible value and measurable outcomes.
• Coordinate with ServiceNow team management to ensure clear communication regarding project status, challenges, and milestones.
• Continuous Improvement:
• Establish technical governance and best practices to continuously improve platform performance and operational efficiency.
• Stay current with the latest ServiceNow trends, releases, and best practices, proactively applying new technologies and functionalities to enhance the platform.
• Create a safe space for engineering team members to experiment with technical solutions that may solve organizational problems.

Required Qualifications:

• Experience:
• 8+ years of experience with ServiceNow, including deep technical expertise in ITSM, ITAM, ITOM, SecOPs, GRC, and TPRM modules.
• Strong experience in architecture and design of ServiceNow platform implementations, including workflows, custom apps, and integrations.
• Proven experience leading technical teams, process governance and delivering large-scale projects.

• Technical Skills:
• Proficiency with scripting languages (JavaScript, Glide, etc.) in the context of ServiceNow platform development and Service Portal (HTML, CSS, AngularJS, SASS, Bootstrap)
• Strong understanding of CMDB, Asset Management, Discovery, Portal, Incident, Problem, and Change Request Management processes.
• Experience integrating ServiceNow with external systems via REST/SOAP APIs, Integration Hub and Spokes.
• Nice to have Perl and Python programming in Linux environment.
• Experience with Agile, Scrum and Kanban development methodologies.

• Leadership & Communication:
• Demonstrated ability to mentor technical teams, ensuring a collaborative and high-performance culture.
• Excellent verbal and written communication skills, with the ability to present complex technical concepts to business leaders and stakeholders.

• Education/Certifications:
• Bachelor's degree in IT, Business, or related field preferred or equivalent work experience.
• ServiceNow Certified Implementation Specialist (ITSM, ITAM, or similar).
• ServiceNow Certified System Administrator (CSA).
• ServiceNow Certified Application Developer (CAD).
• ITIL v3/v4 certification is a plus.
• Certified Technical Architect (CTA) is a big plus.

This position is based in our Reston, VA office and offers a hybrid work schedule.

The pay range is $135,800- $183,800.

The anticipated annual base salary range for this position is noted above, however, base pay offered may vary depending on job-related knowledge, skills, experience. Verisign offers a discretionary bonus which is based on individual and company performance, and certain roles may be eligible for discretionary stock awards.

About the role 

Roku is seeking a Technology Audit Manager to join its Finance & IT Compliance team. This role will lead and evolve Roku’s technology SOX compliance program, partnering closely with Engineering, Security, Product, and Finance teams to ensure scalable, high-quality controls across a rapidly growing and complex engineering environment. 

You will operate at the intersection of audit, technology, and automation, overseeing internal controls across enterprise systems, cloud infrastructure, data platforms, and cybersecurity. You will also drive controls-by-design for system implementations and business process transformations A key priority for this role is modernizing the IT SOX program through AI-powered automation and continuous auditing to improve precision, coverage, and efficiency. 

This is a high-impact, hands-on role for a proactive and driven professional who excels in fast-paced environments, collaborates effectively across teams, and brings the vision and execution focus to scale and modernize the compliance function alongside company growth. The ideal candidate brings strong experience in IT SOX and technology audits, along with a builder mindset, the ability to navigate ambiguity, and a track record of influencing cross-functional stakeholders. You should be equally comfortable diving into control details, partnering with engineering teams on system design, and driving strategic initiatives that enhance the overall control environment. 

For California Only - The estimated annual salary for this position is between $170,000 and 187,000 annually. Compensation packages are based on factors unique to each candidate, including but not limited to skill set, certifications, and specific geographical location. This role is eligible for health insurance, equity awards, life insurance, disability benefits, parental leave, wellness benefits, and paid time off. 

What you’ll be doing 

• Lead and oversee the company’s technology SOX compliance program, evaluating the design and operating effectiveness of IT general controls, automated controls, and key reports supporting financial reporting 
• Maintain a deep understanding of the organization’s end-to-end technology ecosystem and its impact on financial reporting, staying current on system changes, policies, regulatory guidance, and industry best practices 
• Own audit oversight for system implementations, technology transformations, and process automation initiatives, partnering cross-functionally to ensure controls-by-design, strong SDLC governance, and scalable SOX-readiness from pre-go-live through post-implementation 
• Lead cloud infrastructure audits across AWS and GCP environments, assessing controls over access management, network security, encryption, logging and monitoring, configuration management, and data residency; evaluate cloud-native security tools and drive control maturity 
• Drive AI-powered automation of internal controls testing by integrating with IAM platforms (e.g., Okta, AWS IAM) and GitLab to continuously monitor access risks, code changes, and CI/CD controls; leverage AI/ML and automation to detect anomalies and generate audit-ready evidence that enables continuous auditing and improves precision, coverage, and efficiency 
• Establish and maintain an AI controls automation governance framework, including model validation standards, quality thresholds, and human-in-the-loop checkpoints to ensure accuracy, auditability, and regulatory defensibility 
• Assess control deficiencies, perform root cause analysis, and drive remediation efforts to closure, including validation and re-testing of corrective actions 
• Coordinate with co-sourcing partners, external auditors, and control owners to ensure cohesive execution; act as a trusted advisor by anticipating stakeholder needs and delivering actionable insights 
• Prepare and review audit workpapers, reports, ensuring compliance with professional standards and delivering clear, data-driven insights 

We’re excited if you have 

• 6–8+ years of relevant technology audit and IT SOX compliance experience, ideally combining Big 4 public accounting and in-house internal audit/SOX roles at a fast-paced public technology company 
• Bachelor’s degree in computer science, Information Systems, Finance, Accounting, or related field 
• Professional certifications such as CISA, CISSP, or CISM preferred; additional certifications (CPA, CIA, CFE) are a plus 
• Strong experience across technology audit domains, including IT general controls (ITGCs), automated controls (ITACs), cloud infrastructure, data engineering, DevOps processes, cybersecurity, system implementations, and business process automation 
• Hands-on experience designing and evaluating IT general and security controls in cloud environments (AWS, GCP); cloud certifications are highly desirable  
• Experience auditing or supporting enterprise platforms (e.g., NetSuite, Salesforce, Workday) and modern engineering environments (e.g., GitHub, CI/CD pipelines) 
• Solid understanding of SOX and broader compliance frameworks (SOC 1/2, GDPR, PCI-DSS) and security/governance standards (ISO 27001, COBIT, NIST) 
• Experience operating in high-growth, fast-paced environments, with the ability to scale processes and controls alongside business expansion 
• Strong leadership, communication, and project management skills, with the ability to collaborate effectively across technical and business teams 
• Self-driven and proactive, with the ability to manage multiple priorities and deliver high-quality results with minimal supervision 

Extra Credit 

• Master's degree in finance, accounting, computer science, IT, or related field  
• Strong understanding of finance and business processes, including quote-to-cash, revenue recognition, procure-to-pay, HR operations, and payroll 
• Hands-on experience with automation, AI, and analytics tools to drive audit efficiency and insights. Familiarity with GRC tools like Auditboard is a plus 
• Experience with identity and access management (IAM) and governance tools (e.g., Okta, SailPoint, CyberArk), including user access reviews (UAR), role design, and segregation of duties (SoD) analysis 
• Proven ability to quickly learn and adapt to evolving emerging technologies, including AI, cloud, payments, data platforms, and modern engineering environments, within the media & entertainment industry 

#LI-RR1 

The application window will be open until at least May 11, 2026. This opportunity will remain online based on business needs which may be before or after the specified date.

This role is not eligible for immigration sponsorship.

The Technology Governance, Risk, and Compliance (GRC) team at GFiber establishes the framework that ensures our technology operations manage risks effectively and align with industry best practices. As GFiber navigates a complex corporate separation, our environment requires agility and an AI-native mindset. We partner across Engineering, Operations, Security, Legal, and other business units to embed GRC principles into our evolving systems. Our work protects GFiber assets and customer trust while accelerating business velocity during this critical transition.

Role Description

In this GRC role, you will take ownership of evolving our Third-Party Risk Management (TPRM) processes and driving tactical automation across the team. We are looking for a highly proactive self-starter who thrives in ambiguity and operates with exceptional agency. You will identify opportunities to integrate AI into daily operations to streamline GRC tooling and workflows. You will also distill complex technical risks into clear executive presentations for senior leadership and the C-suite. Your tenacity and project-driving capabilities will directly enable GFiber to scale securely during our separation.

In this role, you'll:

• Take full ownership of evolving and maintaining GFiber TPRM processes to optimize our existing tooling platform. Translate complex technical and non-technical risks into actionable insights for diverse stakeholders.
• Identify and execute tactical opportunities to automate GRC workflows using an AI-native approach. 
• Apply key cybersecurity frameworks, specifically ISO 27001 and NIST CSF, to manage and mature our risk posture. Act as a proactive project driver by tracking technical inquiries and moving initiatives forward without waiting for direction.
• Draft clear and effective risk presentations for senior leadership and C-suite executives. 
• Support M&A and corporate carve-out initiatives by aligning GRC processes with our new operational reality.

At a minimum we'd like you to have:

• Bachelor's degree in Accounting, Finance, MIS or Computer Science or equivalent practical experience.
• 5 years of experience building, maintaining, and evolving Third-Party Risk Management programs and processes.
• Proven ability to design and implement right-sized security controls that balance risk reduction with business velocity and our specific operational environment.
• Experience taking an AI-native approach to problem solving and tactical automation within security or risk teams.
• Professional certifications such as CISA, CRISC, CISSP, or CISM.

It's preferred if you have:

• Experience supporting M&A activity or corporate separations.
• Proven ability to draft and deliver presentations directly to C-suite executives and senior leadership.
• Familiarity with scaling GRC practices outside of legacy parent structures.
• Demonstrated track record of high agency and proactive project execution in fast-paced environments.
• Written and verbal communication skills with the ability to articulate risk clearly to varied audiences.

The US base salary range for this full-time position is between $117,600 - $172,500 + bonus + cash award + benefits. As pay varies by location, your recruiter will share more about the specific salary range for your targeted location during the hiring process.

#LI-DNI

Position Overview

We are seeking a strategic, data-driven leader with a deep understanding of sales processes, marketing strategies, and customer success to join the GTM Operations team. The Director of GTM Operations is a critical, strategic partner to the SVP Commercial FP&A and Operations and the Chief Customer Officer (CCO). You will foster collaboration and alignment among the entire commercial organization including Sales, Customer Success, Marketing, and Partnerships. The ideal candidate will have a proven track record of building scalable processes and leveraging AI to drive sustained revenue growth. Strong analytical and strategic planning capabilities are essential.

Key Responsibilities:

Commercial Strategy and Growth

• Partner with the CCO and Finance to develop and operationalize a commercial growth strategy, ensuring alignment between pipeline and bookings targets, capacity, headcount and budgets
• Translate complex data into actionable recommendations for Commercial leaders
• Develop and maintain segmentation models and sales coverage strategies that align to growth objectives, drive focus, and optimize rep productivity

Forecasting & Pipeline Management

• Own and evolve the global sales forecasting framework, implementing a disciplined, data-driven forecast cadence across all theatres and segments.
• Utilize Salesforce, GTM tools and data sets (snowflake) to drive predictability, pipeline conversion, stage hygiene, and deal inspection processes.
• Deliver consistent reporting on performance-to-plan, win/loss trends, and funnel dynamics

GTM and Sales Efficiency

• Drive operational excellence by refining core sales processes, methodologies, and business cadences (e.g., territory management, forecasting, and pipeline reviews)
• Implement a standardized sales methodology, with clear stage definitions, qualification criteria, and progression benchmarks across segments
• Build and maintain reporting frameworks, dashboards, and KPIs to provide actionable insights into pipeline health, sales performance, and revenue forecasting

Territory Management

• Lead territory design, ensuring sales coverage aligns with market opportunities and business objectives
• Continuously optimize territory assignments and GTM approaches based on performance data and growth trends

Qualifications: 

• 10+ years of experience in Revenue Operations, Commercial Strategy, or Go-to-Market Operations, with at least 2 years in a senior leadership role.
• Proven experience partnering directly with CROs, CFOs, and executive leadership to design and execute multi-year commercial plans.
• Deep expertise in Salesforce, Outreach, Gong, and other GTM tools.
• Strong analytical skills and fluency with forecasting, funnel metrics, sales velocity, and retention/expansion KPIs.

• Demonstrated success in improving sales productivity, enhancing marketing performance, and supporting customer success initiatives

• Experience designing sales methodologies and commercial processes that scale in B2B SaaS
• Comfort working cross-functionally and influencing without authority — excelling at aligning diverse stakeholders around common goals.
• High EQ, clear communication skills, and a strong sense of ownership.

#LI-PB1

Please note that we do not offer visa sponsorship for this position.

Email is the number one attack vector and here, you’ll be the trusted expert who takes our defenses to the next level.  In this hands-on role, you’ll architect and refine cutting-edge security controls using the latest in Proofpoint, Microsoft Office 365, Exchange Online Protection, and Microsoft Purview DLP to stay ahead of phishing, business email compromise, and data loss threats.  You’ll have the freedom to innovate, experiment with new solutions, and champion fresh ideas that drive real results.

Grow your skills and make a difference.  Our team thrives on collaboration and knowledge-sharing, and we believe in leading by example.  You’ll automate successful strategies, quickly adapt from lessons learned, and help shape our security roadmap.  Leaders here empower you to test new approaches and encourage ongoing personal and professional development, so your contributions will have a direct and meaningful impact.

Join a culture built on purpose and progress.  We keep things simple: Do good. Be good. Make good.  You’ll be supported by a team that values thoughtful experimentation and growth, ensuring your work matters for our organization and for your career.

This position currently offers an onsite work schedule, with the expectation that you are in the office four (4) days per week during onsite core days. Our current onsite core days are Monday, Tuesday, Wednesday, and Thursday.  The work schedule type and core days are subject to change with advance notification and manager discretion.

Essential Duties and Responsibilities

• Engineer and operate advanced email protections in Proofpoint and Microsoft Defender for Office 365 (including Exchange Online Protection, Safe Links/Safe Attachments, impersonation safeguards) with continuous tuning to cut false positives and boost catch rates.
• Engineer and operate Microsoft Purview DLP for Exchange Online.  Design classification labels and enforcement rules with defined exceptions to stop data exfiltration.  Use split tests and drift monitoring to sustain policy effectiveness.
• Harden trust and identity for mail: SPF/DKIM/DMARC strategy, DMARC enforcement and reporting, display name/VIP impersonation controls, external tag strategy, QR code phishing and Business Email Compromise patterns.
• Investigate and respond: lead deep-dive investigations on phishing campaigns; provide actionable post-incident improvements.
• Cross-team force multiplier: improve detections and execute response with Security Monitoring & Response, lock down access with IAM, ensure compliance fit with GRC, and make the fix stick with Security Architecture and Infrastructure.
• Automate and integrate: build playbooks and API/SOAR hooks for triage, enrichment, and response (e.g., auto-pull/recall, bulk purge, VIP watchlists, threat intel lookups).
• Measure what matters: define metrics (catch rate, FP rate, MTTD/MTTR for mail events, DLP signal quality) and share insights that drive roadmap priorities.
• Document and mentor: publish standards, playbooks, and quick-wins; coach peers, and champion secure-by-default patterns for email workflows.

Minimum Qualifications

• 5+ years in Information Security with 2+ years focused on email security engineering/operations.
• Hands-on experience with Proofpoint email security, including Targeted Attack Protection (TAP) and Threat Response Auto-Pull (TRAP); policy tuning; Data Loss Prevention integration; and quarantine workflows.  Proficiency with Microsoft Defender for Office 365 and Exchange Online Protection (EOP); configuring Safe Links and Safe Attachments; conducting advanced hunting; and performing header and mail flow troubleshooting. 
• Email DLP platform expertise (Microsoft Purview preferred).  Define and maintain the label taxonomy; tune rules and detectors including Exact Data Match (EDM) and regex; establish exception governance; and run testing at scale.
• Mail flow and identity depth across Exchange Online, connectors, transport rules, header analysis, and DNS; SPF/DKIM/DMARC design and enforcement; and vanity domain lifecycle for email: subdomain design and naming, DNS ownership and hygiene, third-party sender onboarding and alignment, and ongoing deliverability and blocklist monitoring.
• Strong scripting (PowerShell or Python), API/automation comfort, and a metrics-first mindset.
• Clear communication, able to turn complex findings into crisp recommendations for engineers, business stakeholders and leadership.

Nice to have:

• Certifications: CISSP, Proofpoint certifications, Microsoft SC-200 or SC-400.
• Experience: Brand Indicators for Message Identification (BIMI) and brand protection.  Experience with Security Orchestration, Automation, and Response (SOAR).  Exposure to email threat intelligence enrichment.

Benefits

• Your benefits start day one and are flexible and customizable to your and your family’s specific needs. Check out the BENEFITS of a Career at National Life!

Who We Are

Flagship Pioneering is a biotechnology company that invents and builds platform companies that change the world. We bring together the greatest scientific minds with entrepreneurial company builders and assemble the capital to allow them to take courageous leaps. Those big leaps in human health and sustainability exponentially accelerate scientific progress in areas ranging from cancer detection and treatment to nature-positive agriculture.  

What sets Flagship apart is our ability to advance biotechnology by uniting life science innovation, company creation, and capital investment under one roof in a way that is largely without precedent. Our scientific founders, entrepreneurial leaders, and professional capital managers are each aligned around an institutionalized process that enables us to innovate and transform for the benefit of people and planet.  

Many of the companies Flagship has founded have addressed humanity’s most urgent challenges: vaccinating billions of people against COVID-19, curing intractable diseases, improving human health, preempting illness, and feeding the world by improving the resiliency and sustainability of agriculture. 

Flagship has been recognized twice on FORTUNE’s “Change the World” list, an annual ranking of companies that have made a positive social and environmental impact through activities that are part of their core business strategies, and has been twice named to Fast Company’s annual list of the World’s Most Innovative Companies.

Associate Director, AI Operations & Enablement 

The Enterprise AI team sits within Flagship's Information Technology organization and is responsible for AI strategy, governance, tooling, and enablement across the Flagship ecosystem. The team works cross-functionally within IT, Legal, Finance, HR, Communications, and the firm's business and scientific functions to ensure AI is adopted safely, responsibly, and with measurable impact. 

About the Role 

Flagship is hiring an Associate Director, AI Operations & Enablement to accelerate the impact of the Enterprise AI function. Reporting to the Senior Director, AI Transformation Lead, this person will own day-to-day execution across three core capability areas: AI education and capability building, AI strategy and use case portfolio management, and AI tool and vendor management. 

This is an inaugural role on a small, high-visibility team. The successful candidate will operate as a senior individual contributor with broad cross-functional reach, partnering closely with developers, scientists, and business leaders. The role is execution-heavy and ideal for someone who has led enterprise AI programs in a consulting or in-house capacity and is energized by building a function from the ground up. 

What You'll Do 

AI Strategy, Governance & Use Case Portfolio Management 

• Translate Flagship's enterprise AI strategy into function-level execution by partnering with leaders across the firm on AI roadmap creation and delivery. 

• Run a regular cadence of engagement with each business and scientific function to surface, intake, and prioritize use cases.  

• Partner with the AI engineering team to shape use cases, supporting use case owners in identifying the right data, technology, and stakeholders for efficient and effective design.  

• Track use case value/ROI throughout the life cycle and for the AI program overall. 

• Drive solution reuse across functions by maintaining visibility into what has been built, by whom, and what is reusable. 

• Operate the AI Operational Governance Forum by surfacing relevant AI product, feature, and use case developments and supporting decision-making and tracking around risk management. 

• Support the evolution of Flagship’s AI strategy, policies, and roadmap by staying up to date on relevant industry trends and internal needs.  

AI Education & Capability Building 

• Design and execute AI learning programs across the company that drive adoption while shaping responsible, secure, and cost-effective use of AI.  

• Build and oversee operations for the AI change champion network to scale AI adoption. 

• Develop reusable AI enablement assets and partner with Communications and Learning & Development to amplify. 

• Provide hands-on coaching to teams adopting AI tools across the business. 

AI Tool & Vendor Management 

• Provide support on AI tool evaluation, procurement, and lifecycle management across enterprise-wide and function-specific applications. 

• Support ownership, administration, and governance of core enterprise AI platforms, including settings configuration, feature rollout, internal communications, and ongoing user support. 

• Support vendor relationships and contracts in partnership with Procurement and Legal; track usage, license utilization, and consumption against contracted commitments. 

• Coordinate with InfoSec on AI-specific risk reviews, ZDR posture, agentic sandbox governance, and shadow AI monitoring. 

• Maintain the AI tool intake and approval process and the AI Product / Use Case records in Flagship's GRC system of record. 

What You Bring 

Required 

• At least 5 years of progressive experience in technology, AI, digital transformation, or management consulting roles, including meaningful recent experience leading enterprise AI, digital, or technology enablement initiatives. 

• Hands-on AI fluency. Power user of leading LLM platforms (Claude, ChatGPT, Gemini) with practical understanding of capabilities, limitations, and appropriate use by task type. Comfortable rapidly prototyping with low-code tools and AI features. 

• Agentic AI fluency. Working understanding of agentic AI concepts and current capabilities, including autonomous and long-running agents, multi-step tool use, MCP and connector ecosystems, and human-in-the-loop design patterns. Able to evaluate where agentic approaches are appropriate, where they introduce risk, and how to deploy them safely. 

• Use case portfolio management. Demonstrated experience running structured intake, prioritization, and ROI tracking processes for AI or digital initiatives across a federated organization. 

• Vendor and tool management. Experience evaluating, contracting, and administering enterprise SaaS, ideally including AI/LLM platforms. Comfort working with Procurement, Legal, and InfoSec on contract review, DPAs, and risk assessments. 

• Enablement and program delivery. Track record running training programs, hackathons, or change management initiatives for non-technical audiences at scale. 

• Cross-functional execution. Demonstrated effectiveness operating without direct authority across IT, InfoSec, Legal, Finance, HR, and business stakeholders. 

• Communication. Strong written and verbal communication; able to translate between technical and business audiences and produce executive-ready materials. 

• Client-facing experience. Previous experience in a client-facing consulting, customer success, or IT business partner role. 

• Bachelor's degree in a technical, business, or scientific field. 

Preferred 

• Prior experience in life sciences, biotech, or healthcare; comfort with the regulatory and IP-sensitivity considerations of these sectors. 

• Experience administering Claude Enterprise, ChatGPT Enterprise, or M365 Copilot at scale. 

• Familiarity with AI governance frameworks (NIST AI RMF, ISO 42001) and GxP / research integrity considerations. 

• Experience with MCP servers, agentic platforms, and AI workflow automation tools (Zapier, Workato). 

We are an equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. 

We recognize that great candidates often bring unique strengths without fulfilling every qualification. If you have some of the experience listed above but not all, please apply anyway. We are dedicated to building diverse and inclusive teams and look forward to learning more about your background and interest in Flagship. 

Recruitment & Staffing Agencies: Flagship Pioneering and its affiliated Flagship Lab companies (collectively, “FSP”) do not accept unsolicited resumes from any source other than candidates. The submission of unsolicited resumes by recruitment or staffing agencies to FSP or its employees is strictly prohibited unless contacted directly by Flagship Pioneering’s internal Talent Acquisition team. Any resume submitted by an agency in the absence of a signed agreement will automatically become the property of FSP, and FSP will not owe any referral or other fees with respect thereto. 

#LI-NM1 

The salary range for this role is $148,000 - $203,500. Compensation for the role will depend on a number of factors, including a candidate’s qualifications, skills, competencies, and experience. Flagship Pioneering currently offers healthcare coverage, annual incentive program, retirement benefits and a broad range of other benefits. Compensation and benefits information is based on Flagship Pioneering's good faith estimate as of the date of publication and may be modified in the future.

We’re hiring a Senior Manager to lead Security Governance and the Security Third-Party Risk Management (TPRM) function. This role owns program strategy, operational maturity, and stakeholder alignment for security governance, vendor risk, and third-party integration risk. The manager will drive policy and control frameworks, remediate audit findings, deliver measurable program KPIs, and grow a high-performing team that executes vendor diligence, monitoring, and governance at scale.

Our Security Governance and TPRM programs must move from tactical firefighting to predictable, measurable operations that scale with the business. This leader will set the security risk posture, tighten governance and fourth-party oversight, improve tooling and automation adoption, and ensure timely, actionable escalations so senior leadership can make the right business decisions.

What You'll Do

Program strategy & governance

• Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations).
• Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council).
• Define and enforce security risk appetite and decision criteria for third-party relationships and integrations.

Third-party risk management

• Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding.
• Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators.
• Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria.

Operational excellence & tooling

• Own program KPIs, dashboards, and reporting (Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream). Drive improvements in throughput, turnaround, backlog age, and remediation velocity.
• Partner with Automation/TPRM Ops to operationalize threat-modeling outputs, integration inventories, pre-integration gates, and CI/CD checks; prioritize automations that reduce manual work and surface strategic escalations.
• Implement and maintain QA processes (quarterly QA), runbooks, SOPs for ticket ownership, and evidence standards.

People & stakeholder leadership

• Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale.
• Act as the primary security contact for Legal, Procurement, Privacy, Product, and Engineering on vendor risk and governance matters.
• Represent Security in executive forums, audit meetings, and regulatory engagements; own remediation commitments and timelines.

Audit, compliance & risk reporting

• Serve as the security liaison for Internal Audit and external assessments; ensure timely remediation of findings and demonstrable progress.
• Produce regular program health reporting for senior leadership and Board-level stakeholders.

Success metrics (examples)

• Vendors reviewed per month and % critical vendors reviewed on schedule
• Average review turnaround time and backlog age distribution
• % tickets with clear owner and SLA met
• Time to remediate Internal Audit findings and completion rate
• Implementation count of automated checks/runbooks and pre-integration gates
• Team engagement / retention and time-to-productivity for new hires

What We Look For

• 7+ years in information security, risk management, or GRC roles, with a minimum of 3 years managing teams (or equivalent leadership experience).
• Demonstrated ownership of a TPRM program or security governance program in a regulated or high-growth technology environment (fintech preferred).
• Strong knowledge of security frameworks (NIST, ISO), compliance standards (SOC2, PCI), and vendor risk processes (IRQ/DDQ/SME assessments).
• Hands-on familiarity with TPRM/GRC tooling and observability: AuditBoard (or equivalent), Jira, BI tools (Sigma/Tableau/Looker), and experience with integrations/APIs.
• Excellent stakeholder management across legal, procurement, engineering, product, and executive leadership.
• Proven experience translating audit findings into operational remediation plans and measurable outcomes.
• Strong communication skills — able to present risk to technical and non-technical audiences and to influence decisions.
• Certifications such as CISSP, CISM, CRISC, or similar.
• Practical experience with threat-modeling approaches and third-party integration security (API, SSO/OAuth/SAML, TLS).
• Experience scaling automation for GRC/TPRM programs and integrating security checks into CI/CD pipelines.
• Prior experience in fintech or highly regulated industries.

Pay Grade - Q
Equity Grade - 10

Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.

Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)

USA base pay range (CA, WA, NY, NJ, CT) per year: $250,000 - $300,000
USA base pay range (all other U.S. states) per year: $223,000 - $273,000

#LI-Remote

We’re hiring a Senior Manager to lead Security Governance and the Security Third-Party Risk Management (TPRM) function. This role owns program strategy, operational maturity, and stakeholder alignment for security governance, vendor risk, and third-party integration risk. The manager will drive policy and control frameworks, remediate audit findings, deliver measurable program KPIs, and grow a high-performing team that executes vendor diligence, monitoring, and governance at scale.

Our Security Governance and TPRM programs must move from tactical firefighting to predictable, measurable operations that scale with the business. This leader will set the security risk posture, tighten governance and fourth-party oversight, improve tooling and automation adoption, and ensure timely, actionable escalations so senior leadership can make the right business decisions.

What You'll Do

Program strategy & governance

• Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations).
• Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council).
• Define and enforce security risk appetite and decision criteria for third-party relationships and integrations.

Third-party risk management

• Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding.
• Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators.
• Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria.

Operational excellence & tooling

• Own program KPIs, dashboards, and reporting (Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream). Drive improvements in throughput, turnaround, backlog age, and remediation velocity.
• Partner with Automation/TPRM Ops to operationalize threat-modeling outputs, integration inventories, pre-integration gates, and CI/CD checks; prioritize automations that reduce manual work and surface strategic escalations.
• Implement and maintain QA processes (quarterly QA), runbooks, SOPs for ticket ownership, and evidence standards.

People & stakeholder leadership

• Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale.
• Act as the primary security contact for Legal, Procurement, Privacy, Product, and Engineering on vendor risk and governance matters.
• Represent Security in executive forums, audit meetings, and regulatory engagements; own remediation commitments and timelines.

Audit, compliance & risk reporting

• Serve as the security liaison for Internal Audit and external assessments; ensure timely remediation of findings and demonstrable progress.
• Produce regular program health reporting for senior leadership and Board-level stakeholders.

Success metrics (examples)

• Vendors reviewed per month and % critical vendors reviewed on schedule
• Average review turnaround time and backlog age distribution
• % tickets with clear owner and SLA met
• Time to remediate Internal Audit findings and completion rate
• Implementation count of automated checks/runbooks and pre-integration gates
• Team engagement / retention and time-to-productivity for new hires

What We Look For

• 7+ years in information security, risk management, or GRC roles, with a minimum of 3 years managing teams (or equivalent leadership experience).
• Demonstrated ownership of a TPRM program or security governance program in a regulated or high-growth technology environment (fintech preferred).
• Strong knowledge of security frameworks (NIST, ISO), compliance standards (SOC2, PCI), and vendor risk processes (IRQ/DDQ/SME assessments).
• Hands-on familiarity with TPRM/GRC tooling and observability: AuditBoard (or equivalent), Jira, BI tools (Sigma/Tableau/Looker), and experience with integrations/APIs.
• Excellent stakeholder management across legal, procurement, engineering, product, and executive leadership.
• Proven experience translating audit findings into operational remediation plans and measurable outcomes.
• Strong communication skills — able to present risk to technical and non-technical audiences and to influence decisions.
• Certifications such as CISSP, CISM, CRISC, or similar.
• Practical experience with threat-modeling approaches and third-party integration security (API, SSO/OAuth/SAML, TLS).
• Experience scaling automation for GRC/TPRM programs and integrating security checks into CI/CD pipelines.
• Prior experience in fintech or highly regulated industries.

This posting is for an existing vacancy.

Pay Grade - Q
Equity Grade - 6

Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.

Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)

CAN base pay range per year: $198,000 - $248,000


#LI-Remote

At Clover, the Business Enablement team leads our technological advancement while ensuring robust security and compliance. We deliver user-friendly corporate applications, manage complex data ecosystems, and provide efficient tech solutions across the organization. Our goal is simple: we make it easy for the business to do what’s right for Clover.

Clover Health is seeking a Director of Governance, Risk, and Compliance (GRC) to define and execute our security governance and risk strategy in support of Clover’s growth as a public,
technology-enabled healthcare company.

This role operates at the enterprise level, shaping functional strategy while driving execution through cross-functional influence rather than direct authority. The Director of GRC is
accountable for Clover’s security risk posture, regulatory compliance readiness, and resilience capabilities, ensuring that governance, risk, and compliance activities are aligned to business
priorities and long-term company outcomes.

The role manages a third-party vendor providing GRC services and staffing, while serving as Clover Health’s internal owner for security governance, risk decision-making, and executive-level accountability.

As a Director, Governance, Risk, and Compliance you will:

Governance & Security Risk Strategy

• Define and evolve Clover Health’s security governance and risk management strategy, aligning function-level priorities with enterprise objectives and the security roadmap.
• Establish a risk-driven approach to governance aligned with:
- HIPAA Security and Privacy Rules
- NIST Cybersecurity Framework (CSF) v2
- NIST AI Risk Management Framework (AI RMF), where applicable
• Anticipate security and regulatory risks 12+ months out, using business, product, regulatory, and market signals to inform strategy and tradeoffs.
• Ensure security risk decisions are clearly framed, documented, and communicated in business terms for executive and board-level audiences.
• Assist the CISO in setting security risk priorities, framing tradeoffs, and communicating risk posture and progress to executive leadership and the Board.

Compliance & Regulatory Leadership

• Own Clover Health’s security compliance posture as a public healthcare company, including federal and state regulatory obligations.
• Lead security-related audits, assessments, and regulatory inquiries in partnership with Legal, Compliance, Privacy, and Internal Audit.
• Drive clarity, consistency, and maturity in security policies, standards, and procedures.
• Ensure compliance efforts are proactive, scalable, integrated into how Clover Health builds and operates products, and maintained over time to support ongoing audit readiness and regulatory expectations.

Accountability & Delivery Leadership

• Own high-stakes outcomes for the GRC function, ensuring accountability across internal partners and third-party providers.
• Set clear success metrics, decision rights, and escalation paths for risk and compliance activities.
• Make and communicate tough prioritization calls when business needs, regulatory demands, or risk profiles shift.
• Surface high-risk issues early and transparently to the CISO, peers, and senior leaders.

Third-Party Risk Management

• Lead Clover Health’s third-party security risk management program end-to-end.
• Oversee vendor due diligence, risk assessments, remediation tracking, and ongoing monitoring.
• Manage and hold accountable a third-party GRC services vendor, ensuring delivery quality, prioritization, and alignment to Clover’s risk appetite.
• Ensure third-party risks are evaluated holistically and escalated appropriately.

Incident, Crisis, and Resilience Governance

• Lead governance and coordination for:
- Security incident response (IR)
- Crisis management
- Disaster recovery (DR)
- Business continuity (BC)
• Ensure incidents are tracked, analyzed for root cause, reported appropriately, and followed through with corrective actions.
• Lead or support enterprise tabletop exercises and simulations.
• Balance immediate response needs with long-term system and process improvements.

Cross-Functional Problem Solving & Influence

• Lead multi-team, cross-functional problem solving on complex security and compliance issues.
• Connect operational issues to systemic root causes and drive sustainable fixes rather than short-term workarounds.
• Influence peers and senior leaders through credibility, data, and executive presence —not authority.
• Build durable partnerships across Engineering, IT, MA, Legal, Compliance, Privacy, Finance, and Operations.

Culture, Coaching, and Enterprise Presence

• Build trust and credibility as a senior Clover leader.
• Coach people managers, high-potential ICs, and vendor staff to elevate GRC maturity across the organization.
• Model transparency, accountability, and alignment in leadership forums.
• Contribute to a culture of thoughtful risk-taking, strong execution, and shared ownership.

Success in this role looks like:

• Security risk management is clearly aligned to Clover Health’s growth strategy and enterprise priorities.
• The CISO has confidence in Clover’s security, compliance, and resilience posture.
• Security risk is managed, mapped, and reported on a regular cadence.
• Compliance activities scale with the business and avoid last-minute fire drills.
• Incidents and crises are handled with discipline, transparency, and continuous improvement.
• GRC is viewed as a strategic enabler — not a blocker — across the organization.

You should get in touch if:

• 8+ years of experience in information security, GRC, risk management, or related disciplines.
• Demonstrated experience leading security governance and compliance programs in regulated environments.
• Strong working knowledge of HIPAA and healthcare security requirements.
• Experience operating in a public company or similarly regulated environment.
• Proven experience managing third-party vendors providing GRC services or staff augmentation.
• Hands-on experience with incident response governance, crisis management, disaster recovery, and business continuity.
• Strong business acumen with the ability to translate security and compliance risks into business impact.
• Excellent executive-level communication and stakeholder management skills.

Preferred Qualifications

• Familiarity with NIST CSF v2 and NIST AI RMF.
• Experience supporting AI-enabled, data-intensive, or technology-forward healthcare platforms.
• Relevant certifications such as CISM, CRISC, or similar are a plus.
• Service-management and automation mindset.

Benefits Overview: 

• Financial Well-Being: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program, 401k matching, and regular compensation reviews to recognize and reward exceptional contributions.
• Physical Well-Being: We prioritize the health and well-being of our employees and their families by providing comprehensive medical, dental, and vision coverage. Your health matters to us, and we invest in ensuring you have access to quality healthcare.
• Mental Well-Being: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, monthly company holidays, access to mental health resources, and a generous flexible time-off policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location. 
• Professional Development: Developing internal talent is a priority for Clover. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.

Additional Perks:

• Employee Stock Purchase Plan (ESPP) offering discounted equity opportunities
• Reimbursement for office setup expenses
• Monthly cell phone & internet stipend
• Remote-first culture, enabling collaboration with global teams
• Paid parental leave for all new parents
• And much more!

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences, perspectives, opinions, and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.

#LI-Remote

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. We are an E-Verify company.

Job Description

The Data Architect is responsible for designing and governing the entire data ecosystem of the War Data Platform. Establish the enterprise data model, define standards for data storage (e.g., data lakes, warehouses, databases), and design the architecture for data ingestion, processing pipelines (ETL/ELT), and data access. Work closely with the GRC and security teams to ensure data governance, data quality, and data protection policies are designed into the architecture from the start. The Data Architect's primary goal is to ensure that data on the client's platform is findable, accessible, interoperable, and reusable (FAIR), enabling advanced analytics and AI/ML at scale.

Must have:

• Bachelor’s degree (or an additional 4 years equivalent experience) in IT, Cybersecurity, Computer Science, Information Systems, Data Science, Software Engineering, or related field
• 10 years of experience in data
• Expert knowledge designing enterprise data architectures and models
• 5 years of experience leading data teams
• Expert architect and experience leading implementation teams

Nice to have:

• Masters degree
• Experience or skills in Cloud Architecture

Security Clearance:

• Active TS/SCI clearance

Secure and Scale a Regulated Fintech Platform at the Heart of Stripe

Bridge Building S.A. (BBSA) is the Luxembourg regulated entity of Bridge, a Stripe company. We operate as an EMI and future CASP in one of Europe’s most demanding regulatory environments (CSSF, DORA, MiCA).

BBSA is building a local regulated platform powered by a global-first technology model. In this context, we are looking for a sharp IT GRC Analyst to act as the bridge between strict European regulations and high-velocity global engineering.

This role is the control and risk right hand of the Luxembourg Head of IT. While our global teams build the tech, you ensure it is compliant, resilient, and audit-ready. You will translate requirements like DORA and MiCA into tangible IT controls, oversee third-party risks, and maintain the integrity of our governance framework.

This is not a "tick-the-box" compliance role. It is a operational position for a professional who understands technology well enough to govern it effectively. You will have high visibility, owning the frameworks that allow us to scale securely.

Key Responsibilities

1. IT Governance & Risk Management

• • Maintain and evolve the IT Risk Register, ensuring risks are identified, assessed, and treated in line with the company’s risk appetite.
  • Drive the local implementation of the DORA (Digital Operational Resilience Act) framework, including ICT risk management and incident classification.
  • Bridge the gap between technical reality and policy by drafting, reviewing, and updating IT policies and procedures.
  • Perform periodic control testing to ensure global engineering practices align with local regulatory requirements.
  • Act as primary support to the local Head of IT 

1. Third-Party Risk Management (TPRM)

• • Support ICT due diligence and risk assessments of critical vendors and service providers, while assisting with  Developer / Customer Oversight.
  • Monitor SLAs and KPIs of critical vendors, challenging performance where necessary.
  • Act as the primary support to the Outsourcing Manager regarding technical vendor oversight.

1. Access Governance & Control (IAG)

• • Oversee the Identity & Access Governance strategy, including but not limited to adherence to Segregation of Duties, principle of least privileges and others..
  • Conduct periodic User Access Reviews for critical systems.

1. Regulatory Compliance & Audit Readiness

• • Act as the primary liaison for Internal Audit regarding IT topics.
  • Prepare technical inputs and evidence for CSSF notifications and regulatory reporting.
  • Monitor compliance with GDPR/Data Privacy controls (e.g., DLP oversight, data residency).
  • Coordinate Business Continuity (BCP) and Disaster Recovery (DR) testing documentation and reporting.

1. Incident Governance

• • Oversee the IT incident management process to ensure proper classification, reporting, and root cause analysis (RCA).
  • Ensure major incidents are reported to regulators within mandated timeframes (in collaboration with Compliance).

Candidate Profile

Education

• Bachelor’s or Master’s degree in Information Systems, Cybersecurity, or Business Administration (with a strong IT focus).

Experience

• 3–6 years of experience in IT Audit, IT Risk, GRC, or Information Security.
• Experience in a regulated sector (Banking, Fintech, Insurance) or Big 4 Audit (IT Risk advisory) is highly preferred.
• Experience dealing with CSSF circulars, EBA guidelines, or DORA is a strong asset.

Core Competencies

• Framework Knowledge: Strong understanding of ISO 27001, NIST, or COBIT.
• Tech Literacy: You don't need to code, but you must understand Cloud fundamentals (AWS), SaaS models, and modern infrastructure to audit them effectively.
• Risk Mindset: Ability to distinguish between theoretical risk and actual business risk.
• Communication: Ability to explain "Why we need this control" to engineers without slowing them down.

Languages

• English: Fluent professional (Mandatory).
• French: Asset.

Mindset

• Pragmatic: You value effective controls over bureaucratic paperwork.
• Resilient: You are comfortable dealing with ambiguity and evolving regulations.
• Curious: You have a genuine interest in crypto-assets, blockchain, and the future of payments.

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies - from the world’s largest enterprises to the most ambitious startups - use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.

About the team

The Technology Compliance team is dedicated to delivering excellence across Stripe’s compliance with global and industry-specific technology control regimes, such as PCI-DSS, SOC, and other international technology certifications. We are a team of specialist program managers to lead external audits of Stripe’s technology environment, design and improve technology controls, and support our many engineering and business partners in maintaining compliance with controls requirements. We are consultants to company leaders, partners to our external auditors, builders of risk-reducing controls and internal products, and effective executors of large programs that are integral to the trust our Users place in Stripe and that of our regulators and partners.

What you’ll do

In this role, your daily focus centers on bridging the gap between compliance requirements and high-velocity engineering. You will own the implementation of baseline technology controls, work with cross-functional teams to automate evidence collection, and contribute to the design of scalable governance and issue-management processes. You’ll translate risk requirements into practical controls, track remediation progress, and continuously improve controls and workflows to support audit readiness and operational resilience.On any given day, you might be conducting a gap analysis for a new global compliance certification, prioritizing remediation tasks based on a data-driven risk assessment, or translating complex ISO/SOC2 controls into actionable technical tickets for product engineers. As a program leader, you will serve as a  strategic connector influencing senior stakeholders across infrastructure engineering to balance long-term platform health with feature delivery. You’ll advise peers on secure / compliant architecture, drive decisions that maintain an always-on audit posture, and ensure compliance is embedded in engineering roadmaps and delivery processes.

Responsibilities

• Deep technical compliance experience: demonstrable experience implementing and operating controls and audit programs (ISO, SOC, PCI, UK Cyber Essentials, privacy audits, or similar) in complex, distributed environments.
• Design and implement baseline technology controls, ensuring they are practical, scalable, and aligned with compliance and security requirements.
• Strong engineering collaboration: proven track record working with infrastructure, platform, SRE, and product engineering teams to deliver technical controls and automation.
• Tooling and automation mindset: experience building scalable tools, frameworks, or platforms that reduce manual evidence collection and audit testing overhead.
• Acquisition integration experience (preferred): experience assessing and integrating acquired products/systems into an enterprise compliance environment.
• Fintech or regulated industry background preferred: experience with financial reporting, payment platforms, or similarly regulated systems is strongly desired.
• Program leadership at scale: ability to lead cross‑organizational programs, influence senior engineers and executives, and drive consensus across competing priorities.
• Data‑driven communicator: strong analytical skills to prioritize risk and remediation, and the ability to present complex technical compliance concepts to auditors and executives.
• People leadership and mentorship: experience coaching peers and engineering partners on program delivery and compliance‑oriented engineering practices.
• Relevant education/certifications: degree in Computer Science, Information Security, Engineering, or equivalent experience. Certifications such as CISA, CISSP, PCI-related, ISO lead auditor, or other relevant credentials are a plus.

Who you are

We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum requirements 

• 12+ years of experience in technical compliance, security, or risk roles with direct responsibility for audit or certification delivery (ISO, SOC, PCI, UK Cyber Essentials, privacy audits, or similar).
• Demonstrated experience leading end-to-end technical audit certification programs, including scoping, control mapping, evidence collection, remediation, and auditor engagement.
• Proven track record working closely with infrastructure, platform, SRE, and product engineering teams to implement and operationalize controls.
• Hands-on experience building or driving tooling/automation for evidence collection, testing, or compliance reporting.
• Strong program and project management skills with experience coordinating cross-functional work streams and delivering on time against competing priorities.
• Excellent verbal and written communication skills, with experience presenting technical compliance status to auditors, engineers, and senior leadership.
• Solid analytical and risk‑prioritization skills to sequence remediation activities and make data‑driven decisions.
• Experience integrating acquired products or systems into an enterprise compliance posture (preferred).
• Relevant certifications such as CISA, CISSP, ISO Lead Auditor, PCI-related certifications, or equivalent.

Preferred qualifications 

• Fintech or payments industry experience (preferred), including familiarity with regulatory expectations, payment platform architectures, and financial services risk models.
• Experience integrating acquired products or systems into an enterprise compliance posture.
• Proven ability to leverage a variety of tools to develop key metrics and broadcast program efficacy through data-driven dashboards.
• Strong background in cloud and infrastructure technologies (AWS, GCP, Azure), containerization, and modern platform engineering practices.

Who we are

Bridge is Stripe’s fintech innovation hub focused on building a modern, stablecoin-powered cross-border payments network. We operate like a startup within Stripe: fast-paced, entrepreneurial, and product-obsessed, but with the backing of one of the most trusted names in fintech.

We’re hiring a Security Analyst / Program Manager to build and scale Bridge’s security foundation. This is a rare opportunity to design the security governance, risk and compliance programs from the ground up, while also leveraging the infrastructure, best practices, and tooling of one of the most mature security organizations in the industry.

What you'll do

• Design, and implement Bridge’s security governance, risk and compliance roadmaps from first principles to production.
• Identify and tackle Bridge’s most important security risks quickly and pragmatically.
• Adopt Stripe’s programs, controls and processes where it makes sense, and find custom approaches where it doesn’t.
• Lead risk assessment, control design and testing for all Security and Technology Oversight globally.
• Reinforce engineering best practices around secure development and infrastructure.
• Ensure Bridge meets compliance and audit expectations as we scale to more regulated markets.
• Collaborate cross-functionally with engineering, product, and Stripe’s security org to move fast without compromising safety.

About you

You might be a good fit if you:

• Have 8+ years of experience in Security GRC, ideally with time spent in fast-paced startup environments where you’ve built security practices from the ground up.
• Have a startup mindset: you’re scrappy, pragmatic, and move quickly to solve the most critical problems.
• You’re proficient with NIST CSF, OCC’s Cybersecurity Supervision Work Program and/or FFIEC IT Examination Handbook or other similar global frameworks. 
• Proven prior experience with regulatory audits from Global auditors across Security domains.
• Thrive in ambiguity and know how to ruthlessly prioritize.
• Can balance security rigor with speed, especially in fast-moving environments.
• Communicate clearly across technical and non-technical partners.
• Have experience building or scaling security programs, either at a startup or in an embedded role.
• Are excited about the potential of crypto and stablecoins to power global financial infrastructure (you don’t need deep prior knowledge—just curiosity and openness to learn).

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our San Francisco office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our Vancouver office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000 CAD. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our Seattle office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our New York office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our San Francisco office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

We are seeking a SAP Security & Platform Systems Engineer. This specialized role is responsible for the secure architecture and technical integration of our SAP S/4HANA RISE environment. The ideal candidate will bridge the gap between traditional SAP Security and modern Cloud Platform administration, ensuring robust, compliant, and well-connected SAP systems.

What You'll Do:

• SAP Security & Access Governance
  • Access Model Ownership: Design, build, and maintain S/4HANA business roles, Fiori catalogs, and authorization groups.
  • Identity Management: Perform configuration and troubleshooting of user provisioning and authentication workflows.
  • Compliance & Audit: Participate in technical efforts for SOX and ITGC audits, managing GRC/IAG (including SoD rulesets and Emergency Access/Firefighter) and providing technical evidence.
  • System and Data-Level Security: Perform vulnerability Assessment, secure Fiori apps/Web services and govern security measures at the CDS-view and OData service layer
• Platform Connectivity & System Administration
  • Cloud Ecosystem Integration: Design and manage technical trust configurations (SAML 2.0, OAuth 2.0, Principal Propagation) across S/4HANA, BTP, and SAP Analytics Cloud (SAC) etc.
  • BTP Management: Administer BTP subaccounts, service entitlements, and technical destinations.
  • Secure Connectivity: Install, configure, and monitor SAP Cloud Connectors to maintain secure data transfer between the RISE private cloud and BTP/external services.
  • Certificate Authority: Manage the full lifecycle of X.509 certificates and SSL handshakes within the entire SAP landscape.
  • RISE Coordination: Serve as the technical liaison with SAP RISE operations for system-level changes (e.g., refreshes, kernel parameters, OS configurations).

What You'll Need: 

• 10+ years in SAP technical roles, with a minimum of 3 years focused on S/4HANA and the Business Technology Platform (BTP).
• Expert proficiency in PFCG, SU24 optimization, and Fiori security architecture.
• Direct, practical experience with the SAP BTP Cockpit and SAP Cloud Connector.
• Proven ability to troubleshoot and manage Identity Protocols: SAML, OAuth2, and OpenID Connect (OIDC).
• Direct experience managing SOX/ITGC compliance requirements in a regulated or publicly traded company, reduce SOD violations
• Skilled in performing comprehensive end-to-end traces (e.g., ST01, browser traces, Cloud Connector logs) to diagnose connectivity and authorization issues. 
• Investigate and resolve Authorization-related issues, performing root cause analysis to prevent future breaches.
• Clear understanding of the SAP RISE shared responsibility model.

Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications.

At Archer we aim to attract, retain, and motivate talent that possess the skills and leadership necessary to grow our business. We drive a pay-for-performance culture and reward performance that supports the Company’s business strategy. For this position we are targeting a base pay between $152,100 - $190,100. Actual compensation offered will be determined by factors such as job-related knowledge, skills, and experience.

We are an equal-opportunity employer committed to creating a diverse and inclusive workplace. All qualified applicants will receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, Veteran status, age, or any other protected characteristic per federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws. 

By applying, you agree to be bound by our candidate privacy policy.

Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities, and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archer’s People Team at people@archer.com. Reasonable accommodations will be determined on a case-by-case basis.

About the Role

We are seeking a GRC Automation Lead to join our GRC organization and build the technical foundation for how we scale our risk and compliance programs. In this role, you will lead the team that designs and implements automated workflows, data pipelines, and integrations that transform manual compliance processes into scalable engineering systems. 

This is a greenfield opportunity to establish the team, architecture, and integrations that will define how we approach governance, risk, and compliance at Anthropic. The core challenge is a data problem: compliance information lives across dozens of systems—cloud infrastructure, identity providers, HR platforms, ticketing tools, code repositories—and your job is to design systems that bring it together, normalize it, and make it actionable. Success in this role comes from understanding how systems connect and how data flows between them, not from writing code yourself.

At Anthropic, you'll also have a unique advantage: the ability to design AI-powered workflows where Claude acts as an extension of your team, handling tasks that would traditionally require additional headcount or manual effort. You'll need ingenuity to identify where agentic AI can accelerate evidence collection, interpret unstructured data, triage compliance gaps, and augment human judgment in risk assessments. Working closely with Security, IT, and Engineering teams, you'll translate compliance and regulatory requirements into solutions that support audit programs including SOC 2, ISO, HIPAA, and FedRAMP, building systems that combine traditional automation with AI capabilities to achieve scale that wouldn't otherwise be possible.

Responsibilities: 

• Lead the team that establishes foundational GRC processes and architecture. Design and build automated workflows for risk management and compliance, creating scalable systems that enable continuous monitoring as Anthropic grows.
• Build data pipelines that aggregate risk, control, and asset information from across our technology stack. This means solving hard data integration problems: mapping disparate schemas, handling inconsistent data quality, and creating unified views of compliance posture through dashboards and reporting tools.
• Inform GRC platform strategy and implementation: in partnership with other programs, evaluate, select, and deploy tooling that meets our compliance requirements.
• Translate written policies and compliance requirements into policy-as-code—working with Engineering and Security teams to express requirements as enforceable rules, automated checks, and continuous validation rather than static documents.
• Establish feedback loops between policy and implementation: surface where technical controls diverge from written requirements, identify where policies need to evolve based on infrastructure realities, and ensure that compliance requirements are expressed in terms engineers can act on.
• Design and deploy agentic AI workflows that extend team capacity, using Claude to serve as a virtual GRC analyst to automate evidence analysis, monitor control effectiveness, draft audit responses, interpret policy documents, and handle other tasks that require reasoning over unstructured information.
• Design and maintain integrations connecting GRC tooling with cloud infrastructure, identity management systems, HRIS platforms, ticketing systems, version control, and CI/CD pipelines—working with engineers to implement integrations that enable automated evidence collection and continuous compliance validation.
• Build and lead an AI-forward GRC engineering function as we scale: hiring team members, establishing practices, and defining the technical roadmap for governance and compliance automation at Anthropic.

You may be a good fit if you:

• Have 12+ years of total experience and 3-4+ years of experience managing technical individual contributors or systems-focused teams, with a proven track record of building or scaling small teams (2-5 people) in security, compliance, automation, or operations functions.
• Are a systems thinker first. You understand how complex environments work: how data flows between systems, where integration points exist, what breaks when systems don't talk to each other. Your strength is designing the right architecture and environment for security monitoring, not necessarily implementing it yourself.
• Have 5+ years of experience designing automated workflows, data pipelines, or system integrations, whether through traditional development, low-code platforms, GRC tools, or process automation. We care about your ability to solve integration problems more than your programming language proficiency.
• Have a relentless focus on data integration: you understand how to pull data from multiple sources, normalize it, join it meaningfully, and surface insights. You're comfortable reasoning about messy, inconsistent data and designing systems that handle edge cases gracefully.
• Understand APIs and integration patterns: REST APIs, webhooks, authentication flows, polling vs. push architectures, and can evaluate systems based on how well they expose data and support automation.
• Can work independently with minimal guidance, taking ownership of complex problems from design through implementation while managing ambiguity inherent in early-stage programs.
• Have strong analytical and problem-solving skills with attention to detail necessary for compliance work, balanced with pragmatism about risk-based prioritization in fast-paced environments.

Strong candidates may have:

• Experience designing or implementing AI-powered automation, agentic workflows, or LLM-based tooling in operational contexts.
• Experience with GRC platforms such as ServiceNow GRC, Vanta, Drata, OneTrust, RSA Archer, or similar tools including configuration, customization, and integration capabilities
• Familiarity with scripting languages (Python or similar) for automation tasks, API interactions, and data transformation.
• Prior experience in high-growth startup environments demonstrating ability to build scalable processes and adapt quickly to changing requirements and priorities
• Familiarity with Infrastructure as Code tools (Terraform, CloudFormation, Ansible) and DevSecOps practices including CI/CD pipeline integration and policy-as-code implementations.
• Familiarity with cloud platforms (AWS, GCP, Azure) and an understanding of how compliance-relevant data can be extracted from their APIs and logging systems.

Deadline to apply: None, applications will be received on a rolling basis.

Legend Biotech is seeking a Senior Manager, Internal Controls & Sustainability Reporting as part of the Finance team based in Bridgewater, NJ.

Role Overview

The Senior Manager, Internal Controls & Sustainability Reporting is responsible for executing the design, implementation, evaluation, and continuous improvement of the company’s internal control framework across financial reporting and select non‑financial reporting processes. This role plays a critical leadership position in ensuring compliance with SOX (404), managing enterprise-wide control assessments, partnering with business and IT leaders, and serving as a key liaison with Internal Audit and external auditors.
This role is critical to maintaining the integrity of the company’s reporting and supporting growth through strong governance and risk management. The Senior Manager, Internal Controls & Sustainability Reporting will also support the development and enhancement of sustainability reporting, and will have high visibility with finance leadership and the opportunity to meaningfully shape the internal control environment.
Prior experience with sustainability or ESG reporting is not required

Key Responsibilities

SOX & Internal Controls Leadership

• Drive the company’s SOX 404 compliance program end to end, including scoping, risk assessment, control design, testing strategy, remediation, and certification support.
• Evaluate the effectiveness of entity-level, process-level, and IT general controls (ITGCs).
• Support management’s assessment of internal controls over financial reporting (ICFR) and support quarterly and annual certifications.

Risk Assessment & Control Design

• Partner with process owners to identify financial reporting risks and design efficient, scalable controls.
• Assist in the standardization and optimization of controls, reducing redundancy while maintaining compliance.
• Assess the impact of new accounting standards, system implementations, acquisitions, and process changes on internal controls.

Audit & Stakeholder Management

• Coordinate walkthroughs, testing, issue resolution, and audit deliverables, proactively managing timelines and risks to prevent delays.
• Support the remediation of control deficiencies, including significant deficiencies and material weaknesses.
• Track control deficiencies, lead root cause analysis, and oversee remediation efforts through closure.

Process Improvement & Governance

• Support continuous improvement initiatives, including automation and use of governance, risk, and compliance (GRC) tools.
• Support broader GRC initiatives as needed.
• Assist with special projects for the Controller or CFO, including M&A integration and transformation initiatives.

Operational Audits

• Track and drive closure of operational audit deficiencies impacting the finance function, including follow‑up and remediation oversight.
• Collaborate with operational managers to design and implement effective controls to mitigate identified deficiencies.
• Modify policies, procedures, and internal control documentation to reflect corrected processes.
• If necessary, provide training to staff on updated processes and strengthen the overall control culture.

Sustainability Reporting (expected to be 25-50% of role)

• Support sustainability reporting processes aligned with global regulatory frameworks to promote accuracy, completeness, and assurance readiness.
• Assist with the development and maintenance of internal control frameworks over sustainability data.

Requirements

• Bachelor’s degree in Accounting, Finance, or related field.
• 7+ years of progressive experience in internal controls, SOX, public accounting, or a combination thereof. Big 4 or national public accounting firm experience a plus.
• Strong knowledge of COSO framework and exposure to IT general controls and automated control environments.
• Exposure to automation, data analytics, and/or AI‑enabled tools is a plus.
• ESG or Sustainability reporting experience preferred, not essential.
• CPA a plus.
• Knowledge of IFRS a plus.

#Li-LB1

#Li-Hybrid

The Process Engineer, Internal Audit is the architect of the modern audit function. This role is not about performing audits; it is about designing the systems that perform them. You will engineer, automate, and continuously optimize audit workflows by integrating Generative AI, agentic orchestration, and process engineering principles. Your goal is to move the department from "point-in-time" manual testing to a "continuous assurance" model that provides real-time risk insights.

Responsibilities: 

1. Audit Architecture & Process Re-Engineering

• Workflow Deconstruction: Analyze and map complex end-to-end audit processes (Risk Assessment through Issue Remediations) to identify "automation-first" opportunities.
• Lean Audit Design: Apply Lean/Six Sigma principles to eliminate "waste" in the audit lifecycle, such as manual data entry, redundant evidence requests, and administrative overhead.
• Scalable Solutions: Design standardized, modular workflow patterns that can be reused across Financial, IT, and Operational audit domains.

2. AI Agent Orchestration & Prompt Engineering

• Intelligent Augmentation: Build and deploy AI-assisted workflows using Vellum AI, Copilot Studio, and Claude 3.5/4 to automate:
• Control Mapping: Automatically mapping disparate business processes to COSO/NIST frameworks.
• Automated Walkthroughs: Using AI to summarize meeting transcripts and draft narrative documentation.
• Anomaly Narrative Generation: Converting complex data exceptions into plain-English audit findings for reports.
• Library Management: Develop and maintain a "Prompt Registry" and "Agent Library" to ensure consistency in how AI interacts with sensitive audit data.

3. Automation & Ecosystem Integration

• Agentic Workflows: Design "Agentic" automations in Microsoft Power Automate or Make.com that can reason through exceptions, route approvals, and update GRC platforms (e.g., AuditBoard, Workiva) without human intervention.
• Tool Mastery: Advanced deployment of DataSnipper for automated document matching (e.g., matching 1,000s of Invoices to POs in seconds) and population integrity testing.
• Real-time Risk Dashboards: Design and maintain Power BI or Tableau visualizations that provide a live "Risk Heatmap" based on automated testing results.

4. Governance, Privacy & "Auditability"

• AI Governance: Ensure all AI solutions are "explainable" and meet corporate Model Risk Management (MRM) and data privacy (GDPR/CCPA) standards.
• Validation Controls: Embed "Human-in-the-Loop" checkpoints into every automated process to ensure AI-generated output is validated by a subject matter expert.

You’d be a good fit with: 

Education & Experience

• Education: Bachelor’s degree in Industrial Engineering, Information Systems, Data Science, or Accounting with a heavy technical focus.
• Experience: 5–8+ years in Audit Transformation, Process Excellence, or Business Systems Engineering.

Technical Stack (2026 Proficiencies)

• AI Platforms: Hands-on experience with LLM orchestration (Vellum, LangChain, or Copilot Studio).
• Automation Hubs: Advanced proficiency in Power Automate, Zapier/Make, or n8n.

You’d be a great fit with:

• Industry Savvy: Strong background in manufacturing or organizations engaged in government contracting.
• Modern Audit Toolkit: Hands-on experience with SQL, Python,  DataSnipper or AI-based audit tools (e.g., Alteryx, MindBridge, or custom GPT agents). 
• Data: Proficiency in Data Governance, Datawarehouse (Snowflake/DataBricks)
• AI technology is evolving everyday, critical requirements for this role are passion for AI, self learning, willingness to experiment and implement solutions that are pushing the boundaries.
  
  

Location: Remote, US
Travel: 10% 
Job ID: 1389

The approximate base salary range for this position is $111,692 - $145,649. The total compensation package includes base, bonus, and equity.

About Grupo QuintoAndar

We are Grupo QuintoAndar, the largest real estate ecosystem in Latin America. Guided by a shared purpose of helping people love where they live, we have a diversified portfolio of brands and solutions across different countries in Latin America, covering all phases of the housing journey. We also have a Technology Hub in Portugal. We develop technology and innovation to transform and enhance the overall living experience.

With the support of a world-class team of investors and advisors, including Kaszek, Qualcomm, General Atlantic, and SoftBank, Grupo QuintoAndar is currently valued at over USD 5.1 billion and continues to grow year over year.

Here, you will work with top professionals in the market, in an environment that breathes innovation, collaboration, and high performance. To learn more about our story, visit: https://grupoquintoandar.com/pt/.

Location & Remote Work 

Our technology team operates under a "remote-first" model, which means we work from home and can live anywhere in Brazil. We also offer the option of working from our São Paulo offices or partner coworking spaces, up to twice a week.

Hiring Process Stages

The stages of our hiring processes aim to assess your experiences and allow you to meet our teams and explore career opportunities. They are structured as follows:

• Tech Screening 
• Technical interviews 
• People Interview 
• Hiring Committee

About the Team

We are looking for a senior person to act in the evolution of the Information Security GRC discipline, focusing on transforming risks, controls, and requirements into practical business decisions.

This is not a position for someone focused only on frameworks, audits, or documentation. We are looking for someone strong in GRC, but with the technical repertoire to discuss controls, architecture, third parties, identity, data, cloud, and technology in practice.

The goal of this position is to increase the company's security maturity, bring more quality to risk decisions, and ensure that governance and compliance processes are useful in practice, and not just correct on paper.

What we expect from this position

We expect someone who connects Information Security risks to the business context and transforms this into practical action. Someone who moves well between executive and technical discussions, can structure and evolve governance and risk management processes, conducts consistent assessments, orchestrates the evolution of teams, and supports decisions with clarity, credibility, and a focus on results.

We are looking for a profile that goes beyond compliance on paper, understands controls in practice, evaluates their effectiveness, and has the seniority to act on different fronts of the team, such as cyber risks, policies and standards, third-party risk, executive indicators, awareness, incident governance, cyber resilience, and Information Security strategic planning.

Responsibilities

• Act in the evolution of the Information Security strategic plan, based on risk exposure, maturity level, market benchmarks, and business impact.

• Conduct the information security risk management process end-to-end, including identification, assessment, prioritization, treatment, acceptance, monitoring, and executive reporting, in alignment with the company's Risk Management framework.

• Lead or support key team fronts, such as policies and standards, third-party cyber risk, incident governance, AI governance, cyber resilience, and awareness programs.

• Conduct maturity assessments and evaluations based on frameworks such as NIST CSF 2.0, ISO 27001, CIS, and SOX, transforming diagnoses into executable action plans.

• Define and monitor indicators, governance forums, committees, and executive materials that provide visibility into risks, controls, projects, and maturity evolution.

• Work in partnership with technical and corporate teams to evaluate controls, coordinate remediations, monitor audits and projects, and support the evolution of Information Security maturity.

• Incorporate the use of AI into role activities, with responsibility and a focus on productivity gains and scale.

• Contribute to the evolution of AI governance and security within the company through a culture of responsible and secure technology adoption, assessing risks, and defining controls.

• Monitor and support internal and external audit activities, ensuring the quality and technical consistency of responses, evidence, and remediation plans.

Requirements

• Solid experience (7+ years) in Information Security GRC, with practical performance in complex, dynamic, and technology-intensive corporate environments.

• Practical experience in leading Information Security topics related to risk management and analysis, governance, policies, standards, audits, awareness programs, and third-party risk management.

• Consistent knowledge of frameworks and standards such as NIST CSF 2.0, ISO 27001/27002, CIS, SOX, and related security references.

• Ability to discuss security controls with enough depth to evaluate design, coverage, and effectiveness in practice.

• Good understanding of topics such as cloud security, IAM, vulnerability management, data protection, cyber resilience, AI security, incident management, and third-party cyber risk.

• Ability to transform regulatory requirements, risks, and complex topics into clear, pragmatic, and actionable guidance.

• Senior profile with strong execution, influence, and prioritization skills, and the ability to interact with technical, executive, and corporate audiences.

• Good verbal and written communication in Portuguese and English.

Important

• Our hiring process starts with the application! If you truly want to be part of our team, please complete this step of the process. We analyze all candidates individually and provide feedback to all applicants.

• All communication will be conducted via email, so please stay tuned for our messages and release the domain @quintoandar.com.br to ensure our emails are not sent to spam.

Benefits

• Competitive salary
• Profit sharing
• Meal allowance 
• Health insurance
• Dental plan
• Life insurance
• Childcare subsidy and Atypical Parenthood subsidy
• Wellhub
• Home office allowance
• Employee assistance program (mental health, social, legal, and financial support)
• Extended parental leave
• Day off on birthday, Mother’s Day, and Father’s Day
• Benefits Club (discounts on everyday services)
• Discounts at educational institutions
• Reading kit for children – PlayKids
  
  

Diversity & Inclusion at Grupo QuintoAndar

We value diversity and want everyone to feel welcome here, regardless of their age, gender identity, sexual orientation, race, color, ethnicity, origin, disability, religion, or any other characteristic. All our job openings are open to all individuals!

You'll notice there are some diversity questions in the application form. For affirmative action roles, this information may be used to verify your alignment with the target audience for the opportunity. In such cases, it may be used for elimination purposes. For non-affirmative action roles, this data will be used anonymously, exclusively to monitor and improve our inclusion practices in the hiring process, and will have no impact on your application.

Privacy and Data Protection

The Grupo QuintoAndar operates in compliance with privacy and data protection laws, including, but not limited to, the Brazilian General Personal Data Protection Law (LGPD) (Law No. 13,709/2018), and ensures the security of your data. To learn more, please access our Privacy Notice for Candidates. For questions or to exercise your rights as a data subject, please contact us through our Service Channel.

#LI-FS4

Lantern Specialty Care is seeking a Senior Risk & Governance Analyst to join our GRC team as a key individual contributor. This is a newly created role, built to scale our risk and compliance capabilities as we expand our AI-forward healthcare technology platform. You will report directly to the Sr. GRC Manager and play a foundational role across four priority areas: maintaining our risk register, advancing AI risk governance, TPRM, and supporting our HIPAA compliance program.

This is a high-impact, cross-functional role. We are at a critical stage of maturing our GRC program. There is significant greenfield opportunity to build structure where gaps exist, particularly in risk management and AI governance. The ideal candidate is hands-on, comfortable with ambiguity, and excited to leave their fingerprints on programs that will shape the organization’s risk posture for years to come.

Location: Hybrid - at least 3 days/wk in our Dallas, TX office located at 2100 Ross Avenue, Suite 1900, Dallas, Texas 75201

Responsibilities: 

• Support the build-out of Lantern’s risk register by conducting risk identification workshops, defining risk taxonomy, assigning ownership, and establishing likelihood/impact scoring
• Map current control environment against the NIST CSF function; document gaps and develop a prioritized remediation roadmap
• Establish recurring risk review cadence with business unit owners
• Maintain and evolve the risk register as a living document; produce regular risk reporting for leadership
• AI governance framework aligned to the NIST AI RMF — covering model risk assessment, bias considerations, transparency standards, and accountability structures
• Build and maintain an AI systems inventory with risk ratings; assess new use cases before deployment in partnership with Engineering and Product
• Monitor emerging AI regulatory guidance (HHS, EU AI Act, state-level) and translate into actionable controls
• Manage ongoing HIPAA Privacy and Security compliance programs: gap assessments, remediation tracking, and workforce training coordination
• Support SOC 2 Type II, HITRUST CSF, and other applicable audit cycles
• Support TPRM activities including vendor risk assessments and vendor tiering maintenance

Requirements:

• Bachelor’s degree in Information Security, Healthcare Administration, Computer Science, or related field
• A minimum of 5 years’ experience in GRC, compliance, or information security
• A minimum of 3 years’ experience in healthcare or health-tech industries
• Direct & Hands-on experience with the following:
• Building or significantly maturing a risk register
• Performing or supporting HITRUST and/or SOC 2 audits
• HIPAA Privacy/Security Rule compliance programs
• NIST CSF or ISO 27001
• AI Specific Risk Management Frameworks such as NIST AI RMF or Similar frameworks

Certifications (Preferred)

• CISA, CRISC, CISSP, CHC, or CHPC highly desirable
• HITRUST CCSFP a strong plus

Technical Skills

• Proficiency with a GRC platform (Vanta, Drata, ServiceNow GRC, OneTrust, or equivalent)
• Working knowledge of AI/ML risk concepts and the NIST AI RMF
• Experience with third-party risk tools and structured vendor assessment workflows
• Ability to read, interpret, and operationalize regulatory guidance

 Strong Candidates Will:

• Be energized by building. This role has significant greenfield scope, and the best candidates will see that as an opportunity, not a gap
• Move with urgency and precision, flagging risk before it becomes an issue
• Balance rigor with pragmatism, enabling the organization to move fast while staying protected
• Communicate clearly to both technical and non-technical audiences without losing nuance
• Bring genuine curiosity about AI and emerging technology governance
• Embody Lantern’s LIGHT pillars — Logic, Inclusion, Grit, Humanity, Truth — in every interaction

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Short & Long Term Disability
• Life Insurance
• 401k with company match
• Flexible Time Off
• Paid Parental Leave

Responsibilities

We are looking for an exceptional Senior GRC Analyst to join our growing team. In this role, you will lead compliance assessments for frameworks such as NIST 800-171, ISO 27001, NIST 800-53 (FedRAMP), PCI, MLPS and IRAP, while also driving broader security compliance efforts. The ideal candidate will use strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and recommend improvements across security domains. You will also be responsible for:

• Lead and participate in both internal and external audits for frameworks including ISO 27001/27701, PCI-DSS, NIST 800-171, NIST 800-53 (FedRamp), and IRAP

• Experience using or exploring AI/automation tools to enhance, streamline, or scale Governance, Risk, and Compliance (GRC) processes and workflows

• Manage and oversee risk, compliance, and governance initiatives across teams

• Coordinate with process owners, control owners, auditors, and consultants to ensure findings are tracked and addressed

• Conduct risk assessments, security audits, and third-party/vendor risk reviews

• Review contracts to ensure security and compliance requirements are met

• Identify process gaps and recommend improvements to enhance the organization’s security posture

• Communicate risks and compliance requirements clearly to both technical and non-technical stakeholders

• Perform regular user access reviews

• Develop and track remediation plans for identified risks and issues

• Maintain and update the risk register

• Oversee vendor security assurance processes

• Collaborate with stakeholders to design and implement effective internal controls aligned with regulatory standards

• Support risk and security discussions across cross-functional teams

• Build strong working relationships across departments

• Take on additional responsibilities as needed

Requirements

Qualifications / Experience / Technical Skills

Please note that the working hours for this position are from 2:00 PM to 11:00 PM IST (overlap with U.S. Pacific Time required)

• 8+ years of experience in cybersecurity programs, audits, risk management, compliance, or remediation

• Experience working with cloud platforms such as AWS, Azure, or Google Cloud

• Proven ability to negotiate and prioritize risk remediation with internal stakeholders

• Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field

• Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management

• Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)

• Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701

• Relevant certifications (CISSP, CISA, PCI ISA, ISO, or similar) are preferred

• Ability to manage multiple priorities independently with minimal supervision

Soft Skills / Personal Characteristics

• Strong communication skills with the ability to translate compliance requirements into technical actions

• High energy and adaptability in a fast-paced environment

• Strong collaboration and a knowledge-sharing mindset

• Excellent time management and organizational skills

• High attention to detail, integrity, and ethical standards

• Willingness to learn and take on new challenges

Additional requirements

• May involve some international travel

• This position requires overlap with U.S. Pacific Time (PST) working hours. Candidates should be available and flexible to work from 2:00 PM to 11:00 PM IST.

• Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required.

To help your application stand out, please take time to answer the Job Application Questions below clearly and concisely. All submissions are reviewed by our Hiring Team, not evaluated by AI.

(REQ ID: 2760)

Responsibilities

We are looking for an exceptional Senior GRC Analyst to join our growing team. In this role, you will lead compliance assessments for frameworks such as NIST 800-171, ISO 27001, NIST 800-53 (FedRAMP), PCI, MLPS and IRAP, while also driving broader security compliance efforts. The ideal candidate will use strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and recommend improvements across security domains. You will also be responsible for:

• Lead and participate in both internal and external audits for frameworks including ISO 27001/27701, PCI-DSS, NIST 800-171, NIST 800-53 (FedRamp), and IRAP

• Experience using or exploring AI/automation tools to enhance, streamline, or scale Governance, Risk, and Compliance (GRC) processes and workflows

• Manage and oversee risk, compliance, and governance initiatives across teams

• Coordinate with process owners, control owners, auditors, and consultants to ensure findings are tracked and addressed

• Conduct risk assessments, security audits, and third-party/vendor risk reviews

• Review contracts to ensure security and compliance requirements are met

• Identify process gaps and recommend improvements to enhance the organization’s security posture

• Communicate risks and compliance requirements clearly to both technical and non-technical stakeholders

• Perform regular user access reviews

• Develop and track remediation plans for identified risks and issues

• Maintain and update the risk register

• Oversee vendor security assurance processes

• Collaborate with stakeholders to design and implement effective internal controls aligned with regulatory standards

• Support risk and security discussions across cross-functional teams

• Build strong working relationships across departments

• Take on additional responsibilities as needed

Requirements

Qualifications / Experience / Technical Skills

Please note that the working hours for this position are from 2:00 PM to 11:00 PM IST (overlap with U.S. Pacific Time required)

• 8+ years of experience in cybersecurity programs, audits, risk management, compliance, or remediation

• Experience working with cloud platforms such as AWS, Azure, or Google Cloud

• Proven ability to negotiate and prioritize risk remediation with internal stakeholders

• Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field

• Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management

• Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)

• Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701

• Relevant certifications (CISSP, CISA, PCI ISA, ISO, or similar) are preferred

• Ability to manage multiple priorities independently with minimal supervision

Soft Skills / Personal Characteristics

• Strong communication skills with the ability to translate compliance requirements into technical actions

• High energy and adaptability in a fast-paced environment

• Strong collaboration and a knowledge-sharing mindset

• Excellent time management and organizational skills

• High attention to detail, integrity, and ethical standards

• Willingness to learn and take on new challenges

Additional requirements

• May involve some international travel

• This position requires overlap with U.S. Pacific Time (PST) working hours. Candidates should be available and flexible to work from 2:00 PM to 11:00 PM IST.

• Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required.

To help your application stand out, please take time to answer the Job Application Questions below clearly and concisely. All submissions are reviewed by our Hiring Team, not evaluated by AI.

(REQ ID: 2760)

Responsibilities

We are looking for an exceptional Senior GRC Analyst to join our growing team. In this role, you will lead compliance assessments for frameworks such as NIST 800-171, ISO 27001, NIST 800-53 (FedRAMP), PCI, MLPS and IRAP, while also driving broader security compliance efforts. The ideal candidate will use strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and recommend improvements across security domains. You will also be responsible for:

• Lead and participate in both internal and external audits for frameworks including ISO 27001/27701, PCI-DSS, NIST 800-171, NIST 800-53 (FedRamp), and IRAP

• Experience using or exploring AI/automation tools to enhance, streamline, or scale Governance, Risk, and Compliance (GRC) processes and workflows

• Manage and oversee risk, compliance, and governance initiatives across teams

• Coordinate with process owners, control owners, auditors, and consultants to ensure findings are tracked and addressed

• Conduct risk assessments, security audits, and third-party/vendor risk reviews

• Review contracts to ensure security and compliance requirements are met

• Identify process gaps and recommend improvements to enhance the organization’s security posture

• Communicate risks and compliance requirements clearly to both technical and non-technical stakeholders

• Perform regular user access reviews

• Develop and track remediation plans for identified risks and issues

• Maintain and update the risk register

• Oversee vendor security assurance processes

• Collaborate with stakeholders to design and implement effective internal controls aligned with regulatory standards

• Support risk and security discussions across cross-functional teams

• Build strong working relationships across departments

• Take on additional responsibilities as needed

Requirements

Qualifications / Experience / Technical Skills

Please note that the working hours for this position are from 2:00 PM to 11:00 PM IST (overlap with U.S. Pacific Time required)

• 8+ years of experience in cybersecurity programs, audits, risk management, compliance, or remediation

• Experience working with cloud platforms such as AWS, Azure, or Google Cloud

• Proven ability to negotiate and prioritize risk remediation with internal stakeholders

• Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field

• Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management

• Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)

• Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701

• Relevant certifications (CISSP, CISA, PCI ISA, ISO, or similar) are preferred

• Ability to manage multiple priorities independently with minimal supervision

Soft Skills / Personal Characteristics

• Strong communication skills with the ability to translate compliance requirements into technical actions

• High energy and adaptability in a fast-paced environment

• Strong collaboration and a knowledge-sharing mindset

• Excellent time management and organizational skills

• High attention to detail, integrity, and ethical standards

• Willingness to learn and take on new challenges

Additional requirements

• May involve some international travel

• This position requires overlap with U.S. Pacific Time (PST) working hours. Candidates should be available and flexible to work from 2:00 PM to 11:00 PM IST.

• Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required.

To help your application stand out, please take time to answer the Job Application Questions below clearly and concisely. All submissions are reviewed by our Hiring Team, not evaluated by AI.

(REQ ID: 2760)

Position Overview:

The Solutions Sales Director will play an instrumental role in driving revenue growth for Diligent’s solutions across existing and new accounts. This role is focused on candidates with strong expertise in entity management space, either as a practitioner (e.g., company secretary) or someone who has directly used entity management tools in a commercial or operational setting. The Solutions Sales Director is responsible for managing larger, complex accounts with longer sales cycles and driving adoption of the Diligent One Platform.

This individual contributor position manages the full sales cycle, from initial prospect/customer meetings through to deal completion, while orchestrating internal expertise to deliver on and grow accounts. Providing coaching, guidance, and support to Sales stakeholders is a key element to enable team members to learn best practices. Success in this role is measured by expanding product usage in existing customers, migrating customers to the Diligent One Platform, and selling to new accounts.

Key Responsibilities:

• Demonstrate and maintain expert-level knowledge of Diligent’s ethics and compliance solutions.
• Prospect and manage new and existing business within the designated territory, focusing on larger, complex accounts with longer sales cycles.
• Apply a consultative ‘solutions selling’ approach, using deep domain expertise to understand customer needs and position the Diligent One Platform effectively.
• Leverage industry-focused insights to create long-term competitive advantages for customers.
• Expand strategic customer relationships and drive growth across multiple areas of the organisation.
• Gather feedback from customers on needs, products, and features; collaborate with product management and marketing to drive improvements.
• Develop strategic account plans that generate new business and upsell opportunities, coordinating cross-functional teams to execute plans.
• Manage the end-to-end sales cycle using Diligent-approved methodologies.
• Utilize sales tools to identify leads, schedule meetings, and increase win rates.
• Maintain accurate CRM records, forecasts, and regular reporting on pipeline and bookings.
• Understand competitor landscape, customer strategy, and industry trends.
• Partner with Sales stakeholders to discover and qualify new opportunities, building a structured pipeline.

Required Experience/Skills:

• Experience in the entity management space, either as a practitioner or in selling ethics and compliance solutions.
• Proven success in account management or new business, achieving revenue targets in the technology, SaaS, or GRC sectors.
• Ability to build and maintain relationships with diverse stakeholders at all levels.
• Continuous learning mindset with a desire to expand knowledge of products, industry trends, and customer challenges.
• Excellent communication, presentation, and influencing skills.
• High curiosity and empathy to understand customer context, issues, and pain points through effective questioning and listening.
• Self-motivated, results-driven, and able to operate effectively in a fast-paced, dynamic environment.

  #LI-SM1

  #LI-Hybrid

Come work with us:

Metropolitan Commercial Bank (“MCB” or the “Bank”) is a New York City–based, full-service commercial bank providing tailored banking solutions to businesses, institutions, and individuals. Founded in 1999, MCB operates banking centers in Manhattan and Boro Park, Brooklyn, within New York City, as well as in Great Neck on Long Island, New York, and Lakewood, New Jersey. The Bank recently expanded to Miami, Florida with their newest Brickell banking center.

Metropolitan Commercial Bank offers a comprehensive suite of commercial, business, and personal banking products and services to small businesses, middle-market and corporate enterprises, private and public institutions, municipalities, and local government entities.

The Bank has earned national recognition for its financial performance, innovation, and strategic growth. The Bank was named one of Newsweek’s Best Regional Banks in 2024 and 2025. Additionally, MCB recently received Editor’s Choice recognition at the Banking Tech Awards USA for Digital Onboarding & Omnichannel Banking and in 2026, the Bank earned Great Place To Work certification and received the Web Award Standard of Excellence for MCBankNY.com.

We are a client-focused organization that values technological innovation and excellence. A strong technical mindset, AI fluency, and adaptive skills are essential for our employees to effectively contribute to our mission and drive our success. We foster human–AI teaming and strong governance to ensure technology is used responsibly and in alignment with Bank policies and procedures. For more information about the Bank, please visit the Bank’s website at MCBankNY.com.

Position summary:

As the Compliance Ethics & Advisory Lead, you will be responsible for administering the bank’s ethics compliance program. This role ensures the bank operates in compliance with applicable laws and regulations while promoting a strong culture of integrity, customer fairness, and accountability. This position is both strategic and hands-on, working closely with Chief Compliance Officer (CCO), Compliance, Risk, Human Resources, Legal, business lines, and senior management.

You will administer the bank’s conflict of interest program; oversee compliance with regulatory requirements around conflicts of interest including pay-to-play; promote ethical behavior and decision-making across all levels of the organization (“culture of compliance”); manage the ethics reporting process (including anonymous reporting mechanisms); deliver practical, role-based compliance and ethics training to employees; provide day-to-day compliance guidance to frontline staff and management; develop clear, concise communications on regulatory and ethical expectations; oversee processes for employee self-reporting of gifts received, outside business activities, and applicable political contributions; and conduct or support internal investigations into ethics or conduct-related concerns.

You will support the CCO and other Compliance Advisory teams in ensuring the bank’s compliance with banking and consumer protection regulations. You'll support the development and implementation of compliance management system (CMS) strategies within our bank. Your responsibilities will include ensuring implementing strategies to enhance CMS, mitigating risks, enhancing regulatory controls, identifying, and assessing potential risks, and producing detailed risk reports for stakeholders. Additionally, you'll collaborate with members of Compliance and Risk teams and various other departments to further your job objectives. Strong analytical skills, attention to detail, and a thorough understanding of risk management principles are essential for success in this role.

Your role, reporting directly to the Chief Compliance Officer (CCO), will be to lead implementation and management of a comprehensive Ethics Compliance program; and to support the bank in assessing and addressing conflicts and interests, compliance risks, and control gaps. The successful candidate for this role will be a proactive and analytical individual with a solid understanding of Ethics Compliance, ethics, banking and consumer protection regulations, risk management principles, excellent communication skills, and the ability to work collaboratively in a dynamic environment.

Standard 4-day in-office requirement, 1 day remote (of your choosing)

Responsibilities 

• Lead implementation and management of a comprehensive Ethics Compliance program
• Oversee compliance with regulatory requirements around conflicts of interest including pay-to-play
• Promote ethical behavior and decision-making across all levels of the organization
• Manage the ethics reporting process (including anonymous reporting mechanisms)
• Deliver practical, role-based compliance and ethics training to employees
• Provide day-to-day conflicts of interest compliance guidance to frontline staff and management
• Develop clear, concise communications on regulatory and ethical expectations
• Oversee employee self-reporting of gifts received, outside business activities, and applicable political contributions
• Conduct or support internal investigations into ethics or conduct-related concerns
• Support assessment and addressing compliance risks and control gaps across business lines with applicable banking and consumer protection regulations such as Reg B, Reg C, Reg CC, Reg DD, Reg Z, UDA(A)P, Fair Lending
• Develop and implement standard Ethics Compliance and other reporting for Regulators, Board, and management committees
• Support Compliance with audits and exams including timely and quality responses to information requests from auditors and examiners
• Perform any ad hoc initiatives as requested by the Chief Compliance Officer
• Highly visible role with regulator interaction with senior management

Qualifications & Skills:

• Bachelor's degree in business, finance, compliance, risk management, or a related field. Advanced degree or professional certification (e.g., CRCM, CCEP) is preferred.
• 10+ years of experience in ethics compliance, consumer compliance, enterprise risk management, or related roles within a banking environment and/or consulting.
• Experience of interacting with regulators and responding to audit and exam requests.
• Proficiency in compliance and risk management principles, methodologies, and frameworks.
• Strong analytical skills with the ability to gather, analyze, and interpret complex data.
• Familiarity with compliance risk management software and tools (e.g., GRC platforms).
• Curiosity and interest in learning and adapting new and emerging technologies including AI.
• Excellent written and verbal communication skills, with the ability to convey complex risk concepts in a clear and concise manner.
• Strong presentation skills, including the ability to present findings and recommendations to senior leadership.
• Ability to collaborate effectively with cross-functional teams and build relationships with stakeholders at all levels of the organization.
• Strong project management skills, with the ability to prioritize tasks, meet deadlines, and manage multiple projects simultaneously.
• Meticulous attention to detail and accuracy when analyzing data, preparing reports, and documenting risk management processes.
• Knowledge of Federal Reserve, New York State Department of Financial Services and Consumer Financial Protection Bureau rules and regulations.
• Knowledge of banking regulations and regulatory frameworks, including but not limited to Dodd-Frank Act, and consumer protection laws. Knowledge of requirements for banks exceeding the $10 billion asset threshold.
• Strong analytical skills with the ability to interpret emerging risks and issues, and trends in Key Risk Indicator data in order to escalate any negative trends to senior management.
• Detail-oriented and organized, with the ability to manage multiple priorities and deadlines in a fast-paced environment.
• Sound judgment and decision-making skills, with the ability to balance regulatory requirements with business objectives and risk considerations.
• Driven by a passion and curiosity to continuously learn how various technological systems, including AI, can enhance the work that you do.

Potential Salary: $150,000- $215,000 annually

This salary range reflects base wages and does not include benefits, bonus, or incentive pay. Salary bands are purposefully wide ranging to encompass the different factors considered in determining where a candidate falls in the range, including but not limited to, seniority, performance, experience, education, and any other legitimate, non-discriminatory factor permitted by law. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed here.

Metropolitan Commercial Bank provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Scale seeks a business-minded Director and Associate General Counsel, Compliance to lead Scale’s corporate compliance program. This role will set the legal standards, governance model, and escalation framework for the program, working closely with cross-functional partners to translate that guidance into practical workflows.

This is a high-impact role for a lawyer who combines strong legal judgment with practical program execution in a fast-moving, high-visibility business.

You Will:

• Advise on anti-bribery and anti-corruption, conflicts of interest, gifts and entertainment, third-party risk, and other sensitive corporate compliance matters.
• Lead or support privileged compliance investigations, remediation, and escalations, coordinating across Legal and with outside counsel where matters involve potential litigation or enforcement risk.
• Develop practical compliance policies, workflows, training, and reporting processes that support Scale’s growth and IPO-readiness.
• Mature Scale’s Enterprise Risk Management process, including risk assessment methodology, risk register governance, mitigation tracking, and leadership reporting.
• Set legal standards for compliance operations, including hotline triage, sensitive matter review, policy governance, training requirements, and remediation escalation.
• Partner across Legal, GRC, Security, Product, Engineering, Finance, People, Public Sector, and other business teams on compliance and IPO-readiness.
• Represent Scale’s corporate compliance function with internal and external stakeholders, including customers, auditors, partners, and regulators.

Ideally, you’d have:

• JD and active bar membership in at least one U.S. jurisdiction.
• 10+ years of legal experience across corporate compliance, investigations, regulatory counseling, GRC, internal controls, or related areas.
• Experience building or scaling compliance programs in high-growth technology or similarly complex environments.
• Strong experience with anti-bribery and anti-corruption, conflicts of interest, third-party risk, hotline governance, and privileged investigations.
• Experience maturing ERM, policy governance, training, remediation tracking, risk reporting, and IPO-readiness or public-company compliance.
• Strong judgment and communication skills, with the ability to work effectively across legal, technical, operational, and executive stakeholders.

Nice to haves:

• Experience with AI governance or regulation.
• Familiarity with government contractor compliance, export controls, or industrial security.
• Experience with multinational compliance programs, including Europe, the Middle East, Asia, and Latin America.

The Head of Legal Operations and Chief of Staff acts as the primary strategic partner to the General Counsel, ensuring the department’s operational goals are in lockstep with the company’s broader vision. This role is responsible for turning the Legal & Governance, Risk, and Compliance (GRC) team into a high-performing business unit–- providing the processes, technology, and data insights necessary to enable a 30+-person global team. You will lead a 2-person Legal Operations team, focusing on high-level strategy and enabling your team to lead their respective workstreams with high degrees of autonomy and accountability.

You will:

• Strategic Partnership (Chief of Staff): Partner with the GC and Legal Leadership (Commercial, Corporate, Litigation, Product, GRC, and Public Sector) to define and execute long-term strategy. Own operational planning cycles, including the OKR process, roadmap development, and All-Hands meetings, to ensure cross-functional alignment and maximize the team’s impact.
• Team Leadership & Mentorship: Manage and mentor the Contracts Manager and Legal Program Manager, empowering them to lead their functional areas with high autonomy. Provide mentorship on a dotted-line basis to subject matter experts (e.g., Corporate Paralegal, Privacy Program Manager), ensuring process consistency and high-standard workstreams across the broader Legal & GRC organization.
• Success Management: Design and own the reporting framework for tracking departmental success. Oversee the development of automated dashboards that provide real-time progress against goals, utilizing AI to synthesize data into actionable insights for the GC and Legal Leadership Team.
• Legal Finance & Vendor Strategy: Manage the global Legal budget, forecasting, and accruals. While partnering with the Procurement team for general needs, you will directly lead the strategy for Legal-specific vendors, including outside counsel and legal tech providers. Drive outside counsel management strategy, emphasizing data-driven performance reviews and the negotiation of arrangements that optimize litigation and specialty matter spend.
• Process & Technology: Maintain and optimize a world-class Legal & GRC tech stack (e.g., CLM, e-billing, and litigation tools). Drive business velocity by designing streamlined intake and triage systems for Product and Engineering teams and implementing practical, automated workflow solutions.
• Risk & Litigation Operations: Direct the litigation technology strategy, including the legal hold lifecycle and e-discovery workflows, to ensure defensible compliance in partnership with IT and Security. Develop and maintain strategic risk registers that provide the GC, Legal Leadership, and executive leadership with a clear, data-driven view of the company’s risk landscape.

Ideally you'd have:

• Experience: 10+ years of professional experience, with a solid background in Legal Operations, Strategy, or Management Consulting in a high-growth environment.
• Education: Bachelor’s degree required. An Engineering degree, MBA, or JD is a significant plus.
• Technical Proficiency: Practical experience with legal technology (e.g., Ironclad, Brightflag) and a curiosity for how AI/automation can solve routine legal hurdles. Familiarity with litigation-specific tools (e.g., Logikcull, Relativity, or specialized legal hold software) is highly preferred.
• Analytical & Risk Modeling: Ability to design and maintain strategic risk registers and financial models. You can translate raw data from various workstreams into a cohesive risk landscape (e.g., impact vs. likelihood heatmaps) that informs executive decision-making. Partner with the GC and Legal Leadership to model potential exposure, manage entity-related risks, and inform corporate reserves.
• Mindset: A pragmatic, "get it done" attitude. You can navigate ambiguity, represent the GC in executive forums, and prioritize the tasks that provide the most value to the department.
• Communication: Exceptional ability to translate operational data into clear, concise updates for the GC and executive leadership.

Scale is at the forefront of powering artificial intelligence. We believe that trust in AI is earned with high-quality data for training, fine-tuning, and evaluating AI systems. Our products are transforming how organizations build and deploy AI. Our customers are the world’s most innovative model developers and enterprise and public sector entities looking to apply AI in their organizations and institutions.

We're looking for an Industrial Security Specialist who will play a vital role in supporting personnel security, physical security and program support. The ideal candidate brings strategic and operational experience, a security-first mindset, and a willingness to engage directly with customers, employees and stakeholders. If you're excited by ensuring the integrity and protection of national security, we invite you to apply.

This Industrial Security Specialist will report to the Industrial Security team with close collaboration with GRC, Workplace, and cross-functional teams to support the Public Sector security strategy for Scale. 

You will:

• Balance the timelines and requirements of US Government contracts while supporting Scale AI Public Sector efforts, accredited facilities, and sensitive R&D initiatives
• Assist in the development and execution of security education and awareness programs
• Conduct audits and inspections to ensure compliance with DoD and company policies
• Support all aspects of personnel security management in working directly with government partners to ensure compliance
• Initiate, review, and submit electronic background investigations to DCSA
• Responsible for mandatory USG reporting as it relates to our personnel, facility, and insider threat programs
• Assists in the protection of government, intellectual, third party and company information from unauthorized disclosures
• Conduct security briefings, debriefings, and annual refresher training for cleared employees
• Ensure frameworks are met for NISPOM, ICDs, SAPs, OPSEC, Insider Threat and continuous evaluation programs.
• Prepare, send, and receive visitor certifications
• Review performance work statements (PWS) or Statements of Work (SOW) for contracts and ensure properly executed DD Form 254s. 
• Coordinate incident response and reporting for security violations or concerns.

Ideally you'd have:

• Active U.S. DoD Top Secret, and willingness to obtain a TS/SCI
• Familiarity with USG information systems, such as DISS, NBIS, NISS, SWFT, e-App
• Experience assisting with the implementation and maintenance of a relevant industrial security program
• Must be able to support work 2-3 days a week from the office
• Knowledge of industrial security procedures (NISPOM, ICDs, other DoD/IC regulations and procedures)

Nice to haves:

• Excellent written and verbal communication- able to align with security strategy, IT and executive teams
• Adaptability and Learning Agility: Willingness to quickly grasp and apply new concepts and stay up-to-date with emerging trends in industrial security
• Willingness to work in a dynamic, high-growth company where speed, adaptability, and judgment are essential
• FSO Program Management for Possessing Facilities certification

Role 

We are looking for a Staff Information Systems Engineer based in San Jose (Hybrid, 3 days in office), reporting to the Manager, End User Engineering in the IT Digital Employee Experience department.

The Staff Information Systems Engineer (End-User Computing) defines and drives the strategy and architecture for Zscaler’s secure, cloud-first employee workspace across Windows, macOS, BYOD, and mobile (iOS & Android), ensuring devices are compliant, resilient, and scalable. The role connects End User Engineering(Digital Employee Experience) objectives to day-to-day execution by leading automation, self-service, and zero-touch deployment initiatives, integrating core platforms, and mentoring engineers to improve productivity, reduce risk, and modernize the end-user experience.

What you’ll do (Role Expectations)

• Define EUC strategy and future-state architecture across Windows, macOS, BYOD, and mobile (iOS/Android)
• Lead automation, self-service, and zero-touch provisioning initiatives
• Integrate and optimize core platforms (e.g., Workspace ONE/Intune/Jamf, Automox, Okta, Azure AD)
• Drive security, patching, and vulnerability remediation in partnership with Security
• Provide technical leadership (L4 escalation) and mentor engineers

Who You Are (Success Profile)

• You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. You adapt to what’s needed, navigating seamlessly between high-level strategy and hands-on execution.
• You are a positive force. You approach hard problems with constructive energy and a 'can-do' spirit that is contagious, inspiring your team to stay focused on the solution.
• You are data-driven. You use data and analytics to find the truth, measure what matters, and guide informed decisions. You value evidence over assumptions, replacing "I think" with "I know" to drive better outcomes.
• You operate with urgency. You understand that in a high-growth environment, speed and quality are not mutually exclusive. You have a relentless focus on execution and a bias for action, delivering high-impact results quickly to win for the customer and the team.
• You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust.

What We’re Looking for (Minimum Qualifications)

• 8+ years in endpoint engineering/systems architecture, including prior lead ownership of enterprise-scale initiatives in a global environment
• Expert-level administration of at least one endpoint management stack (Workspace ONE / Intune (MEM) / Jamf) plus strong experience with patching at scale (e.g., Automox)
• Advanced automation skills (PowerShell, Python, and/or shell) with proven delivery of API-driven integrations/workflows across IT/Security/HR systems
• Demonstrated capability to drive zero touch provisioning, endpoint security, vulnerability remediation, and audit readiness in partnership with Security (Zero Trust mindset)
• U.S. citizenship due to the nature of the customers assigned to this role

What Will Make You Stand Out (Preferred Qualifications)

• Hands-on experience with Workspace ONE and Automox for end-to-end endpoint lifecycle management and patch/vulnerability management at scale
• Exposure to AIOps, VDI(Desktop as Service), and advanced self-service/self-healing programs, with measurable outcomes (e.g., reduced ticket volume, faster MTTR, improved device compliance)
• Proven success in FedRAMP/regulated environments, including building repeatable audit evidence, control workflows, and strong partnerships with Security/GRC

#LI-YC2 #LI-Hybrid

Role

We are looking for a Cybersecurity Risk Management Principal to join our team. This is a hybrid role, going in to the San Jose, CA office 3 days a week.  You'll be reporting to the Sr. Director, Enterprise Risk Management within the Security GRC department. You will serve as a technical leader and subject matter expert, conducting sophisticated risk assessments and maintaining the strategic risk register to protect our global infrastructure. You'll bridge the gap between deep technical adversary tactics and high-level business impact to drive remediation across the enterprise.

What you’ll do (Role Expectations)

• Lead comprehensive cyber risk assessments using qualitative and quantitative methods, such as FAIR, to identify and articulate threats to business stakeholders

• Build and maintain a dynamic cyber risk register, ensuring prioritized risks and mitigation strategies are tracked and socialized with executive leadership

• Run the day-to-day operations for Security Policy Exceptions and Risk Acceptance processes to ensure compliance and balanced risk-taking

• Partner with Internal Audit, Compliance, and Security teams to embed risk management frameworks deeply into the enterprise risk lifecycle

• Apply the MITRE ATT&CK framework to analyze adversary techniques and translate that intelligence into actionable enhancements for the organization’s security posture

Who You Are (Success Profile)

• You thrive in ambiguity. You're comfortable building the path as you walk it. You thrive in a dynamic environment, seeing ambiguity not as a hindrance, but as the raw material to build something meaningful.

• You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. True ownership involves leveraging dynamic range: the ability to navigate seamlessly between high-level strategy and hands-on execution.

• You are a problem-solver. You love running towards the challenges because you are laser-focused on finding the solution, knowing that solving the hard problems delivers the biggest impact.

• You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust.

• You are a learner. You have a true growth mindset and are obsessed with your own development, actively seeking feedback to become a better partner and a stronger teammate. You love what you do and you do it with purpose.

What We’re Looking for (Minimum Qualifications)

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or a related field

• 10+ years of experience in cybersecurity risk management with a focus on risk assessments and threat modeling

• Proficiency in the FAIR framework for risk quantification and the MITRE ATT&CK framework

• Expert-level communication skills with the ability to translate complex technical risks into clear, actionable insights for business audiences

• A results-driven approach to security risk management with a proven track record of solving complex security challenges

What Will Make You Stand Out (Preferred Qualifications)

• Advanced certifications such as CISA, CISSP, CISM, CRISC, or FAIR

• A Master’s degree in a technical or business-aligned field

• Prior experience leading a Compliance or Cyber Risk management function within the technology industry

#LI-BH1 #LI-Hybrid

The work

The Senior Information System Security Officer (ISSO) ensures the security, compliance, and continuous monitoring of enterprise information systems. This role supports federal security frameworks, risk management activities, and audit readiness efforts while safeguarding sensitive organizational data. The ISSO will collaborate with technical teams, leadership, and auditors to assess vulnerabilities, maintain authorization documentation, and strengthen governance and compliance processes across the environment.

Key responsibilities:

• Support risk management and continuous monitoring activities to identify and mitigate security vulnerabilities
• Administer and maintain GRC tools to support audit logging, compliance reporting, and security control monitoring
• Prepare documentation and evidence to support federal audits (NIST 800‑53, FISMA, SOC 1/SOC 2, DATA Act, etc.)
• Maintain and update Security Authorization Package artifacts such as SSPs, Risk Assessments, and Security Control Assessments
• Support remediation activities and track audit inquiries and corrective actions
• Assist with project management functions including milestone tracking, compliance forecasting, and deliverable oversight
• Produce regular security posture reports and executive‑level dashboards
• Ensure enforcement of security policies, procedures, and RMF requirements
• Work cross‑functionally with administrators, developers, and stakeholders to integrate security best practices
• Translate complex technical vulnerabilities into clear, actionable insights for leadership and auditors

Here’s what you need:

• 7–9 years of experience in cybersecurity, compliance, or audit
• Strong knowledge of GRC, RMF, NIST 800‑53, FISMA, SOC 1/SOC 2, and federal cybersecurity guidelines
• Experience supporting security compliance within enterprise or ERP environments
• Proficiency with GRC tools and audit logging platforms
• Strong analytical and problem‑solving skills to assess root causes and recommend mitigations
• Ability to manage multiple tasks in a fast‑paced, audit‑driven environment
• Excellent written and verbal communication skills, with the ability to simplify complex topics for non‑technical audiences
• Demonstrated collaboration skills across functional and technical teams

Nice to have:

• CISSP, CISM, CAP, Security+, or similar certifications
• Experience supporting federal agency audits
• Familiarity with SIEM platforms (e.g., Splunk) or endpoint detection and response tools
• Experience developing and delivering security awareness training

Eligibility requirements:

• Must hold an active TS clearance
• US Citizen (no dual citizenship)

The Strategic Account Director position is responsible for developing and managing Accounts designated as Global Accounts and maximizing all sales opportunities within those accounts. More specifically, this position will be charged with promoting and selling KnowBe4’s products and services, with the objective to achieve and exceed monthly sales quota. This can be achieved by targeting your book of business and maximizing cross sale opportunities, increasing subscription levels and adding on additional seats due to account growth. This role will work closely with the assigned customer account teams including the Customer Success Manager and other Account Executives/Managers as necessary to ensure increased ARR and more product suite adoption and coordinate any territory specific deals relating to their global accounts.

Responsibilities:

• Promote and sell KnowBe4’s range of products and services.
• Build and maintain a pipeline of potential customers by developing and managing relationships with prospects.
• Build and maintain a pipeline of potential cross sale, add-on and upgrade opportunities by developing and managing relationships with your assigned customer accounts.
• Identify key decision makers and develop meaningful relationships that add value and drive future account growth. 
• Articulate the value proposition of KnowBe4’s full suite of products and help the customer understand how it will improve their business’s security awareness training (and security overall).
• Achieve or exceed monthly quotas and/or targets. 
• Be well versed in KnowBe4’s product offerings and promote the products and services at trade shows as requested.
• Follow up on marketing leads to generate sales opportunities and pipeline.
• Act strategically in offering or negotiating discounted pricing, in line with established policies and procedures.
• Maintain accurate and thorough records for customer calls, emails, notes, tasks, demos and other relevant information in compliance with the Administration Policy.
• Support in the renewal process where there is an opportunity to grow the account.
• Work with those Customer Success Managers and Renewal Specialists assigned to your customer accounts to the end of your customers increasing their commitment and use of the KnowBe4 Product Suite. 
• Partner with KnowBe4 Revenue teams on methods/ strategies to achieve increased account penetration of Global accounts.  
• Global Account Mapping.
• Traveling to meet on-site with C-Levels and other Executives for their assigned accounts.

Minimum Qualifications:

• Bachelor's Degree strongly preferred (exceptions may be made for military experience). Degree in any field acceptable, but a plus if Cybersecurity, Computer Science, IT, Business, Marketing. 
• Proven track record selling to EVP and C-level (CISOs and Security Teams a plus)
• 5+ years SaaS sales experience (Cybersecurity preferred but not required)
• Experience selling deals $100K - $200K in the Enterprise segment
• Experience selling multi-year deals
• International: English and local language proficiency required.
• Has demonstrated expertise in value-based selling methodologies with enterprise accounts
• Executive-level presentation and communication skills 
• Experience with strategic account planning and management showing measurable account growth
• Experience managing and progressing opportunities involving multiple stakeholders
• Has a track record of managing and closing complex, multi-year deals with multiple stakeholders
• Experience creating and communicating compelling business cases 
• Experience with consultative selling approach and value selling methodology
• Experience handling technical objections
• Skilled in running discovery conversations and managing tailored product demonstrations 
• Technical aptitude with experience using sales tools 
• Experience with CRM systems (preferably Salesforce)
• Experienced with pipeline management & accurate forecasting
• Familiarity with standard concepts, practices and procedures within the IT Security Field
• Experience with Salesforce and Gmail
• Network or Security Plus preferred
• Achievement in demanding extracurricular activities (e.g., debate team captain, entrepreneurial ventures)
• Self-motivated with a growth mindset and continuous learning orientation 
• Strong competitive spirit balanced with collaborative approach 
• Demonstrated interest in cybersecurity sales
• Consistently positive attitude even in the face of adversity
• Quick learner with strong listening skills
• Strong written and verbal communication skills, with previous presentation experience
• Excellent phone presence and professional demeanor 
• Time management and organizational skills 
• Ability to handle rejection and maintain persistence
• Stats driven business professional
• Motivated, energetic self-starter
• Strong collaborative and teamwork skills
• Must be able to work with minimum supervision
• General understanding of:
• Human Risk Management & challenges faced by IT / InfoSec Teams / Compliance & Board Members
• Basic network and email security concepts
• SIEM/SOAR platforms
• Zero Trust Architecture
• Cloud security architecture
• Phishing attack vectors 
• Identity & Access Management 
• Security orchestration and automation
• General understanding of Security Technology Stack: 
• Enterprise IAM solutions (Okta, Ping, Azure AD) 
• SIEM platforms (Splunk, QRadar, LogRhythm) 
• EDR platforms (CrowdStrike, Carbon Black, SentinelOne) 
• Cloud security (AWS Security Hub, Azure Security Center) 
• Email security solutions 
• GRC platforms
• Genuine curiosity and strong desire to learn about cybersecurity and technical concepts
• Basic computer literacy and comfort with business applications
• Ability to quickly grasp and explain basic technical concepts
• Ability to translate complex topics into simple terms
• Interest in keeping up with current technology and cybersecurity trends
• Proven track record of grit and resilience in challenging situations, with high performance under pressure 
• Collegiate athlete or competitive sports background demonstrating rigorous discipline, teamwork, dedication, and competitive spirit
• History of setting and achieving ambitious personal or professional goals
• Track record of leadership in team settings

The compensation for this position ranges from $250,000-$270,000 including base, bonuses and commissions. For more details, click here www.know www.knowbe4.com/careers/know-your-pay/enterprise-sales

The Strategic Account Director position is responsible for developing and managing Accounts designated as Global Accounts and maximizing all sales opportunities within those accounts. More specifically, this position will be charged with promoting and selling KnowBe4’s products and services, with the objective to achieve and exceed monthly sales quota. This can be achieved by targeting your book of business and maximizing cross sale opportunities, increasing subscription levels and adding on additional seats due to account growth. This role will work closely with the assigned customer account teams including the Customer Success Manager and other Account Executives/Managers as necessary to ensure increased ARR and more product suite adoption and coordinate any territory specific deals relating to their global accounts.

Responsibilities:

• Promote and sell KnowBe4’s range of products and services.
• Build and maintain a pipeline of potential customers by developing and managing relationships with prospects.
• Build and maintain a pipeline of potential cross sale, add-on and upgrade opportunities by developing and managing relationships with your assigned customer accounts.
• Identify key decision makers and develop meaningful relationships that add value and drive future account growth. 
• Articulate the value proposition of KnowBe4’s full suite of products and help the customer understand how it will improve their business’s security awareness training (and security overall).
• Achieve or exceed monthly quotas and/or targets. 
• Be well versed in KnowBe4’s product offerings and promote the products and services at trade shows as requested.
• Follow up on marketing leads to generate sales opportunities and pipeline.
• Act strategically in offering or negotiating discounted pricing, in line with established policies and procedures.
• Maintain accurate and thorough records for customer calls, emails, notes, tasks, demos and other relevant information in compliance with the Administration Policy.
• Support in the renewal process where there is an opportunity to grow the account.
• Work with those Customer Success Managers and Renewal Specialists assigned to your customer accounts to the end of your customers increasing their commitment and use of the KnowBe4 Product Suite. 
• Partner with KnowBe4 Revenue teams on methods/ strategies to achieve increased account penetration of Global accounts.  
• Global Account Mapping.
• Traveling to meet on-site with C-Levels and other Executives for their assigned accounts.

Minimum Qualifications:

• Bachelor's Degree strongly preferred (exceptions may be made for military experience). Degree in any field acceptable, but a plus if Cybersecurity, Computer Science, IT, Business, Marketing. 
• Proven track record selling to EVP and C-level (CISOs and Security Teams a plus)
• 5+ years SaaS sales experience (Cybersecurity preferred but not required)
• Experience selling deals $100K - $200K in the Enterprise segment
• Experience selling multi-year deals
• International: English and local language proficiency required.
• Has demonstrated expertise in value-based selling methodologies with enterprise accounts
• Executive-level presentation and communication skills 
• Experience with strategic account planning and management showing measurable account growth
• Experience managing and progressing opportunities involving multiple stakeholders
• Has a track record of managing and closing complex, multi-year deals with multiple stakeholders
• Experience creating and communicating compelling business cases 
• Experience with consultative selling approach and value selling methodology
• Experience handling technical objections
• Skilled in running discovery conversations and managing tailored product demonstrations 
• Technical aptitude with experience using sales tools 
• Experience with CRM systems (preferably Salesforce)
• Experienced with pipeline management & accurate forecasting
• Familiarity with standard concepts, practices and procedures within the IT Security Field
• Experience with Salesforce and Gmail
• Network or Security Plus preferred
• Achievement in demanding extracurricular activities (e.g., debate team captain, entrepreneurial ventures)
• Self-motivated with a growth mindset and continuous learning orientation 
• Strong competitive spirit balanced with collaborative approach 
• Demonstrated interest in cybersecurity sales
• Consistently positive attitude even in the face of adversity
• Quick learner with strong listening skills
• Strong written and verbal communication skills, with previous presentation experience
• Excellent phone presence and professional demeanor 
• Time management and organizational skills 
• Ability to handle rejection and maintain persistence
• Stats driven business professional
• Motivated, energetic self-starter
• Strong collaborative and teamwork skills
• Must be able to work with minimum supervision
• General understanding of:
• Human Risk Management & challenges faced by IT / InfoSec Teams / Compliance & Board Members
• Basic network and email security concepts
• SIEM/SOAR platforms
• Zero Trust Architecture
• Cloud security architecture
• Phishing attack vectors 
• Identity & Access Management 
• Security orchestration and automation
• General understanding of Security Technology Stack: 
• Enterprise IAM solutions (Okta, Ping, Azure AD) 
• SIEM platforms (Splunk, QRadar, LogRhythm) 
• EDR platforms (CrowdStrike, Carbon Black, SentinelOne) 
• Cloud security (AWS Security Hub, Azure Security Center) 
• Email security solutions 
• GRC platforms
• Genuine curiosity and strong desire to learn about cybersecurity and technical concepts
• Basic computer literacy and comfort with business applications
• Ability to quickly grasp and explain basic technical concepts
• Ability to translate complex topics into simple terms
• Interest in keeping up with current technology and cybersecurity trends
• Proven track record of grit and resilience in challenging situations, with high performance under pressure 
• Collegiate athlete or competitive sports background demonstrating rigorous discipline, teamwork, dedication, and competitive spirit
• History of setting and achieving ambitious personal or professional goals
• Track record of leadership in team settings

Role Overview:

The IT SOX Director is responsible for the end‑to‑end ownership of the SOX compliance program, covering IT General Controls (ITGCs), IT Application Controls (ITACs), automated controls, and Business / Financial Reporting SOX. This role partners closely with Information Security, IT, and Finance to ensure effective control design, testing, remediation, and continuous improvement in support of SOX Sections 302 and 404.

Key Responsibilities:

1. IT SOX Program Leadership & Strategy:

• Own and lead the end‑to‑end IT and Financial Reporting SOX program, ensuring effective design, operating effectiveness, remediation, and continuous improvement.
• Oversee SOX compliance for:
• IT General Controls (ITGCs), IT application controls, and automated controls across existing and new systems supporting financial reporting.
• Lead financial reporting risk assessments to determine SOX scope for new or changed business processes

1. Risk Assessment, Scoping & Control Design

• Lead annual and ongoing IT risk assessments to determine SOX scope for existing systems, new applications, platforms and technology changes
• Lead annual and ongoing risk assessments to determine SOX scope for existing and new financial reporting process; Manage the review of design and operating effectiveness of the process

1. SOX Testing Oversight & Issue Management:

• Oversee the design and operating effectiveness reviews of:
• ITGCs and ITACs across scoped systems and platforms
• Business and financial reporting controls across in‑scope processes
• Direct and guide the team through all phases of SOX testing, including planning, walkthroughs, testing, review, and reporting.

• Perform quality reviews of testing results to ensure accuracy, completeness, and audit readiness, and drive timely completion of in‑house SOX testing.
• Prepare IT and business process owners for external SOX audits, walkthroughs, and inquiries.
• Review SOC 1 Type II reports, assess control implications, and coordinate discussions with relevant process owners including Complementary User Entity Controls.
• Support identification, evaluation, and remediation of SOX deficiencies in partnership with stakeholders.

1. Audit & Stakeholder Management

• Coordinate and support external auditor requests, including walkthroughs, evidence submission, and issue resolution.
• Build strong working relationships with IT, Engineering, Information Security, and Finance Controllers to ensure smooth SOX execution.

1. Process Improvement, Automation & Transformation

• Identify and implement opportunities to automate IT and SOX controls, reduce manual effort, and increase auditor reliance.
• Drive standardization and quality of SOX documentation, including process flows, Risk & Control Matrices (RCMs), system diagrams, and role matrices.
• Promote continuous improvement through effective use of SOX tools, GRC platforms, AI tools, and data analytics. 

1. Team Leadership & Talent Development

• Lead, coach, and mentor the in‑house SOX team, fostering technical excellence and accountability.
• Set clear performance expectations, review work quality, and develop a high‑performing compliance culture.
• Support capability building and succession planning within the SOX function. 

1. Regulatory & Industry Awareness

• Stay current with SOX, PCAOB, COSO, and IT risk management standards, including emerging focus areas (eg: AI)
• Monitor regulatory developments and proactively adapt the SOX program to meet changing expectations

Skills required:

• Strong working knowledge of ITGC, ITAC, Key data reporting testing and financial reporting SOX
• Ability to interpret and leverage SOC 1 / SOC 2 reports, including evaluation of CUECs and sub‑service organizations
• Strong working knowledge on SOX scoping for IT applications/platforms and financial reporting process
• Strong understanding of COSO Internal Control Framework and alignment of IT controls to financial reporting risks
• Solid understanding of IT environments including ERP systems, cloud platforms, dev Ops, change pipeline and cloud controls
• Proven ability to lead, coach, and manage inhouse SOX teams
• Clear, concise communication of IT and financial reporting risks and control issues to senior management and audit committee

Education Qualification required:

• CA/CPA/IT or MBA Engineering graduates/Certified Information System Auditor/ with 10 to 15 years of IT SOX experience. The candidate should also possess reasonable business SOX experience.
• In-depth expertise in the COSO framework, PCAOB standards, and IT control environments.
• Demonstrated success leading large-scale, complex SOX programs within public company settings.
• Strong ability to engage and influence senior leadership and external auditors.

Company Summary

Zeta Global is a data-powered marketing technology company with a heritage of innovation and industry leadership. Founded in 2007 by entrepreneur David A. Steinberg and John Sculley, former CEO of Apple Inc and Pepsi-Cola, the Company combines the industry’s 3rd largest proprietary data set (2.4B+ identities) with Artificial Intelligence to unlock consumer intent, personalize experiences and help our clients drive business growth.

Our technology runs on the Zeta Marketing Platform, which powers ‘end to end’ marketing programs for some of the world’s leading brands. With expertise encompassing all digital marketing channels – Email, Display, Social, Search and Mobile – Zeta orchestrates acquisition and engagement programs that deliver results that are scalable, repeatable and sustainable.

Zeta Global is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race,

gender, ancestry, color, religion, sex, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Zeta Global Recognized in Enterprise Marketing Software and Cross-Channel Campaign Management Reports by Independent Research Firm.

https://www.forbes.com/sites/shelleykohan/2024/06/1G/amazon-partners-with-zeta-global-to-deliver- gen-ai-marketing-automation/

https://www.cnbc.com/video/2024/05/06/zeta-global-ceo-david-steinberg-talks-ai-in-focus-at-milken- conference.html

https://www.businesswire.com/news/home/20240G04622808/en/Zeta-Increases-3Q%E2%80%GG24-Guidance

https://www.prnewswire.com/news-releases/zeta-global-opens-ai--data-labs-in-san-francisco-and-nyc- 300S45353.html

https://www.prnewswire.com/news-releases/zeta-global-recognized-in-enterprise-marketing-software-and-cross-channel-campaign-management-reports-by-independent-research-firm-300S38241.html

Clearwater positions open to candidates located in greater Tampa Bay area.

The Account Manager (Enterprise/Strategic) position is responsible for managing assigned customer accounts and maximizing all sales opportunities within those accounts. More specifically, this position will be charged with promoting and selling KnowBe4’s additional products and services to businesses (organizations with 1501+ employees), with the objective to achieve and exceed monthly sales quota. This can be achieved by targeting your book of business and maximizing cross sale opportunities, increasing subscription levels and adding on additional seats due to account growth. This role will work closely with the Customer Success Manager to ensure increased ARR and more product suite adoption by our customers.

Responsibilities:

• Promote and sell KnowBe4’s range of products and services
• Build and maintain a pipeline of potential cross sale, add-on and upgrade opportunities by developing and managing relationships with your assigned accounts
• Identify key decision makers while developing and qualifying cross sale, add-on and upgrade opportunities
• Articulate the value proposition of KnowBe4’s full suite of products and help the customer understand how it will improve their business’s security awareness training (and security overall)
• Achieve or exceed monthly quotas and/or targets 
• Be well versed in KnowBe4’s product offerings and promote the products and services at trade shows as requested
• Follow up on marketing leads to generate sales opportunities and pipeline
• Act strategically in offering or negotiating discounted pricing, in line with established policies and procedures
• Maintain accurate and thorough records for customer calls, emails, notes, tasks, demos and other relevant information in compliance with the Administration Policy
• Support in the renewal process where there is an opportunity to grow the account
• Work with those Customer Success Managers and Renewal Specialists assigned to your customer accounts to the end of your customers increasing their commitment and use of the Knowbe4 Product Suite

Minimum Qualifications:

• Bachelor's Degree strongly preferred (exceptions may be made for military experience). Degree in any field acceptable, but a plus if Cybersecurity, Computer Science, IT, Business, Marketing.
• Proven track record selling to EVP and C-level (CISOs and Security Teams a plus)
• 5+ years SaaS sales experience (Cybersecurity preferred but not required)
• Experience selling deals $500K+ in the Enterprise segment
• Experience selling multi-year deals
• International: English and local language proficiency required.
• Has demonstrated expertise in value-based selling methodologies with enterprise accounts
• Executive-level presentation and communication skills 
• Experience with strategic account planning and management showing measurable account growth
• Experience managing and progressing opportunities involving multiple stakeholders
• Has a track record of managing and closing complex, multi-year deals with multiple stakeholders
• Experience creating and communicating compelling business cases 
• Experience with consultative selling approach and value selling methodology
• Experience handling technical objections
• Skilled in running discovery conversations and managing tailored product demonstrations 
• Technical aptitude with experience using sales tools 
• Experience with CRM systems (preferably Salesforce)
• Experienced with pipeline management & accurate forecasting
• Familiarity with standard concepts, practices and procedures within the IT Security Field
• Experience with Salesforce and Gmail
• Network or Security Plus preferred
• Proven track record of grit and resilience in challenging situations, with high performance under pressure 
• Collegiate athlete or competitive sports background demonstrating rigorous discipline, teamwork, dedication, and competitive spirit
• History of setting and achieving ambitious personal or professional goals
• Track record of leadership in team settings
• Demonstrated interest in cybersecurity sales
• Quick learner with strong listening skills
• Strong written and verbal communication skills, with previous presentation experience
• Excellent phone presence and professional demeanor 
• Time management and organizational skills 
• Ability to handle rejection and maintain persistence
• Stats driven business professional
• Motivated, energetic self-starter
• Strong collaborative and teamwork skills
• Must be able to work with minimum supervision
• Must have a General understanding of:
  • Human Risk Management & challenges faced by IT / InfoSec Teams / Compliance & Board Members
  • Basic network and email security concepts
  • SIEM/SOAR platforms
  • Zero Trust Architecture
  • Cloud security architecture
  • Phishing attack vectors 
  • Identity & Access Management 
  • Security orchestration and automation
• General understanding of Security Technology Stack:
  • Enterprise IAM solutions (Okta, Ping, Azure AD) 
  • SIEM platforms (Splunk, QRadar, LogRhythm) 
  • EDR platforms (CrowdStrike, Carbon Black, SentinelOne) 
  • Cloud security (AWS Security Hub, Azure Security Center) 
  • Email security solutions 
  • GRC platforms
• Genuine curiosity and strong desire to learn about cybersecurity and technical concepts
• Basic computer literacy and comfort with business applications
• Ability to quickly grasp and explain basic technical concepts
• Ability to translate complex topics into simple terms
• Interest in keeping up with current technology and cybersecurity trends
• Proven track record of grit and resilience in challenging situations, with high performance under pressure 
• Collegiate athlete or competitive sports background demonstrating rigorous discipline, teamwork, dedication, and competitive spirit
• History of setting and achieving ambitious personal or professional goals
• Track record of leadership in team settings

New York positions open to candidates located in the New York area.

The Account Manager (Enterprise/Strategic) position is responsible for managing assigned customer accounts and maximizing all sales opportunities within those accounts. More specifically, this position will be charged with promoting and selling KnowBe4’s additional products and services to businesses (organizations with 1501+ employees), with the objective to achieve and exceed monthly sales quota. This can be achieved by targeting your book of business and maximizing cross sale opportunities, increasing subscription levels and adding on additional seats due to account growth. This role will work closely with the Customer Success Manager to ensure increased ARR and more product suite adoption by our customers.

Responsibilities:

• Promote and sell KnowBe4’s range of products and services
• Build and maintain a pipeline of potential cross sale, add-on and upgrade opportunities by developing and managing relationships with your assigned accounts
• Identify key decision makers while developing and qualifying cross sale, add-on and upgrade opportunities
• Articulate the value proposition of KnowBe4’s full suite of products and help the customer understand how it will improve their business’s security awareness training (and security overall)
• Achieve or exceed monthly quotas and/or targets 
• Be well versed in KnowBe4’s product offerings and promote the products and services at trade shows as requested
• Follow up on marketing leads to generate sales opportunities and pipeline
• Act strategically in offering or negotiating discounted pricing, in line with established policies and procedures
• Maintain accurate and thorough records for customer calls, emails, notes, tasks, demos and other relevant information in compliance with the Administration Policy
• Support in the renewal process where there is an opportunity to grow the account
• Work with those Customer Success Managers and Renewal Specialists assigned to your customer accounts to the end of your customers increasing their commitment and use of the Knowbe4 Product Suite

Minimum Qualifications:

• Bachelor's Degree strongly preferred (exceptions may be made for military experience). Degree in any field acceptable, but a plus if Cybersecurity, Computer Science, IT, Business, Marketing.
• Proven track record selling to EVP and C-level (CISOs and Security Teams a plus)
• 5+ years SaaS sales experience (Cybersecurity preferred but not required)
• Experience selling deals $500K+ in the Enterprise segment
• Experience selling multi-year deals
• International: English and local language proficiency required.
• Has demonstrated expertise in value-based selling methodologies with enterprise accounts
• Executive-level presentation and communication skills 
• Experience with strategic account planning and management showing measurable account growth
• Experience managing and progressing opportunities involving multiple stakeholders
• Has a track record of managing and closing complex, multi-year deals with multiple stakeholders
• Experience creating and communicating compelling business cases 
• Experience with consultative selling approach and value selling methodology
• Experience handling technical objections
• Skilled in running discovery conversations and managing tailored product demonstrations 
• Technical aptitude with experience using sales tools 
• Experience with CRM systems (preferably Salesforce)
• Experienced with pipeline management & accurate forecasting
• Familiarity with standard concepts, practices and procedures within the IT Security Field
• Experience with Salesforce and Gmail
• Network or Security Plus preferred
• Proven track record of grit and resilience in challenging situations, with high performance under pressure 
• Collegiate athlete or competitive sports background demonstrating rigorous discipline, teamwork, dedication, and competitive spirit
• History of setting and achieving ambitious personal or professional goals
• Track record of leadership in team settings
• Demonstrated interest in cybersecurity sales
• Quick learner with strong listening skills
• Strong written and verbal communication skills, with previous presentation experience
• Excellent phone presence and professional demeanor 
• Time management and organizational skills 
• Ability to handle rejection and maintain persistence
• Stats driven business professional
• Motivated, energetic self-starter
• Strong collaborative and teamwork skills
• Must be able to work with minimum supervision
• Must have a General understanding of:
  • Human Risk Management & challenges faced by IT / InfoSec Teams / Compliance & Board Members
  • Basic network and email security concepts
  • SIEM/SOAR platforms
  • Zero Trust Architecture
  • Cloud security architecture
  • Phishing attack vectors 
  • Identity & Access Management 
  • Security orchestration and automation
• General understanding of Security Technology Stack:
  • Enterprise IAM solutions (Okta, Ping, Azure AD) 
  • SIEM platforms (Splunk, QRadar, LogRhythm) 
  • EDR platforms (CrowdStrike, Carbon Black, SentinelOne) 
  • Cloud security (AWS Security Hub, Azure Security Center) 
  • Email security solutions 
  • GRC platforms
• Genuine curiosity and strong desire to learn about cybersecurity and technical concepts
• Basic computer literacy and comfort with business applications
• Ability to quickly grasp and explain basic technical concepts
• Ability to translate complex topics into simple terms
• Interest in keeping up with current technology and cybersecurity trends
• Proven track record of grit and resilience in challenging situations, with high performance under pressure 
• Collegiate athlete or competitive sports background demonstrating rigorous discipline, teamwork, dedication, and competitive spirit
• History of setting and achieving ambitious personal or professional goals
• Track record of leadership in team settings

The compensation for this position ranges from $200,000-$210,000 including base, bonuses and commissions. For more details, click here www.know www.knowbe4.com/careers/know-your-pay/enterprise-sales

We will accept applications until 2/27/2026.

See yourself at Twilio

Join the team as Twilio’s next Security Engineer, Security Automation on Twilio’s Information Security Team.

About the job

This position is needed to assist Twilio’s Information Security Team operate more efficiently by improving and automating our critical security workflows.

As a Software Engineer, Security Automation on this team, you will participate in all phases of the software development life cycle which includes requirements gathering with security teams, technical design, estimations, sprint planning, coding, testing, deployments and on-call support. You will own, operate and maintain automated workflows that support various security programs including but not limited to cloud security, product security, Governance, Risk & Compliance (GRC)  and enterprise security, employing Agile methodologies to continuously deliver value to our partners.

Responsibilities

In this role, you’ll:

• Develop and implement automated and AI-powered security solutions to protect Twilio's Cloud and Enterprise infrastructure, leveraging data orchestration frameworks and LLM-based approaches.
• Build workflows that integrate structured and unstructured data sources into orchestrated pipelines, enabling intelligent decision-making and risk reduction at scale.
• Design and prototype LLM-driven applications to automate security analysis, incident response, and governance tasks, while ensuring explainability and accuracy.
• Collaborate with cross-functional teams to identify security needs and deliver advanced AI-enabled solutions that address those needs effectively.
• Contribute significantly to defining our security automation and AI roadmap, balancing near-term and long-term business impact with technical feasibility and scalability.
• Own and maintain the operational health of automation and AI-driven systems, ensuring they continue to meet reliability and performance requirements (SLOs and KPIs).
• Support on-call operations for tools, pipelines, and AI models owned by the team.
• Document and share knowledge through clear technical documentation of processes, procedures, AI models, and orchestration systems.
• Stay up-to-date on emerging trends in security automation, data orchestration, and AI/LLMs—and apply them to Twilio’s security operations for continuous innovation.

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• Minimum of five (5) years of experience as a software engineer developing internal tools and automating workflows at scale
• Proficiency in Python (or another scripting language) for development, testing, and automation of security and infrastructure workflows
• Hands-on experience applying AI/ML models, including LLMs, to automate complex business or security processes and build intelligent solutions
• Solid understanding of software security principles, secure coding practices, and security automation
• Experience with data orchestration frameworks (e.g., Airflow, Dagster, Prefect) to manage and scale automation pipelines
• Familiarity with infrastructure-as-code (Terraform), CI/CD systems (BuildKite or similar), and container orchestration platforms (Kubernetes, Docker)
• Strong problem-solving, communication, and collaboration skills, with the ability to iterate quickly on feedback and work across security and engineering teams

Desired:

• Experience with Security Orchestration, Automation, and Response (SOAR) technologies and practices, with a focus on scaling automated incident response
• Proven ability to design and implement security automation frameworks that enable rapid delivery of reliable, reusable, and scalable automated solutions
• Strong interest in or hands-on experience with building and applying AI/ML models (including LLMs) to automate complex workflows in cybersecurity, compliance, or infrastructure operations
• Ability to bridge AI/automation capabilities with security strategy, driving adoption of next-generation solutions across cloud and enterprise environments
• Passion for continuous innovation in leveraging orchestration, automation, and AI to solve real-world security challenges

Location

This role will be remote, and based in Ireland.

Travel

We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.

What We Offer

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

See yourself at Twilio

Join the team as Twilio’s next Security Engineer, Security Automation on Twilio’s Information Security Team.

About the job

This position is needed to assist Twilio’s Information Security Team operate more efficiently by improving and automating our critical security workflows.

As a Software Engineer, Security Automation on this team, you will participate in all phases of the software development life cycle which includes requirements gathering with security teams, technical design, estimations, sprint planning, coding, testing, deployments and on-call support. You will own, operate and maintain automated workflows that support various security programs including but not limited to cloud security, product security, Governance, Risk & Compliance (GRC)  and enterprise security, employing Agile methodologies to continuously deliver value to our partners.

Responsibilities

In this role, you’ll:

• Develop and implement automated and AI-powered security solutions to protect Twilio's Cloud and Enterprise infrastructure, leveraging data orchestration frameworks and LLM-based approaches.
• Build workflows that integrate structured and unstructured data sources into orchestrated pipelines, enabling intelligent decision-making and risk reduction at scale.
• Design and prototype LLM-driven applications to automate security analysis, incident response, and governance tasks, while ensuring explainability and accuracy.
• Collaborate with cross-functional teams to identify security needs and deliver advanced AI-enabled solutions that address those needs effectively.
• Contribute significantly to defining our security automation and AI roadmap, balancing near-term and long-term business impact with technical feasibility and scalability.
• Own and maintain the operational health of automation and AI-driven systems, ensuring they continue to meet reliability and performance requirements (SLOs and KPIs).
• Support on-call operations for tools, pipelines, and AI models owned by the team.
• Document and share knowledge through clear technical documentation of processes, procedures, AI models, and orchestration systems.
• Stay up-to-date on emerging trends in security automation, data orchestration, and AI/LLMs—and apply them to Twilio’s security operations for continuous innovation.

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• Minimum of five (5) years of experience as a software engineer developing internal tools and automating workflows at scale
• Proficiency in Python (or another scripting language) for development, testing, and automation of security and infrastructure workflows
• Hands-on experience applying AI/ML models, including LLMs, to automate complex business or security processes and build intelligent solutions
• Solid understanding of software security principles, secure coding practices, and security automation
• Experience with data orchestration frameworks (e.g., Airflow, Dagster, Prefect) to manage and scale automation pipelines
• Familiarity with infrastructure-as-code (Terraform), CI/CD systems (BuildKite or similar), and container orchestration platforms (Kubernetes, Docker)
• Strong problem-solving, communication, and collaboration skills, with the ability to iterate quickly on feedback and work across security and engineering teams

Desired:

• Experience with Security Orchestration, Automation, and Response (SOAR) technologies and practices, with a focus on scaling automated incident response
• Proven ability to design and implement security automation frameworks that enable rapid delivery of reliable, reusable, and scalable automated solutions
• Strong interest in or hands-on experience with building and applying AI/ML models (including LLMs) to automate complex workflows in cybersecurity, compliance, or infrastructure operations
• Ability to bridge AI/automation capabilities with security strategy, driving adoption of next-generation solutions across cloud and enterprise environments
• Passion for continuous innovation in leveraging orchestration, automation, and AI to solve real-world security challenges

Location

This role will be remote, and based in the UK.

Travel

We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.

What We Offer

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

See yourself at Twilio

Join the team as Twilio’s next Security Compliance & Regulatory Affairs Analyst 

About the job

We are actively recruiting for this role to support Twilio’s global security regulatory program and directly support the SCRA Lead in executing and scaling the company’s regulatory strategy.

This position is responsible for independently owning delegated components of regulatory analysis, triage, normalization, and operationalization of global cybersecurity and telecom regulatory obligations (e.g., NIS 2, TSA UK, Singapore IMDA), while contributing to broader program-level initiatives led by the SCRA Lead.

The role operates with high autonomy and is expected to take ownership of assigned workstreams end-to-end, requiring strong critical thinking, defensible regulatory interpretation, designing and executing cross-functional initiatives, and the ability to operate without detailed instruction.

Responsibilities

In this role, you’ll:

• Support the SCRA Lead in executing Twilio’s global security regulatory strategy, including contributing to program design, prioritization, and long-term regulatory planning
• Independently interpret complex and ambiguous regulatory frameworks (e.g., NIS 2, EU transpositions, TSA UK) and provide structured outputs that support Lead-level strategy and decision-making
• Support the development and maintenance of regulatory repositories and systems of record, ensuring accuracy, traceability, and audit readiness
• Execute and continuously improve the Cyber Regulation Intake & Triage process in partnership with Legal, ensuring consistent classification, routing, and lifecycle tracking of regulatory obligations
• Map regulatory requirements to internal control frameworks (e.g., UCF, ISO 27001, internal standards), identifying gaps and supporting Lead-driven control strategy decisions
• Develop regulator-ready and high-quality artifacts, including evidence mappings, control narratives, risk statements, and audit support documentation
• Identify, analyze, and escalate regulatory risks and audit obligations, supporting proactive planning and risk visibility at the program level
• Partner cross-functionally with Legal, Public Policy, R&D, Security, Product, Sales, and Risk teams, supporting the Lead in aligning regulatory interpretation with technical and business implementation
• Drive execution of process improvements, tooling enhancements, and automation initiatives defined by the SCRA program
• Operate with high ownership and accountability, executing work independently while aligning to strategic direction set by the SCRA Lead

Qualifications 

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

*Required 

• Experience: 5–8+ years of experience in security compliance, telecom compliance, regulatory affairs, GRC, or related domain within a global technology, cloud, or telecom environment
• Experience: Experience interpreting and operationalizing security frameworks and regulations (e.g., NIS 2, ISO 27001, SOC 2, telecom regulatory regimes)
• Experience: Experience mapping regulatory requirements to control frameworks, policies, and technical implementations
• Technical Domain Expertise: Broad understanding of security architecture, networking, access control, software development, cryptography, and operations. You should be fluent in how security controls are implemented across applications, systems, and cloud platforms to reduce inherent risk.
• Technical Domain Expertise: Ability to analyze ambiguous regulations / regulatory requirements and produce defensible interpretations to support leadership decision-making
• Communication: Strong written communication skills with ability to produce audit-ready and regulator-defensible documentation
• Stakeholder Partnership: Proven ability to collaborate across Legal, Engineering, Security, Product, Sales, and Risk teams in support of program objectives
• Strategic Mindset: High level of self-sufficiency, critical thinking, and ownership, with ability to execute without detailed instruction
• Adaptability: Demonstrated ability to independently execute and deliver complex workstreams end-to-end, while operating under high-level guidance
• Adaptability: Ability to manage multiple concurrent priorities in a global, fast-evolving regulatory landscape

*Desired:

• Technical Domain Expertise: Deep understanding of hybrid cloud environments (AWS/GCP), on-premise infrastructure, APIs, and microservices architectures. Experience in the Telecommunications sector (e.g. telecommunications or CPaaS environments involving messaging, voice, network security) highly preferred.
• Familiarity with primary global regulatory regimes (EU, UK, APAC, LATAM)
• Experience working with regulatory repositories, intake/triage workflows, or compliance automation systems
• Experience supporting external audits or regulator engagements
• High-Octane Individual Contributor: You are a self-starter who takes pride in being a "force multiplier." You have a proven ability to produce high-quality, audit-ready deliverables with minimal oversight.
• Master of Multi-Tasking: Exceptional organizational skills with the ability to context-switch effectively, managing a high volume of concurrent projects and emerging regulations without sacrificing depth or accuracy.
• Collaborative Partner: You don't work in a silo. You are skilled at building bridges across Legal, R&D, Security, and IT, ensuring that Security Regulatory Affairs is integrated as a seamless partner
• Efficiency Expert: You are constantly looking for ways to optimize your own output and team processes, turning manual, repetitive tasks into streamlined, automated successes.
• Executive Presence: Ability to distill granular technical findings into concise, high-level summaries that drive decision-making at the leadership level.

Location

This role will be remote and based in Ontario, British Columbia or Alberta, Canada. 

Travel

We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.

What We Offer

Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. Based on role, employees may also be eligible for additional compensation and benefits, including but not limited to incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off.

The estimated pay ranges for this role are as follows:

• $120,640 - 150,800 CAD
• Target Bonus Percentage: 15% 

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.

Description:

The Assurance, Risk, and Compliance (“ARC”) Initiatives team at MongoDB owns the strategy, governance, and delivery of our most critical cross-functional risk and compliance initiatives. We design and execute programs that support compliance audits, risk assessments, employee awareness and enablement, and the implementation of common control frameworks, along with consistent operating cadences that align key stakeholders, accelerate decision making, and drive the execution of initiatives that reinforce MongoDB’s assurance, risk management, and compliance objectives. We define and track key metrics and deliver clear and timely, executive reporting to provide transparency, measure progress, and ensure lasting operational resilience and governance.

We serve as the central coordination point for ARC-wide initiatives, connecting Product, Engineering, Security, and Legal teams around clear priorities, milestones, and outcomes. Our focus is on building scalable governance structures, defining decision-making frameworks, and establishing repeatable ways of working so that complex efforts can be executed consistently across the team.

The Policy Program Manager is a mid-to-senior level individual contributor role responsible for leading the development and operationalization of policies and procedures aligned to established control frameworks. You will drive end-to-end ownership of policy lifecycle management, from drafting and review through implementation and ongoing maintenance, while coordinating inputs across teams to ensure accuracy, consistency, and adoption. Additionally, you will lead documentation standardization efforts, facilitate stakeholder reviews, and perform gap analyses to continuously strengthen and mature our ARC policy framework.

Responsibilities:

• Lead the end-to-end execution of company-wide compliance programs, including the annual security policy and procedure review cycle
• Design and implement scalable frameworks for policy lifecycle management (creation, review, approval, publication, and retirement)
• Establish standards, templates, and governance processes to ensure consistency and clarity across all compliance documentation
• Maintain a centralized, audit-ready repository for policies, procedures, and supporting artifacts
• Act as the primary point of contact for cross-functional teams (HR, Legal, Engineering, Product)
• Drive alignment, gather inputs, and ensure timely completion of policy updates and compliance deliverables
• Ensure policies and procedures align with regulatory, security, and internal control requirements
• Support internal and external audits by maintaining complete, accurate, and accessible documentation
• Translate audit findings and regulatory changes into actionable policy program updates
• Maintain the integrity of project-specific Jira boards and Confluence pages. Ensure all project artifacts are organized, up-to-date, and ready for leadership review or external audit
• Develop and maintain dashboards to report on program health, completion rates, and obstacles. Present status updates and metrics to leadership
• Evaluate existing program workflows and implement improvements to increase efficiency, reduce manual effort, and improve the stakeholder experience

Requirements:

• 5-8 years of program management experience, ideally within an Information Security or high-growth technology environment
• Experience creating and managing policy and procedure programs or governance frameworks
• Deep understanding of security and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, NIST CSF)
• Strong proficiency in managing full-lifecycle projects, including scoping, planning, risk mitigation, and change control
• Advanced experience with Jira and Confluence, including the ability to build custom dashboards and manage complex documentation repositories
• Maintain and support a GRC/policy management platform to ensure consistent policy administration and system usability
• Excellent interpersonal skills with the ability to hold cross-functional stakeholders accountable to deadlines in a professional and effective manner
• Exceptional attention to detail and the ability to manage multiple overlapping priorities without losing sight of milestones
• A proactive, self-directed approach to work. You enjoy taking ownership of a program and building the structure necessary for its success

Responsibilities & Expectations

• You are expected to be the owner of your assigned programs. While you will work closely with technical SMEs, you are responsible for the logistical success of the workstream. Your success is measured by the timely completion of program goals, the clarity of your reporting, and your ability to anticipate and resolve project bottlenecks
• You don't just track tasks; you own the success of the program

Scope & Complexity

• The scope is horizontal and impacts multiple departments across MongoDB
• Managing complex programs that require coordination with various business units, ensuring that project delays in one area do not derail the overall compliance roadmap

Authority & Impact

• You have the authority to manage the timelines and execution steps of your assigned programs
• Your impact is reflected in the strength of policy program management and organizational readiness you drive; by overseeing and coordinating these workstreams, you ensure the Compliance team consistently meets foundational policy requirements and aligns with external audit expectations

Expertise

• You will develop deep expertise in compliance and audit operations
• You will become the go-to resource for designing, scaling, and executing policy and compliance programs within a cloud-first organization. This role is responsible for independently and collaboratively developing and managing policies and procedures, with a strong understanding of compliance frameworks and the ability to interpret and operationalize control requirements

Leadership

• Leadership in this role is demonstrated through influence and mentorship. While you may not have direct reports, you will guide cross-functional teams in developing and standardizing policies/supporting documentation, as well as provide mentorship on policy governance, standardized documentation practices, and compliance alignment

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB is an equal opportunities employer.

REQ ID: 1273402887

Description:

The Assurance, Risk, and Compliance (“ARC”) Initiatives team at MongoDB owns the strategy, governance, and delivery of our most critical cross-functional risk and compliance initiatives. We design and execute programs that support compliance audits, risk assessments, employee awareness and enablement, and the implementation of common control frameworks, along with consistent operating cadences that align key stakeholders, accelerate decision making, and drive the execution of initiatives that reinforce MongoDB’s assurance, risk management, and compliance objectives. We define and track key metrics and deliver clear and timely, executive reporting to provide transparency, measure progress, and ensure lasting operational resilience and governance.

We serve as the central coordination point for ARC-wide initiatives, connecting Product, Engineering, Security, and Legal teams around clear priorities, milestones, and outcomes. Our focus is on building scalable governance structures, defining decision-making frameworks, and establishing repeatable ways of working so that complex efforts can be executed consistently across the team.

The Policy Program Manager is a mid-to-senior level individual contributor role responsible for leading the development and operationalization of policies and procedures aligned to established control frameworks. You will drive end-to-end ownership of policy lifecycle management, from drafting and review through implementation and ongoing maintenance, while coordinating inputs across teams to ensure accuracy, consistency, and adoption. Additionally, you will lead documentation standardization efforts, facilitate stakeholder reviews, and perform gap analyses to continuously strengthen and mature our ARC policy framework.

Responsibilities:

• Lead the end-to-end execution of company-wide compliance programs, including the annual security policy and procedure review cycle
• Design and implement scalable frameworks for policy lifecycle management (creation, review, approval, publication, and retirement)
• Establish standards, templates, and governance processes to ensure consistency and clarity across all compliance documentation
• Maintain a centralized, audit-ready repository for policies, procedures, and supporting artifacts
• Act as the primary point of contact for cross-functional teams (HR, Legal, Engineering, Product)
• Drive alignment, gather inputs, and ensure timely completion of policy updates and compliance deliverables
• Ensure policies and procedures align with regulatory, security, and internal control requirements
• Support internal and external audits by maintaining complete, accurate, and accessible documentation
• Translate audit findings and regulatory changes into actionable policy program updates
• Maintain the integrity of project-specific Jira boards and Confluence pages. Ensure all project artifacts are organized, up-to-date, and ready for leadership review or external audit
• Develop and maintain dashboards to report on program health, completion rates, and obstacles. Present status updates and metrics to leadership
• Evaluate existing program workflows and implement improvements to increase efficiency, reduce manual effort, and improve the stakeholder experience

Requirements:

• 5-8 years of program management experience, ideally within an Information Security or high-growth technology environment
• Experience creating and managing policy and procedure programs or governance frameworks
• Deep understanding of security and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, NIST CSF)
• Strong proficiency in managing full-lifecycle projects, including scoping, planning, risk mitigation, and change control
• Advanced experience with Jira and Confluence, including the ability to build custom dashboards and manage complex documentation repositories
• Maintain and support a GRC/policy management platform to ensure consistent policy administration and system usability
• Excellent interpersonal skills with the ability to hold cross-functional stakeholders accountable to deadlines in a professional and effective manner
• Exceptional attention to detail and the ability to manage multiple overlapping priorities without losing sight of milestones
• A proactive, self-directed approach to work. You enjoy taking ownership of a program and building the structure necessary for its success

Responsibilities & Expectations

• You are expected to be the owner of your assigned programs. While you will work closely with technical SMEs, you are responsible for the logistical success of the workstream. Your success is measured by the timely completion of program goals, the clarity of your reporting, and your ability to anticipate and resolve project bottlenecks
• You don't just track tasks; you own the success of the program

Scope & Complexity

• The scope is horizontal and impacts multiple departments across MongoDB
• Managing complex programs that require coordination with various business units, ensuring that project delays in one area do not derail the overall compliance roadmap

Authority & Impact

• You have the authority to manage the timelines and execution steps of your assigned programs
• Your impact is reflected in the strength of policy program management and organizational readiness you drive; by overseeing and coordinating these workstreams, you ensure the Compliance team consistently meets foundational policy requirements and aligns with external audit expectations

Expertise

• You will develop deep expertise in compliance and audit operations
• You will become the go-to resource for designing, scaling, and executing policy and compliance programs within a cloud-first organization. This role is responsible for independently and collaboratively developing and managing policies and procedures, with a strong understanding of compliance frameworks and the ability to interpret and operationalize control requirements

Leadership

• Leadership in this role is demonstrated through influence and mentorship. While you may not have direct reports, you will guide cross-functional teams in developing and standardizing policies/supporting documentation, as well as provide mentorship on policy governance, standardized documentation practices, and compliance alignment

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

REQ ID: 1273402887

The Information Security Risk Team at MongoDB is the operational engine of the internal and third-party risk programs. Situated within the Assurance, Risk, and Compliance (ARC) organization, the team is responsible for the "Reduction of Uncertainty" across the enterprise. We view this team as the "Operational Commander" of the risk function. The team oversees the entire lifecycle of risk identification, assessment, and treatment, ensuring that MongoDB’s leadership has a clear, quantified view of the top risks facing the organization. We are not just a compliance function; we are a "Risk Intelligence" unit that empowers the business to "Think Big" while keeping our eyes wide open to the risks we accept.

As the Senior Information Risk Analyst, you will serve as the subject matter expert and primary executor of our risk function. Reporting directly to the Risk Director, you will be responsible for conducting and owning the lifecycle of internal security assessments (annual + ad-hoc), applying risk methodology, producing risk memos and working with asset/risk owners across the business that powers MongoDB’s growth. This is a pivotal moment for our Risk function as we scale operations to meet the demands of a $100B+ database market while navigating an increasingly rigorous regulatory landscape (DORA, FedRAMP, NIS2).

This role can be based remotely in the United States.

Responsibilities

Program Maturity

• Risk Assessment Methodology Implementation: Lead the strategic roadmap to integrate the risk matrix into the risk framework
• Regulatory Governance: Ensure the risk program complies with global regulations, specifically DORA (EU) regarding ICT registers and FedRAMP Rev 5 supply chain controls. Maintain the Supply Chain Risk Management (SCRM) plan and oversee strict boundary protections for the "Atlas for Government" environment
• Policy & Procedure Ownership: Maintain the Information Risk Management Procedure (ISQMS), ensuring that risk identification, assessment, and treatment processes are documented, updated annually, and followed consistently across the organization

Operational Execution

• Experience conducting technical security risk assessments (infrastructure, cloud, application-level). Including experience in evaluating control effectiveness through technical evidence (configurations, logs, architecture diagrams)
• Workflow Orchestration: Own the end-to-end risk assessment process
• Inherent Risk Scoring: Validate the team’s application of the Risk Scoring formula.   Apply the risk scoring formula for baseline scores based on breach history (last 12 months) and weighted impact
• Ensure the risk acceptance process has the right level of information and the appropriate stakeholders
• Ticket Hygiene: Actively manage the Jira backlog to prevent "frozen tickets”

Monitoring and Reporting

• Conduct annual enterprise security risk assessments and ad-hoc assessments as triggered by material changes, incidents, or new initiatives
• Identify risk scenarios for the in-scope assets by working with the asset and risk owners
• Assess the inherent risk and residual risk based on established risk assessment methodology and control assessments
• Synthesize the analysis into high-quality, Risk Assessment Memos. These documents must tell a cohesive story, moving from the "Risk Statement" to the "Calculation Logic" to the final "Risk Rating"
• Manage the risk acceptance process in JIRA, review for appropriateness and accuracy
• Maintain the Risk Management Dashboard and report on accurate risk metrics

Requirements

• Professional Experience: 10+ years of experience in Information Security, Governance, Risk & Compliance (GRC)
• Hands-on experience conducting enterprise-level security risk assessments end-to-end, including scoping, threat modeling, control evaluation, and executive reporting
• Evaluate control effectiveness using technical evidence (configs, logs, architecture diagrams)
• Perform threat modeling using established methodologies (STRIDE, MITRE ATT&CK)
• Deep operational understanding of risk assessment methodologies (NIST SP 800-30) and standard control frameworks (NIST CSF, NIST SP 800-53, ISO 27001, SOC 2, SIG Core/Lite, CAIQ)
• Regulatory Knowledge: Comprehensive knowledge of DORA, NIS2, FedRAMP Rev 5 (specifically Supply Chain/SCRM), GDPR, and PCI-DSS requirements
• Ability to write executive-level risk reports that translate technical flaws into business risks
• A strong track record of collaborating effectively across teams and levels to influence change
• Education: Bachelor’s degree in a relevant field (Cybersecurity, Business, Information Systems)
• Certifications: CRISC, CCSP, CISSP, CISA, relevant cloud certifications

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Req ID: 1273387742

The Program Manager / Senior Analyst (Public Sector) is a senior-level individual contributor role responsible for the lifecycle management of our most sensitive US government authorizations. This role acts as a lead for high-stakes workstreams involving FedRAMP High, DoD IL5+, CJIS, and ITAR. Unlike the Analyst level, this role takes full ownership of complex federal assessments and leads the continuous monitoring strategy for our Atlas for Government product. This role is a key resource for interpreting NIST 800-53 controls and translating them into technical requirements for our engineering teams.

Responsibilities:

• Lead the end-to-end execution of federal assessments, coordinating with Third Party Assessment Organizations (3PAOs), agency sponsors, and the FedRAMP PMO
• Manage the federal continuous monitoring (ConMon) program, including the timely analysis and reporting of vulnerabilities and the maintenance of the POA&M
• Lead the annual update and technical review of core FedRAMP artifacts, including the System Security Plan (SSP), Contingency Plan (ISCP), and Incident Response Plan (IRP)
• Act as a technical advisor to Engineering and Operations teams to ensure cloud configurations (e.g., FIPS 140-2/140-3, boundary protection, and access control) meet federal and DoD IL5+ mandates
• Perform deep-dive gap analyses for new public sector requirements (such as CMMC or GovRAMP) and define the roadmap for technical remediation
• Directly support federal sales efforts by serving as a subject matter expert during customer security reviews and explaining our technical compliance posture to agency stakeholders
• Create and maintain high-impact Jira dashboards and presentations to provide leadership with visibility into public sector compliance health and project milestones

Requirements:

• 5+ years in GRC, Technical Writing, or IT Audit, with a heavy focus on US Public Sector frameworks (FedRAMP, DoD SRG, CJIS)
• Deep understanding of NIST 800-53 and NIST 800-171 controls and how they are implemented within cloud architectures (AWS, GCP, or Azure)
• Proven track record of managing federal audits from kickoff through to the issuance of an Authorization to Operate (ATO)
• Exceptional ability to explain complex security configurations to government auditors and internal technical teams
• Advanced proficiency in Jira and Confluence to track control performance data and manage large-scale federal documentation projects
• US Citizenship is required for this role.

Responsibilities & Expectations:

• You are expected to be the primary driver of public sector compliance initiatives
• You move beyond simple task tracking to understand the intent behind federal requirements, ensuring our technical implementation is both compliant and efficient
• You are expected to maintain the highest level of confidentiality and integrity due to the sensitivity of government data

Scope & Complexity:

• The scope is deeply technical and specialized for the US Federal, State, and Local Government markets
• You will navigate the complexity of mapping shared controls across multiple specialized frameworks, ensuring a single remediation effort satisfies FedRAMP, CJIS, and ITAR requirements simultaneously

Authority & Impact:

• This role has the authority to lead federal assessment project streams and represent MongoDB in technical reviews with 3PAOs and federal agencies
• Your work directly enables MongoDB to secure and maintain the authorizations required to serve the Department of Defense and civilian agencies, protecting a critical revenue stream

Expertise:

• You will be recognized as a subject matter expert in public sector cloud security requirements and their implementation in SaaS environments
• You bridge the gap between high-level policy and technical engineering, becoming the go-to resource for how MongoDB Atlas for Government meets the most stringent federal mandates

Leadership:

• Leadership in this role is demonstrated through technical ownership and mentorship. You will lead cross-functional project teams through intense authorization cycles and mentor junior analysts on the nuances of NIST 800-53 and federal audit methodology

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Req ID: 1273396370

Description:

The Information Security Risk Analyst is the operational engine of the internal risk program. While the Senior IRM Analyst and Risk Director define the strategic roadmap, the Analyst ensures the daily execution of that strategy. They are responsible for the "production line" of risk assessment: taking raw signals from the business, processing them through the established methodology, and outputting actionable risk decisions (Remediation or Acceptance).

The ultimate objective of this role is Reduction of Uncertainty. By managing the program effectively, the IRM Analyst ensures that MongoDB’s leadership has a clear, quantified view of the top risks facing the enterprise. They transform the Risk Register from a static spreadsheet into a dynamic governance tool that drives accountability.

The IRM Analyst must not be afraid to be in the trenches with the Engineering and Product teams. They are the primary face of the "Risk Intake Process," guiding stakeholders through the methodology. They are the gatekeeper of quality, ensuring that no risk enters the register until it has been properly scoped and quantified.

Responsibilities:

Risk Identification & Assessment

• Execute risk assessments under senior guidance - perform scoping, inherent risk scoring, control assessment, and residual risk calculation using established methodology
• Conduct risk identification intake, manage the flow of requests from Jira Service Desk and the Issue Intake Tracker, review incoming submissions against entry criteria, assign Risk IDs, and replicate validated risks into the Risk Register
• Act as the Triage Officer for incoming risk submissions, determine whether submissions represent strategic risks, operational issues, or duplicates. Filter noise to focus the team on signals
• Develop risk scenarios for in-scope assets by working with asset owners and risk owners , identify threat communities, threat events, and impact categories
• Draft Risk Assessment Memos that tell a cohesive story from risk statement to risk rating to actionable recommendation. Progressively build toward independently authored memos that require minimal review notes
• Monitor and flag emerging risk signals , including AI-related risks (model integrity, data poisoning, shadow AI, third-party AI dependencies) , and escalate with documented analysis for integration into the risk framework

Control Identification, Mapping & Assessment

• Identify and document controls that mitigate assessed risks , map controls to specific risk scenarios and applicable framework requirements (NIST SP 800-53, ISO 27001, SOC 2)
• Assess the design adequacy of controls , evaluate whether each control is appropriately designed to address the risk it is mapped to, and document findings with supporting rationale
• Assess the operating effectiveness of controls , collect and evaluate evidence to determine whether controls are functioning as designed over the assessment period, and document results
• Document control gaps and support remediation tracking , maintain clear records of where controls are missing, partially effective, or require compensating controls. Track remediation progress
• Maintain control-to-framework mappings to ensure risk assessment outputs directly support audit and certification evidence packages (FedRAMP, SOC 2, ISO 27001, PCI-DSS)

Risk Categorization & Governance

• Apply the established risk taxonomy and categorization methodology consistently across all assessed risks
• Process risk acceptance requests in Jira , validate completeness, ensure documented context and stakeholder sign-off, confirm time-bound conditions, and flag concerns to the Senior lead
• Maintain the Risk Register, risk inventory, and supporting trackers with obsessive attention to data integrity, no missing dates, undefined owners, or stale entries. A Risk Register with governance gaps is a program failure

Reporting & Stakeholder Engagement

• Contribute to KRI data collection and dashboard inputs , support accurate, timely reporting that feeds executive risk dashboards and governance forum materials
• Engage directly with technical stakeholders (engineering, product, infrastructure teams) during risk assessments , ask informed questions, gather evidence, and document findings
• Progressively build the technical fluency to lead stakeholder conversations independently , develop working proficiency in cloud-native architectures, SaaS security models, and common technical controls (IAM, encryption, network segmentation, logging/monitoring)
• Translate technical findings into clear, business-relevant risk language in all written work products

Policy, Process & Governance Hygiene

• Support drafting and maintaining risk procedures, guidelines, and assessment templates across the IRM program scope
• Execute governance hygiene , data quality, tracker maintenance, workflow adherence, evidence organization, and documentation standards
• Manage the risk assessment pipeline in Jira, create and maintain workflows, dashboards, and use JQL to track the assessment ticket lifecycle

Requirements:

Experience & Education:

• 3–5 years of experience in Information Security, Governance, Risk, and Compliance (GRC), or Enterprise Risk Management
• Experience performing risk assessments — including risk identification, inherent/residual risk scoring, and documentation of findings
• Experience identifying, documenting, and evaluating controls — including assessment of design adequacy and operating effectiveness
• Strong working knowledge of NIST CSF, NIST SP 800-30/39/53, and ISO/IEC 27005 — ability to use these frameworks as a library of controls and risk guidance
• Advanced proficiency in Excel/Google Sheets (pivot tables, VLOOKUP, complex formulas) for risk data analysis and reporting
• Jira proficiency — managing projects, creating workflows and dashboards, and using JQL
• Ability to write clear, concise, and defensible Risk Assessment Memos
• Obsessive attention to detail regarding data integrity and documentation quality
• Foundational understanding of cloud-native architectures and common technical controls (IAM, encryption, logging/monitoring, network segmentation) — with a commitment to building deeper technical fluency
• Awareness of AI risk concepts and willingness to develop expertise in emerging AI risk and regulatory landscape
• A strong track record of collaborating effectively across teams and levels
• Bachelor's degree in Cybersecurity, Information Systems, Business Administration, or a related field
• Certifications: At least, one of the following certifications is required - CRISC, CISM, CISSP, or CISA

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Req ID: 1273425625

The Information Security Risk Team at MongoDB is the operational engine of the internal and third-party risk programs. Situated within the Assurance, Risk, and Compliance (ARC) organization, the team is responsible for the "Reduction of Uncertainty" across the enterprise. We view this team as the "Operational Commander" of the risk function. The team oversees the entire lifecycle of risk identification, assessment, and treatment, ensuring that MongoDB’s leadership has a clear, quantified view of the top risks facing the organization. We are not just a compliance function; we are a "Risk Intelligence" unit that empowers the business to "Think Big" while keeping our eyes wide open to the risks we accept.

As the Senior Information Risk Analyst, you will serve as the subject matter expert and primary executor of our risk function. Reporting directly to the Risk Director, you will be responsible for conducting and owning the lifecycle of internal security assessments (annual + ad-hoc), applying risk methodology, producing risk memos and working with asset/risk owners across the business that powers MongoDB’s growth. This is a pivotal moment for our Risk function as we scale operations to meet the demands of a $100B+ database market while navigating an increasingly rigorous regulatory landscape (DORA, FedRAMP, NIS2).

This role can be based out of our Dublin office or remotely in Ireland. 

Responsibilities

Program Maturity

• Risk Assessment Methodology Implementation: Lead the strategic roadmap to integrate the risk matrix into the risk framework
• Regulatory Governance: Ensure the risk program complies with global regulations, specifically DORA (EU) regarding ICT registers and FedRAMP Rev 5 supply chain controls Maintain the Supply Chain Risk Management (SCRM) plan and oversee strict boundary protections for the "Atlas for Government" environment
• Policy & Procedure Ownership: Maintain the Information Risk Management Procedure (ISQMS), ensuring that risk identification, assessment, and treatment processes are documented, updated annually, and followed consistently across the organization

Operational Execution

• Experience conducting technical security risk assessments (infrastructure, cloud, application-level). Including experience in evaluating control effectiveness through technical evidence (configurations, logs, architecture diagrams)
• Workflow Orchestration: Own the end-to-end risk assessment process
• Inherent Risk Scoring: Validate the team’s application of the Risk Scoring formula.   Apply the risk scoring formula for baseline scores based on breach history (last 12 months) and weighted impact
• Ensure the risk acceptance process has the right level of information and the appropriate stakeholders
• Ticket Hygiene: Actively manage the Jira backlog to prevent "frozen tickets”

Monitoring and Reporting

• Conduct annual enterprise security risk assessments and ad-hoc assessments as triggered by material changes, incidents, or new initiatives
• Identify risk scenarios for the in-scope assets by working with the asset and risk owners
• Assess the inherent risk and residual risk based on established risk assessment methodology and control assessments
• Synthesize the analysis into high-quality, Risk Assessment Memos. These documents must tell a cohesive story, moving from the "Risk Statement" to the "Calculation Logic" to the final "Risk Rating"
• Manage the risk acceptance process in JIRA, review for appropriateness and accuracy
• Maintain the Risk Management Dashboard and report on accurate risk metrics

Requirements

• Professional Experience: 10+ years of experience in Information Security, Governance, Risk & Compliance (GRC)
• Hands-on experience conducting enterprise-level security risk assessments end-to-end, including scoping, threat modeling, control evaluation, and executive reporting
• Evaluate control effectiveness using technical evidence (configs, logs, architecture diagrams)
• Perform threat modeling using established methodologies (STRIDE, MITRE ATT&CK)
• Deep operational understanding of risk assessment methodologies (NIST SP 800-30) and standard control frameworks (NIST CSF, NIST SP 800-53, ISO 27001, SOC 2, SIG Core/Lite, CAIQ)
• Regulatory Knowledge: Comprehensive knowledge of DORA, NIS2, FedRAMP Rev 5 (specifically Supply Chain/SCRM), GDPR, and PCI-DSS requirements
• Ability to write executive-level risk reports that translate technical flaws into business risks
• A strong track record of collaborating effectively across teams and levels to influence change
• Education: Bachelor’s degree in a relevant field (Cybersecurity, Business, Information Systems)
• Certifications: CRISC, CCSP, CISSP, CISA, relevant cloud certifications

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB is an equal opportunities employer.

Req ID: 1273387742

Description:

The Information Security Risk Analyst is the operational engine of the internal risk program. While the Senior IRM Analyst and Risk Director define the strategic roadmap, the Analyst ensures the daily execution of that strategy. They are responsible for the "production line" of risk assessment: taking raw signals from the business, processing them through the established methodology, and outputting actionable risk decisions (Remediation or Acceptance).

The ultimate objective of this role is Reduction of Uncertainty. By managing the program effectively, the IRM Analyst ensures that MongoDB’s leadership has a clear, quantified view of the top risks facing the enterprise. They transform the Risk Register from a static spreadsheet into a dynamic governance tool that drives accountability.

The IRM Analyst must not be afraid to be in the trenches with the Engineering and Product teams. They are the primary face of the "Risk Intake Process," guiding stakeholders through the methodology. They are the gatekeeper of quality, ensuring that no risk enters the register until it has been properly scoped and quantified.

Responsibilities: