Who we are

Bridge is Stripe’s fintech innovation hub focused on building a modern, stablecoin-powered cross-border payments network. We operate like a startup within Stripe: fast-paced, entrepreneurial, and product-obsessed, but with the backing of one of the most trusted names in fintech.

We’re hiring a Security Analyst / Program Manager to build and scale Bridge’s security foundation. This is a rare opportunity to design the security governance, risk and compliance programs from the ground up, while also leveraging the infrastructure, best practices, and tooling of one of the most mature security organizations in the industry.

What you'll do

• Design, and implement Bridge’s security governance, risk and compliance roadmaps from first principles to production.
• Identify and tackle Bridge’s most important security risks quickly and pragmatically.
• Adopt Stripe’s programs, controls and processes where it makes sense, and find custom approaches where it doesn’t.
• Lead risk assessment, control design and testing for all Security and Technology Oversight globally.
• Reinforce engineering best practices around secure development and infrastructure.
• Ensure Bridge meets compliance and audit expectations as we scale to more regulated markets.
• Collaborate cross-functionally with engineering, product, and Stripe’s security org to move fast without compromising safety.

About you

You might be a good fit if you:

• Have 8+ years of experience in Security GRC, ideally with time spent in fast-paced startup environments where you’ve built security practices from the ground up.
• Have a startup mindset: you’re scrappy, pragmatic, and move quickly to solve the most critical problems.
• You’re proficient with NIST CSF, OCC’s Cybersecurity Supervision Work Program and/or FFIEC IT Examination Handbook or other similar global frameworks. 
• Proven prior experience with regulatory audits from Global auditors across Security domains.
• Thrive in ambiguity and know how to ruthlessly prioritize.
• Can balance security rigor with speed, especially in fast-moving environments.
• Communicate clearly across technical and non-technical partners.
• Have experience building or scaling security programs, either at a startup or in an embedded role.
• Are excited about the potential of crypto and stablecoins to power global financial infrastructure (you don’t need deep prior knowledge—just curiosity and openness to learn).

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our San Francisco office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our Vancouver office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000 CAD. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our Seattle office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our New York office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our San Francisco office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

About the Role

We are seeking a GRC Automation Lead to join our GRC organization and build the technical foundation for how we scale our risk and compliance programs. In this role, you will lead the team that designs and implements automated workflows, data pipelines, and integrations that transform manual compliance processes into scalable engineering systems. 

This is a greenfield opportunity to establish the team, architecture, and integrations that will define how we approach governance, risk, and compliance at Anthropic. The core challenge is a data problem: compliance information lives across dozens of systems—cloud infrastructure, identity providers, HR platforms, ticketing tools, code repositories—and your job is to design systems that bring it together, normalize it, and make it actionable. Success in this role comes from understanding how systems connect and how data flows between them, not from writing code yourself.

At Anthropic, you'll also have a unique advantage: the ability to design AI-powered workflows where Claude acts as an extension of your team, handling tasks that would traditionally require additional headcount or manual effort. You'll need ingenuity to identify where agentic AI can accelerate evidence collection, interpret unstructured data, triage compliance gaps, and augment human judgment in risk assessments. Working closely with Security, IT, and Engineering teams, you'll translate compliance and regulatory requirements into solutions that support audit programs including SOC 2, ISO, HIPAA, and FedRAMP, building systems that combine traditional automation with AI capabilities to achieve scale that wouldn't otherwise be possible.

Responsibilities: 

• Lead the team that establishes foundational GRC processes and architecture. Design and build automated workflows for risk management and compliance, creating scalable systems that enable continuous monitoring as Anthropic grows.
• Build data pipelines that aggregate risk, control, and asset information from across our technology stack. This means solving hard data integration problems: mapping disparate schemas, handling inconsistent data quality, and creating unified views of compliance posture through dashboards and reporting tools.
• Inform GRC platform strategy and implementation: in partnership with other programs, evaluate, select, and deploy tooling that meets our compliance requirements.
• Translate written policies and compliance requirements into policy-as-code—working with Engineering and Security teams to express requirements as enforceable rules, automated checks, and continuous validation rather than static documents.
• Establish feedback loops between policy and implementation: surface where technical controls diverge from written requirements, identify where policies need to evolve based on infrastructure realities, and ensure that compliance requirements are expressed in terms engineers can act on.
• Design and deploy agentic AI workflows that extend team capacity, using Claude to serve as a virtual GRC analyst to automate evidence analysis, monitor control effectiveness, draft audit responses, interpret policy documents, and handle other tasks that require reasoning over unstructured information.
• Design and maintain integrations connecting GRC tooling with cloud infrastructure, identity management systems, HRIS platforms, ticketing systems, version control, and CI/CD pipelines—working with engineers to implement integrations that enable automated evidence collection and continuous compliance validation.
• Build and lead an AI-forward GRC engineering function as we scale: hiring team members, establishing practices, and defining the technical roadmap for governance and compliance automation at Anthropic.

You may be a good fit if you:

• Have 12+ years of total experience and 3-4+ years of experience managing technical individual contributors or systems-focused teams, with a proven track record of building or scaling small teams (2-5 people) in security, compliance, automation, or operations functions.
• Are a systems thinker first. You understand how complex environments work: how data flows between systems, where integration points exist, what breaks when systems don't talk to each other. Your strength is designing the right architecture and environment for security monitoring, not necessarily implementing it yourself.
• Have 5+ years of experience designing automated workflows, data pipelines, or system integrations, whether through traditional development, low-code platforms, GRC tools, or process automation. We care about your ability to solve integration problems more than your programming language proficiency.
• Have a relentless focus on data integration: you understand how to pull data from multiple sources, normalize it, join it meaningfully, and surface insights. You're comfortable reasoning about messy, inconsistent data and designing systems that handle edge cases gracefully.
• Understand APIs and integration patterns: REST APIs, webhooks, authentication flows, polling vs. push architectures, and can evaluate systems based on how well they expose data and support automation.
• Can work independently with minimal guidance, taking ownership of complex problems from design through implementation while managing ambiguity inherent in early-stage programs.
• Have strong analytical and problem-solving skills with attention to detail necessary for compliance work, balanced with pragmatism about risk-based prioritization in fast-paced environments.

Strong candidates may have:

• Experience designing or implementing AI-powered automation, agentic workflows, or LLM-based tooling in operational contexts.
• Experience with GRC platforms such as ServiceNow GRC, Vanta, Drata, OneTrust, RSA Archer, or similar tools including configuration, customization, and integration capabilities
• Familiarity with scripting languages (Python or similar) for automation tasks, API interactions, and data transformation.
• Prior experience in high-growth startup environments demonstrating ability to build scalable processes and adapt quickly to changing requirements and priorities
• Familiarity with Infrastructure as Code tools (Terraform, CloudFormation, Ansible) and DevSecOps practices including CI/CD pipeline integration and policy-as-code implementations.
• Familiarity with cloud platforms (AWS, GCP, Azure) and an understanding of how compliance-relevant data can be extracted from their APIs and logging systems.

Deadline to apply: None, applications will be received on a rolling basis.

Come work with us:

Metropolitan Commercial Bank (“MCB” or the “Bank”) is a New York City–based, full-service commercial bank providing tailored banking solutions to businesses, institutions, and individuals. Founded in 1999, MCB operates banking centers in Manhattan and Boro Park, Brooklyn, within New York City, as well as in Great Neck on Long Island, New York, and Lakewood, New Jersey. The Bank recently expanded to Miami, Florida with their newest Brickell banking center.

Metropolitan Commercial Bank offers a comprehensive suite of commercial, business, and personal banking products and services to small businesses, middle-market and corporate enterprises, private and public institutions, municipalities, and local government entities.

The Bank has earned national recognition for its financial performance, innovation, and strategic growth. The Bank was named one of Newsweek’s Best Regional Banks in 2024 and 2025. Additionally, MCB recently received Editor’s Choice recognition at the Banking Tech Awards USA for Digital Onboarding & Omnichannel Banking and in 2026, the Bank earned Great Place To Work certification and received the Web Award Standard of Excellence for MCBankNY.com.

We are a client-focused organization that values technological innovation and excellence. A strong technical mindset, AI fluency, and adaptive skills are essential for our employees to effectively contribute to our mission and drive our success. We foster human–AI teaming and strong governance to ensure technology is used responsibly and in alignment with Bank policies and procedures. For more information about the Bank, please visit the Bank’s website at MCBankNY.com.

Position summary:

As the Compliance Ethics & Advisory Lead, you will be responsible for administering the bank’s ethics compliance program. This role ensures the bank operates in compliance with applicable laws and regulations while promoting a strong culture of integrity, customer fairness, and accountability. This position is both strategic and hands-on, working closely with Chief Compliance Officer (CCO), Compliance, Risk, Human Resources, Legal, business lines, and senior management.

You will administer the bank’s conflict of interest program; oversee compliance with regulatory requirements around conflicts of interest including pay-to-play; promote ethical behavior and decision-making across all levels of the organization (“culture of compliance”); manage the ethics reporting process (including anonymous reporting mechanisms); deliver practical, role-based compliance and ethics training to employees; provide day-to-day compliance guidance to frontline staff and management; develop clear, concise communications on regulatory and ethical expectations; oversee processes for employee self-reporting of gifts received, outside business activities, and applicable political contributions; and conduct or support internal investigations into ethics or conduct-related concerns.

You will support the CCO and other Compliance Advisory teams in ensuring the bank’s compliance with banking and consumer protection regulations. You'll support the development and implementation of compliance management system (CMS) strategies within our bank. Your responsibilities will include ensuring implementing strategies to enhance CMS, mitigating risks, enhancing regulatory controls, identifying, and assessing potential risks, and producing detailed risk reports for stakeholders. Additionally, you'll collaborate with members of Compliance and Risk teams and various other departments to further your job objectives. Strong analytical skills, attention to detail, and a thorough understanding of risk management principles are essential for success in this role.

Your role, reporting directly to the Chief Compliance Officer (CCO), will be to lead implementation and management of a comprehensive Ethics Compliance program; and to support the bank in assessing and addressing conflicts and interests, compliance risks, and control gaps. The successful candidate for this role will be a proactive and analytical individual with a solid understanding of Ethics Compliance, ethics, banking and consumer protection regulations, risk management principles, excellent communication skills, and the ability to work collaboratively in a dynamic environment.

Standard 4-day in-office requirement, 1 day remote (of your choosing)

Responsibilities 

• Lead implementation and management of a comprehensive Ethics Compliance program
• Oversee compliance with regulatory requirements around conflicts of interest including pay-to-play
• Promote ethical behavior and decision-making across all levels of the organization
• Manage the ethics reporting process (including anonymous reporting mechanisms)
• Deliver practical, role-based compliance and ethics training to employees
• Provide day-to-day conflicts of interest compliance guidance to frontline staff and management
• Develop clear, concise communications on regulatory and ethical expectations
• Oversee employee self-reporting of gifts received, outside business activities, and applicable political contributions
• Conduct or support internal investigations into ethics or conduct-related concerns
• Support assessment and addressing compliance risks and control gaps across business lines with applicable banking and consumer protection regulations such as Reg B, Reg C, Reg CC, Reg DD, Reg Z, UDA(A)P, Fair Lending
• Develop and implement standard Ethics Compliance and other reporting for Regulators, Board, and management committees
• Support Compliance with audits and exams including timely and quality responses to information requests from auditors and examiners
• Perform any ad hoc initiatives as requested by the Chief Compliance Officer
• Highly visible role with regulator interaction with senior management

Qualifications & Skills:

• Bachelor's degree in business, finance, compliance, risk management, or a related field. Advanced degree or professional certification (e.g., CRCM, CCEP) is preferred.
• 10+ years of experience in ethics compliance, consumer compliance, enterprise risk management, or related roles within a banking environment and/or consulting.
• Experience of interacting with regulators and responding to audit and exam requests.
• Proficiency in compliance and risk management principles, methodologies, and frameworks.
• Strong analytical skills with the ability to gather, analyze, and interpret complex data.
• Familiarity with compliance risk management software and tools (e.g., GRC platforms).
• Curiosity and interest in learning and adapting new and emerging technologies including AI.
• Excellent written and verbal communication skills, with the ability to convey complex risk concepts in a clear and concise manner.
• Strong presentation skills, including the ability to present findings and recommendations to senior leadership.
• Ability to collaborate effectively with cross-functional teams and build relationships with stakeholders at all levels of the organization.
• Strong project management skills, with the ability to prioritize tasks, meet deadlines, and manage multiple projects simultaneously.
• Meticulous attention to detail and accuracy when analyzing data, preparing reports, and documenting risk management processes.
• Knowledge of Federal Reserve, New York State Department of Financial Services and Consumer Financial Protection Bureau rules and regulations.
• Knowledge of banking regulations and regulatory frameworks, including but not limited to Dodd-Frank Act, and consumer protection laws. Knowledge of requirements for banks exceeding the $10 billion asset threshold.
• Strong analytical skills with the ability to interpret emerging risks and issues, and trends in Key Risk Indicator data in order to escalate any negative trends to senior management.
• Detail-oriented and organized, with the ability to manage multiple priorities and deadlines in a fast-paced environment.
• Sound judgment and decision-making skills, with the ability to balance regulatory requirements with business objectives and risk considerations.
• Driven by a passion and curiosity to continuously learn how various technological systems, including AI, can enhance the work that you do.

Potential Salary: $150,000- $215,000 annually

This salary range reflects base wages and does not include benefits, bonus, or incentive pay. Salary bands are purposefully wide ranging to encompass the different factors considered in determining where a candidate falls in the range, including but not limited to, seniority, performance, experience, education, and any other legitimate, non-discriminatory factor permitted by law. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed here.

Metropolitan Commercial Bank provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

The Strategic Account Director position is responsible for developing and managing Accounts designated as Global Accounts and maximizing all sales opportunities within those accounts. More specifically, this position will be charged with promoting and selling KnowBe4’s products and services, with the objective to achieve and exceed monthly sales quota. This can be achieved by targeting your book of business and maximizing cross sale opportunities, increasing subscription levels and adding on additional seats due to account growth. This role will work closely with the assigned customer account teams including the Customer Success Manager and other Account Executives/Managers as necessary to ensure increased ARR and more product suite adoption and coordinate any territory specific deals relating to their global accounts.

Responsibilities:

• Promote and sell KnowBe4’s range of products and services.
• Build and maintain a pipeline of potential customers by developing and managing relationships with prospects.
• Build and maintain a pipeline of potential cross sale, add-on and upgrade opportunities by developing and managing relationships with your assigned customer accounts.
• Identify key decision makers and develop meaningful relationships that add value and drive future account growth. 
• Articulate the value proposition of KnowBe4’s full suite of products and help the customer understand how it will improve their business’s security awareness training (and security overall).
• Achieve or exceed monthly quotas and/or targets. 
• Be well versed in KnowBe4’s product offerings and promote the products and services at trade shows as requested.
• Follow up on marketing leads to generate sales opportunities and pipeline.
• Act strategically in offering or negotiating discounted pricing, in line with established policies and procedures.
• Maintain accurate and thorough records for customer calls, emails, notes, tasks, demos and other relevant information in compliance with the Administration Policy.
• Support in the renewal process where there is an opportunity to grow the account.
• Work with those Customer Success Managers and Renewal Specialists assigned to your customer accounts to the end of your customers increasing their commitment and use of the KnowBe4 Product Suite. 
• Partner with KnowBe4 Revenue teams on methods/ strategies to achieve increased account penetration of Global accounts.  
• Global Account Mapping.
• Traveling to meet on-site with C-Levels and other Executives for their assigned accounts.

Minimum Qualifications:

• Bachelor's Degree strongly preferred (exceptions may be made for military experience). Degree in any field acceptable, but a plus if Cybersecurity, Computer Science, IT, Business, Marketing. 
• Proven track record selling to EVP and C-level (CISOs and Security Teams a plus)
• 5+ years SaaS sales experience (Cybersecurity preferred but not required)
• Experience selling deals $100K - $200K in the Enterprise segment
• Experience selling multi-year deals
• International: English and local language proficiency required.
• Has demonstrated expertise in value-based selling methodologies with enterprise accounts
• Executive-level presentation and communication skills 
• Experience with strategic account planning and management showing measurable account growth
• Experience managing and progressing opportunities involving multiple stakeholders
• Has a track record of managing and closing complex, multi-year deals with multiple stakeholders
• Experience creating and communicating compelling business cases 
• Experience with consultative selling approach and value selling methodology
• Experience handling technical objections
• Skilled in running discovery conversations and managing tailored product demonstrations 
• Technical aptitude with experience using sales tools 
• Experience with CRM systems (preferably Salesforce)
• Experienced with pipeline management & accurate forecasting
• Familiarity with standard concepts, practices and procedures within the IT Security Field
• Experience with Salesforce and Gmail
• Network or Security Plus preferred
• Achievement in demanding extracurricular activities (e.g., debate team captain, entrepreneurial ventures)
• Self-motivated with a growth mindset and continuous learning orientation 
• Strong competitive spirit balanced with collaborative approach 
• Demonstrated interest in cybersecurity sales
• Consistently positive attitude even in the face of adversity
• Quick learner with strong listening skills
• Strong written and verbal communication skills, with previous presentation experience
• Excellent phone presence and professional demeanor 
• Time management and organizational skills 
• Ability to handle rejection and maintain persistence
• Stats driven business professional
• Motivated, energetic self-starter
• Strong collaborative and teamwork skills
• Must be able to work with minimum supervision
• General understanding of:
• Human Risk Management & challenges faced by IT / InfoSec Teams / Compliance & Board Members
• Basic network and email security concepts
• SIEM/SOAR platforms
• Zero Trust Architecture
• Cloud security architecture
• Phishing attack vectors 
• Identity & Access Management 
• Security orchestration and automation
• General understanding of Security Technology Stack: 
• Enterprise IAM solutions (Okta, Ping, Azure AD) 
• SIEM platforms (Splunk, QRadar, LogRhythm) 
• EDR platforms (CrowdStrike, Carbon Black, SentinelOne) 
• Cloud security (AWS Security Hub, Azure Security Center) 
• Email security solutions 
• GRC platforms
• Genuine curiosity and strong desire to learn about cybersecurity and technical concepts
• Basic computer literacy and comfort with business applications
• Ability to quickly grasp and explain basic technical concepts
• Ability to translate complex topics into simple terms
• Interest in keeping up with current technology and cybersecurity trends
• Proven track record of grit and resilience in challenging situations, with high performance under pressure 
• Collegiate athlete or competitive sports background demonstrating rigorous discipline, teamwork, dedication, and competitive spirit
• History of setting and achieving ambitious personal or professional goals
• Track record of leadership in team settings

The compensation for this position ranges from $250,000-$270,000 including base, bonuses and commissions. For more details, click here www.know www.knowbe4.com/careers/know-your-pay/enterprise-sales

New York positions open to candidates located in the New York area.

The Account Manager (Enterprise/Strategic) position is responsible for managing assigned customer accounts and maximizing all sales opportunities within those accounts. More specifically, this position will be charged with promoting and selling KnowBe4’s additional products and services to businesses (organizations with 1501+ employees), with the objective to achieve and exceed monthly sales quota. This can be achieved by targeting your book of business and maximizing cross sale opportunities, increasing subscription levels and adding on additional seats due to account growth. This role will work closely with the Customer Success Manager to ensure increased ARR and more product suite adoption by our customers.

Responsibilities:

• Promote and sell KnowBe4’s range of products and services
• Build and maintain a pipeline of potential cross sale, add-on and upgrade opportunities by developing and managing relationships with your assigned accounts
• Identify key decision makers while developing and qualifying cross sale, add-on and upgrade opportunities
• Articulate the value proposition of KnowBe4’s full suite of products and help the customer understand how it will improve their business’s security awareness training (and security overall)
• Achieve or exceed monthly quotas and/or targets 
• Be well versed in KnowBe4’s product offerings and promote the products and services at trade shows as requested
• Follow up on marketing leads to generate sales opportunities and pipeline
• Act strategically in offering or negotiating discounted pricing, in line with established policies and procedures
• Maintain accurate and thorough records for customer calls, emails, notes, tasks, demos and other relevant information in compliance with the Administration Policy
• Support in the renewal process where there is an opportunity to grow the account
• Work with those Customer Success Managers and Renewal Specialists assigned to your customer accounts to the end of your customers increasing their commitment and use of the Knowbe4 Product Suite

Minimum Qualifications:

• Bachelor's Degree strongly preferred (exceptions may be made for military experience). Degree in any field acceptable, but a plus if Cybersecurity, Computer Science, IT, Business, Marketing.
• Proven track record selling to EVP and C-level (CISOs and Security Teams a plus)
• 5+ years SaaS sales experience (Cybersecurity preferred but not required)
• Experience selling deals $500K+ in the Enterprise segment
• Experience selling multi-year deals
• International: English and local language proficiency required.
• Has demonstrated expertise in value-based selling methodologies with enterprise accounts
• Executive-level presentation and communication skills 
• Experience with strategic account planning and management showing measurable account growth
• Experience managing and progressing opportunities involving multiple stakeholders
• Has a track record of managing and closing complex, multi-year deals with multiple stakeholders
• Experience creating and communicating compelling business cases 
• Experience with consultative selling approach and value selling methodology
• Experience handling technical objections
• Skilled in running discovery conversations and managing tailored product demonstrations 
• Technical aptitude with experience using sales tools 
• Experience with CRM systems (preferably Salesforce)
• Experienced with pipeline management & accurate forecasting
• Familiarity with standard concepts, practices and procedures within the IT Security Field
• Experience with Salesforce and Gmail
• Network or Security Plus preferred
• Proven track record of grit and resilience in challenging situations, with high performance under pressure 
• Collegiate athlete or competitive sports background demonstrating rigorous discipline, teamwork, dedication, and competitive spirit
• History of setting and achieving ambitious personal or professional goals
• Track record of leadership in team settings
• Demonstrated interest in cybersecurity sales
• Quick learner with strong listening skills
• Strong written and verbal communication skills, with previous presentation experience
• Excellent phone presence and professional demeanor 
• Time management and organizational skills 
• Ability to handle rejection and maintain persistence
• Stats driven business professional
• Motivated, energetic self-starter
• Strong collaborative and teamwork skills
• Must be able to work with minimum supervision
• Must have a General understanding of:
  • Human Risk Management & challenges faced by IT / InfoSec Teams / Compliance & Board Members
  • Basic network and email security concepts
  • SIEM/SOAR platforms
  • Zero Trust Architecture
  • Cloud security architecture
  • Phishing attack vectors 
  • Identity & Access Management 
  • Security orchestration and automation
• General understanding of Security Technology Stack:
  • Enterprise IAM solutions (Okta, Ping, Azure AD) 
  • SIEM platforms (Splunk, QRadar, LogRhythm) 
  • EDR platforms (CrowdStrike, Carbon Black, SentinelOne) 
  • Cloud security (AWS Security Hub, Azure Security Center) 
  • Email security solutions 
  • GRC platforms
• Genuine curiosity and strong desire to learn about cybersecurity and technical concepts
• Basic computer literacy and comfort with business applications
• Ability to quickly grasp and explain basic technical concepts
• Ability to translate complex topics into simple terms
• Interest in keeping up with current technology and cybersecurity trends
• Proven track record of grit and resilience in challenging situations, with high performance under pressure 
• Collegiate athlete or competitive sports background demonstrating rigorous discipline, teamwork, dedication, and competitive spirit
• History of setting and achieving ambitious personal or professional goals
• Track record of leadership in team settings

The compensation for this position ranges from $200,000-$210,000 including base, bonuses and commissions. For more details, click here www.know www.knowbe4.com/careers/know-your-pay/enterprise-sales

We will accept applications until 2/27/2026.

The Information Security Risk Team at MongoDB is the operational engine of the internal and third-party risk programs. Situated within the Assurance, Risk, and Compliance (ARC) organization, the team is responsible for the "Reduction of Uncertainty" across the enterprise. We view this team as the "Operational Commander" of the risk function. The team oversees the entire lifecycle of risk identification, assessment, and treatment, ensuring that MongoDB’s leadership has a clear, quantified view of the top risks facing the organization. We are not just a compliance function; we are a "Risk Intelligence" unit that empowers the business to "Think Big" while keeping our eyes wide open to the risks we accept.

As the Senior Information Risk Analyst, you will serve as the subject matter expert and primary executor of our risk function. Reporting directly to the Risk Director, you will be responsible for conducting and owning the lifecycle of internal security assessments (annual + ad-hoc), applying risk methodology, producing risk memos and working with asset/risk owners across the business that powers MongoDB’s growth. This is a pivotal moment for our Risk function as we scale operations to meet the demands of a $100B+ database market while navigating an increasingly rigorous regulatory landscape (DORA, FedRAMP, NIS2).

This role can be based out of our Dublin office or remotely in Ireland. 

Responsibilities

Program Maturity

• Risk Assessment Methodology Implementation: Lead the strategic roadmap to integrate the risk matrix into the risk framework
• Regulatory Governance: Ensure the risk program complies with global regulations, specifically DORA (EU) regarding ICT registers and FedRAMP Rev 5 supply chain controls Maintain the Supply Chain Risk Management (SCRM) plan and oversee strict boundary protections for the "Atlas for Government" environment
• Policy & Procedure Ownership: Maintain the Information Risk Management Procedure (ISQMS), ensuring that risk identification, assessment, and treatment processes are documented, updated annually, and followed consistently across the organization

Operational Execution

• Experience conducting technical security risk assessments (infrastructure, cloud, application-level). Including experience in evaluating control effectiveness through technical evidence (configurations, logs, architecture diagrams)
• Workflow Orchestration: Own the end-to-end risk assessment process
• Inherent Risk Scoring: Validate the team’s application of the Risk Scoring formula.   Apply the risk scoring formula for baseline scores based on breach history (last 12 months) and weighted impact
• Ensure the risk acceptance process has the right level of information and the appropriate stakeholders
• Ticket Hygiene: Actively manage the Jira backlog to prevent "frozen tickets”

Monitoring and Reporting

• Conduct annual enterprise security risk assessments and ad-hoc assessments as triggered by material changes, incidents, or new initiatives
• Identify risk scenarios for the in-scope assets by working with the asset and risk owners
• Assess the inherent risk and residual risk based on established risk assessment methodology and control assessments
• Synthesize the analysis into high-quality, Risk Assessment Memos. These documents must tell a cohesive story, moving from the "Risk Statement" to the "Calculation Logic" to the final "Risk Rating"
• Manage the risk acceptance process in JIRA, review for appropriateness and accuracy
• Maintain the Risk Management Dashboard and report on accurate risk metrics

Requirements

• Professional Experience: 10+ years of experience in Information Security, Governance, Risk & Compliance (GRC)
• Hands-on experience conducting enterprise-level security risk assessments end-to-end, including scoping, threat modeling, control evaluation, and executive reporting
• Evaluate control effectiveness using technical evidence (configs, logs, architecture diagrams)
• Perform threat modeling using established methodologies (STRIDE, MITRE ATT&CK)
• Deep operational understanding of risk assessment methodologies (NIST SP 800-30) and standard control frameworks (NIST CSF, NIST SP 800-53, ISO 27001, SOC 2, SIG Core/Lite, CAIQ)
• Regulatory Knowledge: Comprehensive knowledge of DORA, NIS2, FedRAMP Rev 5 (specifically Supply Chain/SCRM), GDPR, and PCI-DSS requirements
• Ability to write executive-level risk reports that translate technical flaws into business risks
• A strong track record of collaborating effectively across teams and levels to influence change
• Education: Bachelor’s degree in a relevant field (Cybersecurity, Business, Information Systems)
• Certifications: CRISC, CCSP, CISSP, CISA, relevant cloud certifications

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB is an equal opportunities employer.

Req ID: 1273387742

Description:

The Assurance, Risk, and Compliance (“ARC”) Initiatives team at MongoDB owns the strategy, governance, and delivery of our most critical cross-functional risk and compliance initiatives. We design and execute programs that support compliance audits, risk assessments, employee awareness and enablement, and the implementation of common control frameworks, along with consistent operating cadences that align key stakeholders, accelerate decision making, and drive the execution of initiatives that reinforce MongoDB’s assurance, risk management, and compliance objectives. We define and track key metrics and deliver clear and timely, executive reporting to provide transparency, measure progress, and ensure lasting operational resilience and governance.

We serve as the central coordination point for ARC-wide initiatives, connecting Product, Engineering, Security, and Legal teams around clear priorities, milestones, and outcomes. Our focus is on building scalable governance structures, defining decision-making frameworks, and establishing repeatable ways of working so that complex efforts can be executed consistently across the team.

The Policy Program Manager is a mid-to-senior level individual contributor role responsible for leading the development and operationalization of policies and procedures aligned to established control frameworks. You will drive end-to-end ownership of policy lifecycle management, from drafting and review through implementation and ongoing maintenance, while coordinating inputs across teams to ensure accuracy, consistency, and adoption. Additionally, you will lead documentation standardization efforts, facilitate stakeholder reviews, and perform gap analyses to continuously strengthen and mature our ARC policy framework.

Responsibilities:

• Lead the end-to-end execution of company-wide compliance programs, including the annual security policy and procedure review cycle
• Design and implement scalable frameworks for policy lifecycle management (creation, review, approval, publication, and retirement)
• Establish standards, templates, and governance processes to ensure consistency and clarity across all compliance documentation
• Maintain a centralized, audit-ready repository for policies, procedures, and supporting artifacts
• Act as the primary point of contact for cross-functional teams (HR, Legal, Engineering, Product)
• Drive alignment, gather inputs, and ensure timely completion of policy updates and compliance deliverables
• Ensure policies and procedures align with regulatory, security, and internal control requirements
• Support internal and external audits by maintaining complete, accurate, and accessible documentation
• Translate audit findings and regulatory changes into actionable policy program updates
• Maintain the integrity of project-specific Jira boards and Confluence pages. Ensure all project artifacts are organized, up-to-date, and ready for leadership review or external audit
• Develop and maintain dashboards to report on program health, completion rates, and obstacles. Present status updates and metrics to leadership
• Evaluate existing program workflows and implement improvements to increase efficiency, reduce manual effort, and improve the stakeholder experience

Requirements:

• 5-8 years of program management experience, ideally within an Information Security or high-growth technology environment
• Experience creating and managing policy and procedure programs or governance frameworks
• Deep understanding of security and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, NIST CSF)
• Strong proficiency in managing full-lifecycle projects, including scoping, planning, risk mitigation, and change control
• Advanced experience with Jira and Confluence, including the ability to build custom dashboards and manage complex documentation repositories
• Maintain and support a GRC/policy management platform to ensure consistent policy administration and system usability
• Excellent interpersonal skills with the ability to hold cross-functional stakeholders accountable to deadlines in a professional and effective manner
• Exceptional attention to detail and the ability to manage multiple overlapping priorities without losing sight of milestones
• A proactive, self-directed approach to work. You enjoy taking ownership of a program and building the structure necessary for its success

Responsibilities & Expectations

• You are expected to be the owner of your assigned programs. While you will work closely with technical SMEs, you are responsible for the logistical success of the workstream. Your success is measured by the timely completion of program goals, the clarity of your reporting, and your ability to anticipate and resolve project bottlenecks
• You don't just track tasks; you own the success of the program

Scope & Complexity

• The scope is horizontal and impacts multiple departments across MongoDB
• Managing complex programs that require coordination with various business units, ensuring that project delays in one area do not derail the overall compliance roadmap

Authority & Impact

• You have the authority to manage the timelines and execution steps of your assigned programs
• Your impact is reflected in the strength of policy program management and organizational readiness you drive; by overseeing and coordinating these workstreams, you ensure the Compliance team consistently meets foundational policy requirements and aligns with external audit expectations

Expertise

• You will develop deep expertise in compliance and audit operations
• You will become the go-to resource for designing, scaling, and executing policy and compliance programs within a cloud-first organization. This role is responsible for independently and collaboratively developing and managing policies and procedures, with a strong understanding of compliance frameworks and the ability to interpret and operationalize control requirements

Leadership

• Leadership in this role is demonstrated through influence and mentorship. While you may not have direct reports, you will guide cross-functional teams in developing and standardizing policies/supporting documentation, as well as provide mentorship on policy governance, standardized documentation practices, and compliance alignment

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

REQ ID: 1273402887

The Compliance team at MongoDB manages the strategy, execution, and maintenance of our global security certifications and regulatory requirements. We ensure that our cloud database products meet the rigorous security standards required by our customers in the most highly regulated industries worldwide.

We act as the primary interface between external auditors and our internal Product, Engineering, and Legal teams. Our goal is to translate complex regulatory requirements into scalable operational processes, maintaining a compliant and audit-ready posture across our diverse portfolio.

The Program Manager / Senior Analyst is a mid-to-senior level individual contributor role responsible for leading high-stakes audits and specialized compliance workstreams. Unlike the Analyst level, this role takes full ownership of complex international frameworks—such as IRAP and ENS High—and manages the relationship with our Financial Services customers during audit deep-dives. You will lead internal audit cadences and perform gap analyses for new market expansions.

Responsibilities:

• Lead the end-to-end execution of specialized external audits (e.g., ENS High, IRAP, ISO 22301) and coordinate all phases from initial scoping to final certification
• Serve as the lead point of contact for Financial Services customer audits, facilitating meetings, responding to security questionnaires, and defending our control environment to external stakeholders
• Lead internal audit cadences and drive the POA&M tracking process, ensuring technical teams remediate findings within required SLAs
• Map new regulatory requirements to our central control framework, performing gap analyses to identify where existing controls can be leveraged for new certifications
• Conduct NIST CSF or similar maturity assessments to monitor the effectiveness of the Compliance Program and report findings to team leads
• Author and review customer-facing security documentation, ensuring it accurately reflects our technical controls and architectural guardrails
• Partner with Engineering and Product leads to implement compliance-by-design, ensuring future product roadmaps align with global regulatory shifts

Requirements:

• 7+ years in GRC, Information Security, or IT Audit, specifically within a high-growth SaaS/Cloud environment
• Deep understanding of cloud security principles (AWS/GCP/Azure) and a proven track record leading technical audits for ISO 27001, SOC 2, or ENS High
• Solid grasp of audit processes, terminology, and risk assessment standards. Certifications such as CISA, CRISC, CISSP, or ISO Lead Implementer are highly preferred
• Exceptional ability to lead meetings with external customers and auditors, translating technical complexities into business risk and compliance assurance
• Advanced proficiency in Jira for tracking control performance data and managing high-volume remediation workflows
• Practical experience performing gap analyses and maturity assessments at an enterprise level

Responsibilities & Expectations

• You are expected to be a subject matter expert who can operate with minimal supervision
• You don't just track tasks; you own the success of the program
• You are expected to navigate complex audit negotiations with external parties and drive internal technical teams toward compliance milestones without disrupting innovation

Scope & Complexity

• The scope is international and technically diverse. You will manage overlapping audit cycles across different global jurisdictions (e.g., Spain, Australia, US) and complex industry sectors
• You are responsible for identifying how a single technical control can satisfy multiple global regulatory requirements simultaneously

Authority & Impact

• You have the authority to lead audit engagements and represent MongoDB’s security posture to sophisticated Financial Services customers
• Your impact is direct: by securing and maintaining these certifications, you enable our sales organization to close enterprise-level deals in highly regulated markets

Expertise

• You will be recognized as an expert in implementing our Common Controls Framework
• You move beyond general compliance to become a specialist in how MongoDB’s architecture satisfies specific, high-bar standards like IRAP and ENS High. You are the go-to for mapping technical evidence to regulatory intent

Leadership

• Leadership in this role is demonstrated through influence and mentorship. While you may not have direct reports, you lead cross-functional project teams through intense audit cycles and mentor junior analysts on audit methodology, documentation standards, and professional communication

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

REQ ID: 1273402295

The Program Manager / Senior Analyst (Public Sector) is a senior-level individual contributor role responsible for the lifecycle management of our most sensitive US government authorizations. This role acts as a lead for high-stakes workstreams involving FedRAMP High, DoD IL5+, CJIS, and ITAR. Unlike the Analyst level, this role takes full ownership of complex federal assessments and leads the continuous monitoring strategy for our Atlas for Government product. This role is a key resource for interpreting NIST 800-53 controls and translating them into technical requirements for our engineering teams.

Responsibilities:

• Lead the end-to-end execution of federal assessments, coordinating with Third Party Assessment Organizations (3PAOs), agency sponsors, and the FedRAMP PMO
• Manage the federal continuous monitoring (ConMon) program, including the timely analysis and reporting of vulnerabilities and the maintenance of the POA&M
• Lead the annual update and technical review of core FedRAMP artifacts, including the System Security Plan (SSP), Contingency Plan (ISCP), and Incident Response Plan (IRP)
• Act as a technical advisor to Engineering and Operations teams to ensure cloud configurations (e.g., FIPS 140-2/140-3, boundary protection, and access control) meet federal and DoD IL5+ mandates
• Perform deep-dive gap analyses for new public sector requirements (such as CMMC or GovRAMP) and define the roadmap for technical remediation
• Directly support federal sales efforts by serving as a subject matter expert during customer security reviews and explaining our technical compliance posture to agency stakeholders
• Create and maintain high-impact Jira dashboards and presentations to provide leadership with visibility into public sector compliance health and project milestones

Requirements:

• 5+ years in GRC, Technical Writing, or IT Audit, with a heavy focus on US Public Sector frameworks (FedRAMP, DoD SRG, CJIS)
• Deep understanding of NIST 800-53 and NIST 800-171 controls and how they are implemented within cloud architectures (AWS, GCP, or Azure)
• Proven track record of managing federal audits from kickoff through to the issuance of an Authorization to Operate (ATO)
• Exceptional ability to explain complex security configurations to government auditors and internal technical teams
• Advanced proficiency in Jira and Confluence to track control performance data and manage large-scale federal documentation projects
• US Citizenship is required for this role.

Responsibilities & Expectations:

• You are expected to be the primary driver of public sector compliance initiatives
• You move beyond simple task tracking to understand the intent behind federal requirements, ensuring our technical implementation is both compliant and efficient
• You are expected to maintain the highest level of confidentiality and integrity due to the sensitivity of government data

Scope & Complexity:

• The scope is deeply technical and specialized for the US Federal, State, and Local Government markets
• You will navigate the complexity of mapping shared controls across multiple specialized frameworks, ensuring a single remediation effort satisfies FedRAMP, CJIS, and ITAR requirements simultaneously

Authority & Impact:

• This role has the authority to lead federal assessment project streams and represent MongoDB in technical reviews with 3PAOs and federal agencies
• Your work directly enables MongoDB to secure and maintain the authorizations required to serve the Department of Defense and civilian agencies, protecting a critical revenue stream

Expertise:

• You will be recognized as a subject matter expert in public sector cloud security requirements and their implementation in SaaS environments
• You bridge the gap between high-level policy and technical engineering, becoming the go-to resource for how MongoDB Atlas for Government meets the most stringent federal mandates

Leadership:

• Leadership in this role is demonstrated through technical ownership and mentorship. You will lead cross-functional project teams through intense authorization cycles and mentor junior analysts on the nuances of NIST 800-53 and federal audit methodology

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Req ID: 1273396370

The Information Security Risk Team at MongoDB is the operational engine of the internal and third-party risk programs. Situated within the Assurance, Risk, and Compliance (ARC) organization, the team is responsible for the "Reduction of Uncertainty" across the enterprise. We view this team as the "Operational Commander" of the risk function. The team oversees the entire lifecycle of risk identification, assessment, and treatment, ensuring that MongoDB’s leadership has a clear, quantified view of the top risks facing the organization. We are not just a compliance function; we are a "Risk Intelligence" unit that empowers the business to "Think Big" while keeping our eyes wide open to the risks we accept.

As the Senior Information Risk Analyst, you will serve as the subject matter expert and primary executor of our risk function. Reporting directly to the Risk Director, you will be responsible for conducting and owning the lifecycle of internal security assessments (annual + ad-hoc), applying risk methodology, producing risk memos and working with asset/risk owners across the business that powers MongoDB’s growth. This is a pivotal moment for our Risk function as we scale operations to meet the demands of a $100B+ database market while navigating an increasingly rigorous regulatory landscape (DORA, FedRAMP, NIS2).

This role can be based remotely in the United States.

Responsibilities

Program Maturity

• Risk Assessment Methodology Implementation: Lead the strategic roadmap to integrate the risk matrix into the risk framework
• Regulatory Governance: Ensure the risk program complies with global regulations, specifically DORA (EU) regarding ICT registers and FedRAMP Rev 5 supply chain controls. Maintain the Supply Chain Risk Management (SCRM) plan and oversee strict boundary protections for the "Atlas for Government" environment
• Policy & Procedure Ownership: Maintain the Information Risk Management Procedure (ISQMS), ensuring that risk identification, assessment, and treatment processes are documented, updated annually, and followed consistently across the organization

Operational Execution

• Experience conducting technical security risk assessments (infrastructure, cloud, application-level). Including experience in evaluating control effectiveness through technical evidence (configurations, logs, architecture diagrams)
• Workflow Orchestration: Own the end-to-end risk assessment process
• Inherent Risk Scoring: Validate the team’s application of the Risk Scoring formula.   Apply the risk scoring formula for baseline scores based on breach history (last 12 months) and weighted impact
• Ensure the risk acceptance process has the right level of information and the appropriate stakeholders
• Ticket Hygiene: Actively manage the Jira backlog to prevent "frozen tickets”

Monitoring and Reporting

• Conduct annual enterprise security risk assessments and ad-hoc assessments as triggered by material changes, incidents, or new initiatives
• Identify risk scenarios for the in-scope assets by working with the asset and risk owners
• Assess the inherent risk and residual risk based on established risk assessment methodology and control assessments
• Synthesize the analysis into high-quality, Risk Assessment Memos. These documents must tell a cohesive story, moving from the "Risk Statement" to the "Calculation Logic" to the final "Risk Rating"
• Manage the risk acceptance process in JIRA, review for appropriateness and accuracy
• Maintain the Risk Management Dashboard and report on accurate risk metrics

Requirements

• Professional Experience: 10+ years of experience in Information Security, Governance, Risk & Compliance (GRC)
• Hands-on experience conducting enterprise-level security risk assessments end-to-end, including scoping, threat modeling, control evaluation, and executive reporting
• Evaluate control effectiveness using technical evidence (configs, logs, architecture diagrams)
• Perform threat modeling using established methodologies (STRIDE, MITRE ATT&CK)
• Deep operational understanding of risk assessment methodologies (NIST SP 800-30) and standard control frameworks (NIST CSF, NIST SP 800-53, ISO 27001, SOC 2, SIG Core/Lite, CAIQ)
• Regulatory Knowledge: Comprehensive knowledge of DORA, NIS2, FedRAMP Rev 5 (specifically Supply Chain/SCRM), GDPR, and PCI-DSS requirements
• Ability to write executive-level risk reports that translate technical flaws into business risks
• A strong track record of collaborating effectively across teams and levels to influence change
• Education: Bachelor’s degree in a relevant field (Cybersecurity, Business, Information Systems)
• Certifications: CRISC, CCSP, CISSP, CISA, relevant cloud certifications

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Req ID: 1273387742

What You’ll Do:

CoreWeave’s Security Organization ensures that technology systems and processes meet the highest standards of internal controls, audit readiness, and regulatory compliance. The team partners across finance, engineering, DevOps, and security to manage risk, drive process improvements, and maintain alignment across stakeholders.

About the role:
As the SOX IT Lead, you will own and execute the technology- and product-related components of CoreWeave’s SOX 404 compliance program. You will assess new products and engineering changes for compliance, implement and monitor controls, and partner closely with engineering, security, DevOps, and finance teams. Your day-to-day responsibilities include testing high-risk controls, performing root cause analysis for control failures, driving remediation, and continuously improving the SOX program as CoreWeave’s products and risk profile scale.

Some of what you’ll work on:

• Lead the end-to-end SOX program for technology and product systems, including onboarding, risk assessments, and control design for new features and significant engineering changes.
• Identify SOX risks and key controls; maintain the RCM and oversee ITGCs and ITACs design and operating effectiveness.
• Collaborate with Product, Engineering, DevOps, IT, Finance, and Internal Audit to align on risk, controls, and launch readiness.
• Review control designs prior to go-live to ensure early identification and mitigation of SOX risks.
• Conduct rigorous testing of high-risk controls, including access management, change management, and data integrity.
• Lead root cause analysis for control failures and incidents; implement and validate remediation plans to ensure sustainable solutions.
• Track and resolve control issues, identify systemic gaps, and drive durable improvements to prevent recurrence.
• Serve as the primary liaison to Internal and External Audit on technology- and product-related SOX matters.
• Continuously improve the SOX program through metrics, automation, and monitoring.

Who You Are:

• 8–15+ years of experience in SOX, IT Compliance, or Security GRC, ideally in a public-company SaaS environment.
• Deep hands-on experience with SOX 404 control design, testing, issue management, and audit readiness.
• Proven track record of supporting product and engineering organizations.
• Strong understanding of ITGCs, application controls, and risk assessments.
• Hands-on, strategic, and execution-focused; able to thrive in fast-paced and evolving environments.
• Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field.
• CISA or similar certification is a plus.

Wondering if you’re a good fit? We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match. Here are a few qualities we’ve found compatible with our team. If some of this describes you, we’d love to talk.

• Strong knowledge of Identity and Access Management (IAM) and change management/SDLC controls.
• Familiarity with cloud and SaaS control environments (AWS, GCP, Azure, major SaaS platforms).
• Experience analyzing system logic, configurations, and automated workflows.
• Hands-on experience implementing or operating ITGCs and/or ITACs.
• Deep understanding of SOX requirements and financial reporting risks.
• Ability to distinguish key controls from non-key controls and prepare audit documentation.

Familiarity with core financial processes is a plus:

• Order-to-cash, Procure-to-pay, Record-to-report.
• Understanding of financial statement assertions (accuracy, completeness, cutoff, valuation).

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast!  We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values: 

• Be Curious at Your Core
• Act Like an Owner
• Empower Employees
• Deliver Best-in-Class Client Experiences
• Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems. As we get set for takeoff, the organization's growth opportunities are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us!

The base salary range for this role is $143,000 to $237,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility). 

Hudson River Trading (HRT) is seeking a Security Governance, Risk, and Compliance Lead to join our growing Information Security team. This role will lead security governance programs for HRT entities based in America, Europe, and Asia, and will work directly on automating security governance at scale.

In this hands-on role, you will liaise closely with HRT’s Compliance and Legal teams to research, build, and maintain security solutions for a diverse set of industry regulations and requirements. You’ll lead a technical team responsible for owning and strategically ensuring HRT’s compliance with global security regulations, helping to equip HRT to enter new markets with increasingly complicated regulatory needs. 

Responsibilities

• Manage and lead a team of security GRC engineers
• Perform internal and external security control assessments using industry standard frameworks such as NIST and CIS
• Conduct threat modeling and risk assessments
• Create and maintain security and compliance policies, standards, and guidelines
• Track regulatory security compliance obligations worldwide
• Work with cross-functional teams on program management to meet security and compliance KPIs
• Define critical success factors and KPIs to ensure firm-wide security compliance and security goals are met according to standards-based frameworks
• Monitor KPIs and create dashboards for real-time reports and board presentations
• Collect and analyze business metrics and build dashboards for reporting through data engineering
• Support the automation and governance of HRT’s critical security controls, encompassing:
• Vendor risk management
• Penetration testing
• Access management
• Ensure timely and accurate responses to requests for company data in collaboration with Compliance and Legal 

Qualifications

• 7+ years of experience in cybersecurity risk and/or compliance with significant experience at a company in a heavily regulated industry
• Software development and/or scripting experience, preferably in Python or Go
• Familiarity with standards-based security frameworks such as CIS, NIST-CSF, FedRAMP, or ISO
• Data analysis skills leveraging SQL, Elastic, OSQuery, and Prometheus preferred
• Experience building strong cross-functional relationships and working across multiple teams, both technical and non-technical
• Experience with Linux and comfortability on the command line (Debian is a huge plus!)
• Familiarity with financial industry regulations
• CISSP, CISM, or a similar certification is a plus

The estimated base salary range for this position is 200,000 to 300,000 USD per year (or local equivalent). The base pay offered may vary depending on multiple individualized factors, including location, job-related knowledge, skills, and experience. This role will also be eligible for discretionary performance-based bonuses and a competitive benefits package.

The Customer Success Manager II is responsible for driving long-term success and growth across a strategic portfolio of enterprise customers. This role serves as the primary business partner and trusted advisor to senior stakeholders, ensuring an exceptional customer experience, strong net revenue retention, high product adoption, and advocacy.

As the key point of contact for Diligent’s solutions, the CSM II leads proactive account management, orchestrates cross-functional resources, and partners closely with Sales and Services to deliver measurable outcomes and expand our footprint within each account.

Key Responsibilities

• Own a portfolio of enterprise accounts with accountability for renewal, net revenue retention, and expansion, leveraging data and insights to proactively manage risk and opportunity.
• Drive product adoption and value realization by developing and executing customer success plans aligned to the customer’s strategic objectives and key outcomes.
• Deliver a best-in-class customer experience across all phases of the customer lifecycle, from onboarding through renewal, coordinating with Implementation, Professional Services, Support, Product, and other internal teams.
• Lead executive-level engagements, including QBRs/EBRs and strategic reviews with C-suite, board administrators, and senior directors, to demonstrate ROI, influence adoption, and surface new opportunities.
• Identify, qualify, and partner on expansion opportunities in close collaboration with the Expansion Sales team, ensuring smooth handoffs, aligned account strategies, and clear growth plans.
• Facilitate successful onboarding and rollout of Diligent products and modules, working alongside the Implementation team to ensure stakeholder alignment, training, and effective change management.
• Build and maintain strong, multi-threaded relationships with key business and technical stakeholders, becoming a trusted advisor who understands their governance, risk, compliance, and operational priorities.
• Act as the voice of the customer internally, providing structured feedback and insights to Product, Marketing, Services, and Operations to influence roadmap and process improvements.
• Monitor account health and usage leveraging dashboards and analytics, intervening early to address risks, drive adoption, and reinforce value.
• Champion customer advocacy, by identifying referenceable customers, case study opportunities, testimonials, and participation in user groups or events.
• Collaborate on process and playbook improvements within the Customer Success organization to drive consistency, scalability, and excellence in how we serve enterprise customers.

Required Experience & Skills

• 5+ years of professional experience, including 2–4+ years in Customer Success, Account Management, or a similar client-facing role within B2B SaaS.
• Proven experience managing mid-market and/or enterprise accounts, with comfort engaging senior and executive stakeholders (Director, VP, C‑Suite).
• Demonstrated track record of meeting or exceeding renewal, retention, and expansion targets.
• Strong experience using CRM tools (preferably Salesforce) to manage accounts, opportunities, and customer health activities.
• Excellent communication and presentation skills, able to translate complex concepts into clear, compelling narratives for multiple stakeholder groups.
• Strong consultative and problem-solving skills, with a natural curiosity about the customer’s business, use cases, and success metrics.
• High level of resilience, ownership, and accountability, with the ability to navigate ambiguity and manage competing priorities across a large book of business.
• Passion for technology and a solution-centric mindset, with the ability to quickly learn new products and articulate their business value.
• Strong organizational skills and attention to detail, with experience managing multiple customers, projects, and deadlines simultaneously.

Preferred Qualifications

• Experience in governance, risk, compliance, legal, or adjacent enterprise software environments is a plus.
• Background working in a matrixed, global organization with cross-functional partners across time zones.
• Familiarity with customer success platforms and data-driven approaches to managing account health and adoption.

About the Company

Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact.

The Department: Risk

Risk at Gemini is a team dedicated to managing the next generation of financial and non-financial risks in a complex and evolving landscape. We are a diverse group of technology, legal, and operational professionals who develop new approaches to solving classic problems using cutting edge tools and processes in an ever changing industry. We are looking for like-minded individuals who are willing to be bold, visionaries and live the ethos of turning risk into return for our shareholders.

The Role: Manager, Enterprise Risk

We are seeking an experienced and forward-thinking Manager of Enterprise Risk Management (ERM) to join our growing risk organization at Gemini. In this high-impact role, you will be responsible for building, maintaining, and continuously improving our enterprise-wide risk management program to bridge the rigor of traditional financial services risk practices with the dynamic, fast-evolving landscape of digital assets and cryptocurrency markets.

You will work cross-functionally with Compliance, Finance, Technology, Operations, and Executive Leadership to ensure that risk is identified, assessed, monitored, and mitigated in alignment with regulatory expectations and organizational strategy.

This role is required to be in person twice a week at our New York City, NY office.

Responsibilities:

• Enterprise Risk Framework
  • Design, implement, and continuously mature a comprehensive operational risk framework tailored to the unique risk profile of a cryptocurrency exchange
  • Establish risk appetite statements, risk tolerance thresholds, and key risk indicators (KRIs) aligned with business strategy and regulatory requirements
  • Develop and maintain the enterprise risk register, ensuring risks are properly categorized, owned, and escalated appropriately
  • Lead periodic enterprise-wide risk assessments and translate findings into actionable risk mitigation strategies
• Cryptocurrency & Digital Asset Risk
  • Conduct and oversee specialized risk assessments related to cryptocurrency operations, including custody risk, smart contract risk, liquidity risk, and counterparty/exchange risk
  • Stay current on the evolving regulatory landscape for digital assets (e.g., SEC, CFTC, FinCEN, MAS) and assess implications for the firm's risk posture
  • Evaluate risks associated with new digital asset products, trading pairs, DeFi integrations, and blockchain protocol changes
• Operational Risk & Event Reporting
  • Own the operational risk event reporting process end-to-end — from identification and logging through root cause analysis, remediation tracking, and management reporting
  • Develop and manage a near-miss and loss event database to drive trend analysis and lessons-learned programs
  • Prepare clear, concise risk reporting packages for senior leadership, the Board Risk Committee, and other relevant regulatory bodies
  • Ensure timely escalation of high-severity risk events in accordance with internal policies and applicable regulations
  • Own the BCM process end-to-end — from enhancing the Governance and logging the DR tests to performing issues management and follow-up for remediation tracking, and management reporting
• Model Risk Management
  • Serve as a key stakeholder and subject matter expert in the firm's model risk governance program
  • Partner with Quantitative Research, Data Science, and Finance teams to ensure models are validated, documented, and monitored in accordance with model risk management standards (e.g., SR 11-7 or equivalent)
  • Identify model-related risks across trading algorithms, risk models, pricing engines, and fraud detection systems
  • Oversee model inventory maintenance and track validation findings through remediation
• Governance & Stakeholder Engagement
  • Collaborate with executive leadership, the Board, and external auditors to communicate the firm's risk posture and program maturity
  • Champion a strong risk culture across the organization through training, awareness programs, and proactive engagement with business lines
  • Manage relationships with external risk consultants, auditors, and regulatory examiners as needed. 
  • Take a supporting role in identifying, mapping out, documenting, and rating controls and risks as part of our Risk Assessment program
  • Respond to audit, partner bank, and regulatory requests

Minimum Qualifications:

• Bachelor's degree. Preferred CRCM or similar certifications
• 6+ years of progressive experience in trading, crypto, banking, fintech, or other regulated industries
• Demonstrated experience conducting cryptocurrency or digital asset risk assessments, ideally within an exchange, custodian, or digital asset firm
• Proven ability to design and implement operational risk frameworks from the ground up or significantly enhance existing programs
• Strong working knowledge of model risk management principles, including model validation, documentation standards, and governance practices (familiarity with SR 11-7 or equivalent guidance is a must)
• Hands-on experience managing operational risk event reporting processes, including loss event capture, root cause analysis, and escalation protocols
• Deep understanding of risk governance structures, including risk appetite frameworks, KRI/KPI development, and three lines of defense models
• Demonstrated ability to scale artificial intelligence models to help operationalize and scale risk management programs
• Ability to code with Python or R and have operational fluency with various python IDEs 

Preferred Qualifications:

• Professional certifications such as **FRM, CFA, CERA, CRISC**, or equivalent
• Familiarity with relevant digital asset regulatory frameworks and artificial intelligence frameworks
• Experience working with GRC platforms (e.g., Archer, AuditBoard, MetricStream)
• Background in or strong understanding of blockchain technology, decentralized finance (DeFi), and tokenomics

• Competitive starting pay
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $129,500 - $185,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-MW1

The Opportunity

We are looking for a Security Risk Program Manager to take Grow Therapy's security risk program to the next level of maturity. Reporting directly to the Head of Security, you'll be part of a team focused on protecting Grow's patients, providers, employees, and business by embedding risk awareness into everyday decision-making. Your work will directly support Grow's mission to expand access to high-quality mental healthcare—safely, responsibly, and at scale. Your responsibilities will include building and maturing our enterprise risk management framework, driving audit readiness, shaping executive risk reporting, and partnering closely with teams across Legal, Compliance, Engineering, and Product.

What You'll Be Doing

• Build and mature Grow's enterprise security risk management program, including risk identification, assessment, prioritization, remediation tracking, and maintaining a comprehensive risk register that informs business decisions.
• Lead the charge on AI risk management: Security sits within Grow’s Internal Foundations pillar, which is building company-wide infrastructure to support AI adoption. You’ll be in an incredible position to influence safe and thoughtful adoption of AI tooling at the enterprise level.
• Own the third-party/vendor security risk management program, streamlining review workflows to support business velocity while ensuring robust security oversight of partners and vendors.
• Drive audit readiness and external certifications (SOC 2, HIPAA-aligned assessments, HITRUST readiness) in close partnership with Legal and Compliance, reducing repeat findings and improving remediation timelines.
• Develop and deliver executive-level risk reporting and readouts that translate technical and security risks into clear business impact, enabling leadership to make informed, risk-aware tradeoffs as the company scales.
• Partner proactively across Security Engineering, Product, Engineering, and Operations to embed security and risk awareness into planning and decision-making cycles—positioning security as a strategic enabler rather than a gatekeeper.

You'll Be a Good Fit If

• You have deep experience building and operating security or enterprise risk management programs (not just managing projects) and a strong bias toward execution in fast-paced environments.
• You bring strong knowledge of healthcare security, privacy, and compliance frameworks (HIPAA, SOC 2, HITRUST) and can navigate regulatory obligations without sacrificing speed or innovation.
• You have exceptional stakeholder management and communication skills, including a track record of influencing senior leaders and translating complex risk concepts into actionable business guidance.
• You are a strong program manager with a structured approach to prioritization, documentation, and cross-functional alignment.
• Bonus: Experience scaling risk programs at high-growth or pre-IPO tech companies, prior ownership of vendor risk programs, or familiarity with GRC tooling and automation.

Employment Type: Full Time, Exempt 

Base Compensation: The base compensation range for this position is $152,000–$189,750 USD Annually.
The base compensation for this role will vary depending on several factors, including relevant experience, qualifications, and the candidate's working location.

Location:  This is a hybrid role with the expectation to work onsite from our NYC or San Francisco hub locations three days per week (Tuesday, Wednesday, and Thursday) and travel 2–3 times per year (e.g., company and department offsites).

The Role

We are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.

You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.

This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.

What You’ll Do

1. Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
2. Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
3. Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
4. Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
5. Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
6. Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
7. Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
8. Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
9. Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
10. Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
11. Help mentor and develop more junior team members as the program and team scale

What We’re Looking For

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffs
• Experience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiable
• Strong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatory
• Proven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk silo
• Strong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiences
• Comfort with data; SQL experience or the ability to query and analyze data independently is a strong plus
• Experience supporting or leading regulatory exams in a financial services or fintech environment

Nice to Have

• Experience building a TPRM program from scratch at a high-growth company
• Familiarity with GRC platforms and common TPRM tooling
• Working knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)
• Prior people management or team lead experience

Flex takes a market-based approach to pay, ensuring compensation is commensurate with a candidate's experience and our internal leveling guidelines. For candidates located in our Tier 1 markets (NYC/ SF), the base salary pay range for this role is $176,000—$220,000 USD. For all other U.S. locations, Flex utilizes a geographic pay differential based on a cost of labor index. If you are located outside of the Tier 1 states listed above, your starting pay will be adjusted to align with the market conditions of your specific geographic zone. Please speak with your recruiter for additional information regarding the specific range for your location.

About Flex

Flex is a venture-backed fintech company helping businesses manage and optimize their spend with modern financial products and software. We partner with some of the most innovative companies in the world and operate in a highly regulated, fast-growing environment. As we continue to scale, building best‑in‑class risk and compliance programs is critical to enabling our growth.

The Role

We are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.

You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.

This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.

What You’ll Do

1. Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
2. Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
3. Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
4. Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
5. Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
6. Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
7. Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
8. Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
9. Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
10. Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
11. Help mentor and develop more junior team members as the program and team scale

What We’re Looking For

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffs
• Experience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiable
• Strong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatory
• Proven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk silo
• Strong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiences
• Comfort with data; SQL experience or the ability to query and analyze data independently is a strong plus
• Experience supporting or leading regulatory exams in a financial services or fintech environment

Nice to Have

• Experience building a TPRM program from scratch at a high-growth company
• Familiarity with GRC platforms and common TPRM tooling
• Working knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)
• Prior people management or team lead experience

Flex takes a market-based approach to pay, ensuring compensation is commensurate with a candidate's experience and our internal leveling guidelines. For candidates located in our Tier 1 markets (NYC/ SF), the base salary pay range for this role is $176,000—$220,000 USD. For all other U.S. locations, Flex utilizes a geographic pay differential based on a cost of labor index. If you are located outside of the Tier 1 states listed above, your starting pay will be adjusted to align with the market conditions of your specific geographic zone. Please speak with your recruiter for additional information regarding the specific range for your location.

The Role

We are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.

You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.

This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.

What You’ll Do

1. Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
2. Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
3. Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
4. Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
5. Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
6. Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
7. Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
8. Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
9. Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
10. Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
11. Help mentor and develop more junior team members as the program and team scale

What We’re Looking For

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffs
• Experience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiable
• Strong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatory
• Proven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk silo
• Strong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiences
• Comfort with data; SQL experience or the ability to query and analyze data independently is a strong plus
• Experience supporting or leading regulatory exams in a financial services or fintech environment

Nice to Have

• Experience building a TPRM program from scratch at a high-growth company
• Familiarity with GRC platforms and common TPRM tooling
• Working knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)
• Prior people management or team lead experience

Flex takes a market-based approach to pay, ensuring compensation is commensurate with a candidate's experience and our internal leveling guidelines. For candidates located in our Tier 1 markets (NYC/ SF), the base salary pay range for this role is $176,000—$220,000 USD. For all other U.S. locations, Flex utilizes a geographic pay differential based on a cost of labor index. If you are located outside of the Tier 1 states listed above, your starting pay will be adjusted to align with the market conditions of your specific geographic zone. Please speak with your recruiter for additional information regarding the specific range for your location.

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Senior Application Security Engineer, you will focus on finding and responding to security vulnerabilities across the Brex platform. In this role, you will perform code reviews, design reviews, penetration testing, and vulnerability management. You will develop and maintain tooling to perform static and dynamic testing of the Brex platform and tooling which supports secure developer workflows. Application Security is part of our wider Financial Scale organization, which means you will work closely with Security Operations, GRC, Product Security, Front End Platform,  IT Infrastructure teams.

We’re looking for individuals with a strong background and interest in penetration testing. You should have a demonstrated ability to find vulnerabilities in complex systems and craft exploits to demonstrate business impact. This role is highly cross functional and collaborative, you will have the opportunity to work with every engineering team across Brex. You should be enthusiastic about working with a variety of backgrounds, roles, and needs. Building a world-class financial service requires world-class security. 

Brex is pioneering the next wave of AI-driven financial services for dynamic, high-impact companies like Coinbase, Robinhood, and Anthropic. We're at the early stages of integrating AI across our product suite, this role will have the opportunity to influence and secure the future of AI Security at Brex. You'll be at the forefront of securing our novel AI implementations, identifying attack vectors in agentic-powered features, and partnering with product and engineering teams to build AI capabilities that our customers can trust with their critical financial operations.

Responsibilities

• Identifying vulnerabilities, demonstrating business impact, and articulating the risk of specific vulnerabilities to drive prioritization efforts
• Perform penetration testing and design reviews, looking for vulnerabilities and insecure designs, work with engineering and product to design secure product features
• Maintain and build internal tools to automate security efforts, perform SAST and DAST testing of the Brex platform, and support secure development practices
• Build and contribute to a culture of collaborative security excellence through technical leadership, learning sessions, and mentorship within the team and wider organization

Requirements

• 5+ years work experience in an Application Security or related role
• Ability to find vulnerabilities in complex systems, demonstrating business impact through custom attack chains
• Experience with a wide range of secure development activities including— threat modeling, developer education, and incident response
• Knowledge of Python, scripting languages, and AI/agentic workflows to automate tasks, build tools and improve productivity
• Collaborative mindset paired with strong written and verbal communication skills

Bonus points

• Proficiency with Kotlin, gRPC, GraphQL, Kubernetes
• Previous experience as a software engineer
• Consultancy experience performing web application security reviews
• Experience with securing distributed systems in AWS and cloud environments
• Experience with pentesting and securing agentic features and systems
• Contributions to the wider technical community— open source, public research, mentorship, community organizing, blogging, CVEs, presentations, etc
• Experience submitting to bug bounty programs or responsible disclosure programs

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

What You’ll Do: 

The Security Products team at CoreWeave is responsible for building the platform capabilities that let enterprise customers safely extend their existing identity, security, and encryption stacks to CoreWeave Cloud. This team owns products like CoreWeave IAM, future encryption lifecycle and key management capabilities, and supporting infrastructure that enables fine-grained access control, auditability, and secure onboarding of sensitive AI workloads. We partner closely with Product, Information Security, and core platform teams to make CoreWeave the most secure and compliant place to run large-scale AI.

About the role:

CoreWeave is seeking a Director of Engineering, Security Products to lead the engineering teams building our identity, authorization, and encryption platforms. In this highly technical and strategic role, you will define and execute the roadmap for security products that underpin customer trust and enable regulated AI workloads at scale. You will lead an engineering team working with Product and Security to design and operate services that are reliable, auditable, and easy for customers to adopt. You will grow and mentor engineering leaders and ICs, and set the standard for engineering excellence in a fast-moving, high-stakes domain.

In this role, you will:

• Define and drive the engineering roadmap for CoreWeave security products (e.g., IAM, authorization, encryption lifecycle management, workload identity, and related platform capabilities).
• Lead and grow high-performing engineering teams, including managers and senior ICs, responsible for building and operating security-critical services.
• Own the availability, reliability, and performance of security product services in production, including SLIs/SLOs, incident management, and on-call practices.
• Partner closely with Product Management and Information Security to translate customer, compliance, and GRC requirements into clear technical designs and delivery plans.
• Oversee the architecture and implementation of secure, scalable, and auditable systems that integrate with customer identity providers, key management systems, and security tooling.
• Collaborate with customer-facing teams (Sales, Solutions, Customer Experience) to support complex enterprise deployments and unblock high-impact opportunities.
• Establish and continuously improve engineering processes, quality bars, and operational best practices for security products in a rapidly growing environment.

Who You Are: 

• 10+ years of experience in software or infrastructure engineering building and operating production services.
• 5+ years of engineering leadership experience, including directly managing other managers and scaling multi-team organizations.
• Proven track record of delivering security, identity, or encryption-related products (e.g., IAM, SSO, KMS, HSM, workload identity, security platforms) at a cloud provider, security company, or large-scale SaaS.
• Experience designing and operating distributed systems with high availability, strong correctness requirements, and clear operational ownership.
• Strong understanding of enterprise security concepts such as authentication, authorization, least privilege, encryption at rest and in transit, and audit logging.
• Familiarity with common compliance and security frameworks (e.g., SOC 2, ISO 27001, FedRAMP, HIPAA) and how they translate into product and architectural requirements.
• Demonstrated experience collaborating with Product Management and Security/Compliance teams to prioritize trade-offs and ship customer-facing platform capabilities.
• Experience building and mentoring diverse, inclusive, and high-performing engineering teams in a fast-paced environment.

Wondering if you’re a good fit? We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match. 

Here are a few qualities we’ve found compatible with our team. If some of this describes you, we’d love to talk:

• You’re excited about building security and identity platforms that make it easier—not harder—for customers to adopt secure-by-default AI workloads.
• You enjoy working at the intersection of Product, Security, and Infrastructure, turning complex requirements into simple, reliable services.
• You’re comfortable leading through ambiguity and change, and you can balance long-term platform investments with near-term customer and compliance needs.
• You have a strong owner’s mindset, and you care deeply about operational excellence, from design reviews to incident response.

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast!  We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values: 

• Be Curious at Your Core
• Act Like an Owner
• Empower Employees
• Deliver Best-in-Class Client Experiences
• Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and provides the opportunity to develop innovative solutions to complex problems. As we get set for take off, the growth opportunities within the organization are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us! 

The base salary range for this role is $227,000 to $303,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility). 

What You’ll Do:

CoreWeave is building the infrastructure that powers the next era of AI — and doing it at a pace and scale that demands operational excellence across every function. As we scale toward and beyond public company readiness, the CIO organization is responsible for owning the execution of IT General Controls (ITGCs) and IT application controls across our technology environment.

About the role:
This is not a traditional audit-support role. As the Senior Product Manager, IT SOX Compliance, you will translate SOX compliance requirements into structured programs, drive accountability across IT process owners, and build the systems and workflows that make compliance scalable. You will work closely with the SOX team and IT process owners to ensure controls are designed, reviewed, and evidenced effectively. The day-to-day includes owning the IT SOX compliance program, partnering with cross-functional teams, and ensuring controls are executed, documented, and audit-ready.

• Own the end-to-end IT SOX compliance program within the CIO organization, maintaining the IT control inventory spanning ITGCs, IT-dependent controls, and automated application controls
• Own the control design and documentation, including narratives and risk and control matrices (RCMs), ensuring controls are clearly defined and audit-ready
• Partner with IT, Accounting (where needed), and the SOX team to ensure new systems and modules are implemented with appropriate SDLC controls in place prior to go-live; review control designs to identify and mitigate SOX risks
• On an ongoing basis, partner with IT process owners and control operators to ensure controls are executed in a timely manner
• Review control evidence for quality and completeness before submission to auditors
• Manage the full deficiency lifecycle — from root cause analysis through remediation planning, retesting, and escalation — reporting control health to IT leadership and the SOX team
• Lead root cause analysis for control failures and incidents, track and resolve systemic gaps, and implement and validate remediation plans to prevent recurrence

Who You Are:

• 8+ years of experience in IT audit, IT risk, IT compliance, or a related field, with hands-on IT SOX experience in either a practitioner or oversight capacity
• Deep familiarity with IT General Controls (ITGCs) — access management, change management, SDLC, and computer operations — and how they map to financial reporting risk
• Experience with Workday, Salesforce, NetSuite/SAP, Coupa, and other enterprise business systems
• Strong understanding of PCAOB auditing standards, COSO framework, and COBIT as they apply to IT controls
• Demonstrated ability to manage multiple workstreams, deadlines, and stakeholders across engineering, finance, legal, and audit
• Experience with GRC platforms (e.g., AuditBoard, ServiceNow GRC, Workiva, or similar)

Preferred:

• CISA, CISSP, CISM, or CPA certification
• Experience in a hyperscaler, cloud infrastructure, or high-growth tech environment
• Proven ability to establish or scale SOX IT compliance programs at newly public or pre-IPO companies

Wondering if you’re a good fit?
We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match. Here are a few qualities we’ve found compatible with our team. If some of this describes you, we’d love to talk.

• You love translating SOX compliance requirements into structured, scalable programs
• You’re curious about improving control design, execution, and compliance workflows
• You’re an expert in IT SOX compliance, ITGCs, and control lifecycle management

Why CoreWeave?
At CoreWeave, we work hard, have fun, and move fast! We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values:

Be Curious at Your Core
Act Like an Owner
Empower Employees
Deliver Best-in-Class Client Experiences
Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems. As we get set for takeoff, the organization's growth opportunities are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us!

The base salary range for this role is $165,000 to $242,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

As a Product Manager for Identity Security you'll be responsible for building cloud identity and access security capabilities for Datadog's Cloud Security Management product. Security teams today lack visibility into the thousands of human and non-human identities spread across their cloud environments, and cannot answer fundamental questions like "who can access this resource and should they?" This role will start by building a comprehensive identity inventory with a focus on non-human identities (service accounts, IAM roles, API keys, managed identities) and identity posture rules that detect risks like unused credentials, missing MFA, and overprivileged service accounts, then expand into effective permissions analysis and identity-to-resource mapping within Datadog's security graph. You will partner with engineers, designers, and go-to-market teams to define this new product area and drive customer adoption and revenue growth.

At Datadog, we place value in our office culture - the relationships and collaboration it builds, and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them.

What You'll Do

• Define and build the roadmap for identity security capabilities within Cloud Security Management.
• Work closely with executives, marketing, sales, PR, design, and support teams to successfully bring new products and features to market.
• Develop a deep understanding of the market landscape and identify key areas of competitive differentiation and market disruption.
• Maintain and report to product leadership on key metrics regarding revenue growth and customer adoption.
• Work with engineers to help customers understand which identity paths in their multi-cloud environments represent real, exploitable risk, from discovering and classifying every human and non-human identity to mapping what each one can access and whether that access is justified.
• Work with product designers to create identity visibility and governance experiences for security architects doing access reviews, GRC teams running compliance audits, and platform engineers investigating access escalations.

Who You Are

• Minimum 3+ years in enterprise software, with a preference for security or cloud infrastructure background.
• Committed to high-quality products and customer satisfaction.
• Excellent verbal and written communication, capable of presenting ideas to technical and executive stakeholders.
• Prior engineering experience or deep understanding of cloud IAM, including how identity-based policies, resource-based policies, permission boundaries, SCPs, and cross-account trust chains interact to determine effective permissions.
• Familiarity with non-human identity management challenges: service account sprawl, long-lived credentials, overprivileged machine identities, and the distinction between cloud-native NHI types and federated/ambiguous identities.
• Regularly uses LLM-based tools like Claude Code and Cursor to accelerate your work, from drafting PRDs and analyzing data to researching markets and prototyping ideas.
• Driven to build and scale new products in a high-growth environment.
• Demonstrates strong ownership, data-driven problem-solving, and prioritization skills.

 Datadog values people from all walks of life. We understand not everyone will meet all the above qualifications on day one. That's okay. If you’re passionate about technology and want to grow your skills, we encourage you to apply.

Benefits & Growth:

• New hire stock equity (RSUs) and employee stock purchase plan (ESPP)
• Continuous professional development, product training, and career pathing
  Intra-departmental mentor and buddy program for in-house networking
• An inclusive company culture, ability to join our Community Guilds
• Access to Inclusion Talks, our Internal panel discussions
• Free, global Spring Health benefits for employees and dependents age 6+
• Competitive global benefits

Benefits and Growth listed above may vary based on the country of your employment and the nature of your employment with Datadog.

#LI-Hybrid

Position Overview

The Solutions Sales Specialist will play an instrumental role in driving revenue growth for Diligent for existing and new accounts for specialized products. This position will collaborate with Account Executives and Directors to develop pipeline through prospecting, performing inbound and outbound activity to generate pipeline for team members and assume a quota within a territory to close business.

This position will require a commercially astute individual that is confident in showcasing our offerings in a compelling way to customers by uncovering how the customer requirements map to our products as part of the Diligent solutions. The Solutions Sales Specialist I embodies our culture and values and has demonstrated experience collaborating with stakeholders to realize shared goals.

Key Responsibilities

• Demonstrate an in-depth knowledge of Diligent’s solution and specialized products.
• Prospect new leads within existing accounts to drive new opportunities.
• Adopts a ‘solutions’ selling approach, understanding customer needs and developing solutions through the lens of the Diligent solutions.
• Demonstrate Sales excellence by managing the end-to-end sales cycle from opportunity to deal close using the Diligent approved sales methodology.
• Effectively utilize sales tools to prospect new leads, schedule initial meetings, increase win rates and generate bookings.
• Accurately maintain CRM records, forecast and report out on projected bookings, deals closed etc. on a regular basis.
• Proactively gathers external insights of the competitor landscape, including customers’ business strategy and the direction of the industry to inform the creation of strategic account plans.
• Collaborates with Account teams to discover new and growth opportunities, qualify opportunities and build pipeline.

Required Experience/Skills:

• Proven track record of success in account management and achieving revenue targets within the technology or GRC industry.
• SLED experience.
• Familiarity with selling through channel distribution processes. 
• Ability to build and maintain relationships with diverse stakeholders at different levels of the organization.
• Continuous learning, including a desire to develop knowledge and expertise in internal products, external industry trends and the customer landscape.
• Strong communication, presentation and influencing skills.
• A high level of curiosity and empathy with the ability to understand a potential customer's context, issues and pain points through effective questioning and listening.
• Self-motivated, results-driven, and ability to work in a fast-paced and dynamic environment.

The posted salary range reflects the base salary for this role. In addition, this position is eligible for commission/variable compensation based on performance.

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As an Application Security Engineer, you will contribute to finding and responding to security vulnerabilities across the Brex platform. In this role, you will participate in code reviews, design reviews, penetration testing, and vulnerability management. You will contribute to tooling that performs static and dynamic testing of the Brex platform and supports secure developer workflows. Application Security is part of our wider Financial Scale organization, which means you will work closely with Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure teams.

We're looking for individuals with a solid foundation in penetration testing and a curiosity for finding vulnerabilities in complex systems. You should have experience identifying and documenting vulnerabilities across common vulnerability classes and be able to communicate their risk clearly to engineering and product teams. This role is highly cross-functional — you'll have the opportunity to collaborate with engineering teams across Brex and grow your security expertise in a fast-moving environment.

Brex is pioneering the next wave of AI-driven financial services for dynamic, high-impact companies like Coinbase, Robinhood, and Anthropic. As we integrate AI across our product suite, this role will give you hands-on experience contributing to AI security at Brex. You'll apply emerging AI security best practices to help secure our agentic features, identify attack surfaces introduced by LLM-powered systems, and partner with product and engineering teams to build AI capabilities our customers can trust with their critical financial operations.

Responsibilities

• Identify vulnerabilities across common vulnerability classes (e.g., OWASP Top 10), document findings clearly, and communicate risk to drive remediation efforts
• Participate in penetration testing and design reviews alongside senior engineers, contributing to the identification of vulnerabilities and insecure designs
• Contribute to internal tooling and automation efforts that support SAST and DAST testing of the Brex platform and promote secure development practices
• Collaborate with engineering and product teams to support the design of secure product features
• Actively contribute to a culture of security awareness through knowledge sharing and peer learning

Requirements

• 4+ years of work experience in Application Security or a related role
• Demonstrated ability to find and document vulnerabilities in complex systems, with clear communication of business risk
• Hands-on experience with a subset of secure development activities, such as code review, threat modeling, or penetration testing
• Experience identifying security risks in AI/ML systems — such as prompt injection, model manipulation, or data poisoning — through work experience, personal projects, CTFs, or bug bounties
• Familiarity with agentic workflows and the ability to reason about attack surfaces introduced by LLM-powered features
• Knowledge of Python or scripting languages to automate tasks and build tooling
• Collaborative mindset paired with strong written and verbal communication skills

Bonus points

• Experience with Kotlin, gRPC, GraphQL, Kubernetes
• Previous experience as a software engineer
• Experience with securing distributed systems in AWS and cloud environments
• Experience with web application security reviews
• Contributions to the wider technical community — open source, public research, CTF participation, blogging, CVEs, or presentations
• Experience submitting to bug bounty or responsible disclosure programs
• Published AI security research or contributions to AI security frameworks

Compensation

The expected salary range for this role is $152,000 - $190,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

About the role

Anthropic's Integrity & Compliance (I&C) function is building the systems that let us scale responsibly as our products reach more people, more enterprises, and more regulated industries. Our global compliance program is bespoke, reflecting our unique mission and position as one of the leading AI labs operating on the frontier.

The Governance & Oversight pillar is the operational and structural backbone of Integrity & Compliance. It owns the frameworks, policies, controls testing, training, GRC tooling, and reporting that hold the rest of the function together — and that allow Anthropic to demonstrate accountability to employees, customers, regulators, and the public as the company scales.

We're hiring a Compliance Governance & Oversight Lead to set the strategy for how compliance governance works at Anthropic, own the systems and reporting that give leadership a clear line of sight into program health, and partner with the leads of our other I&C pillars — Privacy Programs, Regulatory Programs, and Corporate Compliance — to ensure their work is supported by a coherent operating model.

This is a senior leadership role in a function being built from the ground up. You'll have significant autonomy to shape the design of the pillar, and you'll build and develop the team that runs it. You'll report to the Head of Integrity & Compliance.

Key responsibilities

• Set the strategy for compliance governance and oversight at Anthropic, defining how policies, controls, training, and reporting come together into a coherent operating model across the I&C function

• Own the policy lifecycle end-to-end — drafting standards, approval workflows, version control, attestation, and accessibility — and ensure Anthropic's compliance policies are current, coherent, and demonstrably communicated

• Lead selection, implementation, and ongoing administration of the GRC platform that serves as the central system of record for I&C, including risk tracking, control documentation, issue management, and workflow

• Design and run the controls testing and monitoring program across all I&C pillars, partnering with pillar leads to verify controls are operating as intended and to surface gaps before they become issues

• Own the compliance training program, working with subject matter experts across I&C to develop, deliver, and evidence training that meets regulatory requirements and embeds compliance into how the company operates

• Drive issue management across the function — ensuring findings, exceptions, and remediation are documented, owned, escalated where needed, and driven to closure

• Build the metrics, dashboards, and reporting cadences that give the Head of I&C, the broader leadership team and Internal Audit a clear view of program health, key risks, and strategic priorities

• Prepare and present compliance reporting to leadership synthesizing inputs from across pillars into clear narratives

• Coordinate the function's responses to compliance-related due diligence requests from customers, partners, and investors

• Manage the I&C budget and vendor portfolio, providing the administrative foundation for the function's operations

• Build and develop the Governance & Oversight team as the pillar's scope and headcount grow, and embed a culture of practical, well-evidenced compliance across the company

Minimum qualifications

• Significant experience in compliance, risk, internal audit, or a closely related field, including leadership of a compliance operations, governance, or oversight function

• Demonstrated track record building or substantially scaling a compliance program — policies, controls testing, training, GRC tooling, and reporting — end-to-end, ideally from an early stage

• Deep working knowledge of compliance program fundamentals: policy management, training, controls testing, issue management, and program reporting

• Experience selecting, implementing, and operating GRC technology platforms, and using technology to make compliance more effective and less burdensome for the wider organization

• Track record of preparing and presenting compliance reporting to senior leadership, Internal Audit, and/or board-level governance bodies

• Strong written and verbal communication, with the ability to translate substantive compliance requirements into operating processes that engineering, product, and go-to-market teams will actually adopt

• Demonstrated ability to lead through influence across a senior, cross-functional stakeholder group, and to make and defend cross-functional decisions

• Experience building and developing teams

Preferred qualifications

• 10+ years of relevant experience

• Prior experience at a Big 4 or comparable compliance consulting or advisory professional services firm, in addition to in-house leadership experience

• Experience leading compliance governance at a high-growth technology company, ideally one operating across multiple regulatory regimes

• Exposure to AI-specific compliance considerations and the emerging regulatory landscape for AI

• Experience standing up or transforming a compliance function in a hyper-scaling environment, including building from a blank page

• Direct experience presenting to or supporting Audit Committee or board-level reporting on compliance matters

Role-specific policy: For this role, we expect staff to be able to work from either our Washington, DC, San Francisco, or New York City office at least 3 days a week, though we encourage you to apply even if you might need some flexibility for an interim period of time.

About that Role

As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers, and (nascent) industry norms — which we also seek to influence. The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet. The compliance team demonstrates adherence to security expectations through credential attainment, the establishment of assurance and oversight mechanisms, and direct engagement with auditors, customers, and partners.

This opportunity is unique. Anthropic is expanding HIPAA coverage across its product portfolio — including Claude Code, the Claude Developer Platform, and Claude Cowork — and we need to build the compliance infrastructure to match that expansion. We are looking for someone to own HIPAA compliance operations end-to-end, not just advise on it.

Responsibilities:

• Operate Anthropic’s HIPAA compliance review program, executing on HIPAA obligations across the product portfolio.
• Run a dedicated HIPAA review track in parallel with the Product Security Review (PSR) process, applying compliance checklist to every in-scope change and recording a complete, auditable disposition before release.
• Build and maintain change monitoring mechanisms to catch HIPAA-relevant changes — including default setting changes and incremental updates.
• Partner with product and engineering teams upstream to ensure HIPAA considerations are built into first releases rather than addressed as post-launch remediations.
• Assess and document PHI data flows, infrastructure boundaries, and control coverage across Anthropic’s cloud-native product environments.
• Write, update, and enact HIPAA policies, checklists, deployment guides, and audit evidence packages.
• Manage Business Associate Agreement (BAA) obligations and coordinate with legal and external counsel on PHI determination questions and emerging regulatory requirements.
• Contribute to Anthropic’s broader compliance program, including adjacent frameworks (SOC 2, ISO 27001, NIST 800-53) where they intersect with HIPAA obligations.

You may be a good fit if you:

• Have 3+ years of progressive experience in compliance roles, including direct ownership of a HIPAA compliance program at a technology company
• Have evaluated PHI data flows and infrastructure boundaries in cloud-native environments (AWS, GCP, or Azure) and can assess HIPAA exposure without always needing to escalate to legal
• Have designed and operated a compliance review mechanism integrated into a product development or release process
• Can translate HIPAA technical compliance requirements into actionable workstreams for engineering and product teams
• Deliver clear, precise compliance documentation — policies, checklists, audit evidence, deployment guides — for both technical and non-technical audiences
• Thrive in fast-paced, ambiguous environments where you’re expected to build processes from scratch and keep them working under rapid product change
• Are energized by being the organizational expert who educates and influences rather than only advises

Strong candidates may also:

• Have worked in AI/ML or developer-platform companies and understand the unique challenges of PHI exposure in model inference and API environments
• Have HITRUST CSF experience or experience mapping HIPAA requirements to HITRUST controls
• Bring experience from high-growth technology companies where compliance programs had to scale alongside rapid product expansion
• Have implemented or significantly contributed to compliance automation or GRC tooling integrations
• Possess relevant certifications (CHPC, HCISPP, CISA, CISM, CISSP, or equivalent)

Candidates need not have:

• Done everything on this list before — we value learning agility and willingness to tackle novel compliance challenges in the AI space

Deadline to Apply: None, applications will be received on a rolling basis.

Position Overview 

The Field Marketing Manager, Americas will own and scale the field marketing engine for a high-impact business unit, directly influencing pipeline growth, accelerating revenue, and shaping how we go to market across the region.

This is a highly visible role that blends strategy and execution. You’ll design and orchestrate integrated campaigns, events, webinars, and ABM programs; working side-by-side with Sales and cross-functional Marketing teams to turn ideas into measurable business outcomes.

If you’re equal parts strategist, operator, and innovator; and excited to leverage AI to unlock smarter, faster marketing - this role is for you.

As a senior individual contributor on the Americas Field Marketing team, this person will: 

• Lead the development and execution of pod-level field marketing plans aligned to regional and business unit goals. 

• Partner closely with Sales to identify and activate priority plays that progress opportunities through the funnel and into bookings. 

• Build scalable field marketing programs and infrastructure, leveraging AI to improve efficiency, targeting and insights. 

• Shape team-wide processes and workflows and provide day-to-day guidance and coaching to Field Marketing Specialists and Senior Specialists, exerting influence without formal authority. 

Key Responsibilities

Strategy & Planning 

Own the field marketing strategy and annual plan for an assigned Americas pod or business unit, aligned to shared MQL, pipeline and bookings targets. 

Translate GTM plays and regional priorities into integrated field programs that pull the right marketing levers at the right time across the customer journey. 

Use data, insights and AI tools to seize opportunities, refine targeting, and continuously optimize program mix and investment. 

Campaigns, Events & ABM 

Design and execute multi-channel field campaigns, including events, webinars, ABM motions and localized programs that support both new logo and expansion goals. 

Own end-to-end delivery of field marketing activities — brief development, project management, enablement, execution and debriefs — with extreme attention to detail and operational rigor. 

Partner with Demand Generation, Product Marketing, Brand, and Corporate Events to ensure Americas field programs are on-brand, on-message and coordinated across channels. 

Sales & Cross-Functional Partnership 

Build strong, trust-based relationships with Sales leaders and AEs in the assigned pod/region; act as the primary marketing counterpart for planning and performance reviews. 

Align on coverage models, territories, key accounts and follow-up expectations with BDR/SDR teams; ensure smooth handoffs from MQL to opportunity and into bookings. 

Collaborate with other Field Marketing Managers across Americas to share best practices, standardize processes and identify opportunities to scale what works. 

AI-Enabled Execution & Innovation 

Champion the use of AI across field marketing workflows — from audience and target account list refinement to content creation, testing and reporting — to increase throughput and impact. 

Pilot new AI-driven tactics in partnership with Brand, Content and Demand Generation, and document learnings to inform broader adoption. 

Measurement, Reporting & Optimization 

Own pod-level field targets and KPIs; track and report on MQLs, opportunities, pipeline and bookings influenced by field programs, as well as marketing ROI. 

Build regular performance readouts for Sales and Marketing leadership, surfacing insights, risks and recommended optimizations. 

Use data to identify gaps in the funnel, propose corrective actions, and test alternative approaches to unlock growth. 

Required Experience/Skills 

• 5+ years of B2B SaaS field marketing or closely related experience (e.g., growth, revenue, campaign marketing), with a track record of driving pipeline and bookings with Sales. 

• Deep experience building and executing integrated field programs across tactics such as events, webinars, ABM and partner campaigns. 

• Demonstrable capability with AI tools, with real use cases that improve operational excellence, visibility and speed-to-impact in marketing programs. 

• Motivated self-starter with a “get stuff done” mindset and the ability to set priorities, manage multiple projects and hit deadlines with limited oversight. 

• Strong interpersonal and communication skills (written and verbal), including comfort presenting to and influencing senior Marketing and Sales leaders. 

• Proven ability to partner and develop strong relationships across all levels of a complex, matrixed commercial organization. 

• Highly organized, process-driven operator with strong project management skills and extreme attention to detail. 

• Commercial, strategic and data-driven mindset; uses data and reporting to make decisions, optimize plans and demonstrate impact against regional growth goals. 

• Proficiency with core marketing and productivity tools (e.g., Salesforce, Marketo, Wrike, Microsoft Office Suite) and comfort adopting new AI-powered technologies. 

• Familiarity with the GRC space and experience working in a complex matrixed organization are strong pluses. 

#LI-SR1

THE POSITION
Our roster has an opening with your name on it

We are hiring a Senior Director of AI Platforms & Ops to lead the development of FanDuel’s AI control plane and foundational infrastructure.

This role is responsible for building and operating the foundation that makes AI safe, scalable, and production-ready across the enterprise. You will lead teams responsible for everything from model access and orchestration to governance, monitoring, and cost control. You will partner closely with Forward Deployed AI teams, AI Software Engineering, Security, Legal, MarTech, Ops, and Data to ensure that AI systems can be deployed quickly without compromising reliability, compliance, or trust.

Success in this role means accelerating AI adoption across FanDuel while maintaining strong guardrails and operational excellence.

In addition to the specific responsibilities outlined above, employees may be required to perform other such duties as assigned by the Company. This ensures operational flexibility and allows the Company to meet evolving business needs.

THE GAME PLAN
Everyone on our team has a part to play

Scale the team and roadmap: Build and lead a high-performing team while defining the long-term vision for AI Platforms. Create platforms that allow teams to move fast while ensuring compliance, security, and reliability.

Build the AI control plane: Own the systems that govern how AI is accessed, orchestrated, and managed across FanDuel. Oversee the AI Gateway, MCP Registry, Agent + Skills Marketplaces, and Firewall, ensuring safe and scalable integration of models and tools

Own governance, compliance, trust & safety: Establish best-in-class tracing, monitoring, and debugging for AI systems in production. Build and operationalize GRC frameworks for AI usage, including risk reviews, auditability, and policy enforcement. Establish a scalable Trust, Safety, and Red Teaming swat team focused on how we believe and how we break AI tools, ensuring AI systems meet standards for responsible use, content safety, and user protection

Optimize cost and performance: Lead FinOps for AI, including usage tracking, cost controls, and efficiency optimization. Own enterprise license strategy and vendor relationships across model providers and tooling

Partner across the organization: Work closely with FDE and AI SWE teams to ensure platform capabilities align with real-world needs

THE STATS
What we're looking for in our next teammate

• Have 10+ years of experience in platform engineering, infrastructure, or large-scale systems, having led platform or infrastructure teams at scale, ideally in data or AI environments
• Have experience building or managing systems related to: AI gateways or service platforms, developer platforms, observability, monitoring, and/or FinOps
• Understand AI/ML systems, including LLMs and their operational challenges
• Have experience working with security, compliance, or regulated environments
• Are comfortable operating at both strategic and deeply technical levels
• Can balance speed, cost, and risk in a fast-moving environment
• Are an effective leader who can build teams and influence across functions

ABOUT FANDUEL

FanDuel Group is the premier mobile gaming company in the United States and Canada. FanDuel Group consists of a portfolio of leading brands across mobile wagering including: America’s #1 Sportsbook, FanDuel Sportsbook; its leading iGaming platform, FanDuel Casino; the industry’s unquestioned leader in horse racing and advance-deposit wagering, FanDuel Racing; and its daily fantasy sports product.  

In addition, FanDuel Group operates FanDuel TV, its broadly distributed linear cable television network and FanDuel TV+, its leading direct-to-consumer OTT platform. FanDuel Group has a presence across all 50 states, Canada, and Puerto Rico.

The company is based in New York with US offices in Los Angeles, Atlanta, and Jersey City, as well as global offices in Canada and Scotland. The company’s affiliates have offices worldwide, including in Ireland, Portugal, Romania, and Australia.

FanDuel Group is a subsidiary of Flutter Entertainment, the world's largest sports betting and gaming operator with a portfolio of globally recognized brands and traded on the New York Stock Exchange (NYSE: FLUT).

PLAYER BENEFITS
We treat our team right

We offer amazing benefits above and beyond the basics. We have an array of health plans to choose from (some as low as $0 per paycheck) that include programs for fertility and family planning, mental health support, and fitness benefits. We offer generous paid time off (PTO & sick leave), annual bonus and long-term incentive opportunities (based on performance), 401k with up to a 5% match, commuter benefits , pet insurance, and more - check out all our benefits here: FanDuel Total Rewards. *Benefits differ across location, role, and level.

FanDuel is an equal opportunities employer and we believe, as one of our principles states, “We are One Team!”. As such, we are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, creed, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, or any other characteristic protected by state, local or federal law. We believe FanDuel is strongest and best able to compete if all employees feel valued, respected, and included.

The applicable salary range for this position is $247,000 - $309,000 USD, which is dependent on a variety of factors including relevant experience, location, business needs and market demand. This role may offer the following benefits: medical, vision, and dental insurance; life insurance; disability insurance; a 401(k) matching program; among other employee benefits. This role may also be eligible for short-term or long-term incentive compensation, including, but not limited to, cash bonuses and stock program participation. This role includes paid personal time off and 14 paid company holidays. FanDuel offers paid sick time in accordance with all applicable state and federal laws.

FanDuel is committed to providing reasonable accommodations for qualified individuals with disabilities. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please email Benefits@fanduel.com.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

#LI-Hybrid

THE POSITION
Our roster has an opening with your name on it

We are hiring a Senior Director of AI Platforms & Ops to lead the development of FanDuel’s AI control plane and foundational infrastructure.

This role is responsible for building and operating the foundation that makes AI safe, scalable, and production-ready across the enterprise. You will lead teams responsible for everything from model access and orchestration to governance, monitoring, and cost control. You will partner closely with Forward Deployed AI teams, AI Software Engineering, Security, Legal, MarTech, Ops, and Data to ensure that AI systems can be deployed quickly without compromising reliability, compliance, or trust.

Success in this role means accelerating AI adoption across FanDuel while maintaining strong guardrails and operational excellence.

In addition to the specific responsibilities outlined above, employees may be required to perform other such duties as assigned by the Company. This ensures operational flexibility and allows the Company to meet evolving business needs.

THE GAME PLAN
Everyone on our team has a part to play

Scale the team and roadmap: Build and lead a high-performing team while defining the long-term vision for AI Platforms. Create platforms that allow teams to move fast while ensuring compliance, security, and reliability.

Build the AI control plane: Own the systems that govern how AI is accessed, orchestrated, and managed across FanDuel. Oversee the AI Gateway, MCP Registry, Agent + Skills Marketplaces, and Firewall, ensuring safe and scalable integration of models and tools

Own governance, compliance, trust & safety: Establish best-in-class tracing, monitoring, and debugging for AI systems in production. Build and operationalize GRC frameworks for AI usage, including risk reviews, auditability, and policy enforcement. Establish a scalable Trust, Safety, and Red Teaming swat team focused on how we believe and how we break AI tools, ensuring AI systems meet standards for responsible use, content safety, and user protection

Optimize cost and performance: Lead FinOps for AI, including usage tracking, cost controls, and efficiency optimization. Own enterprise license strategy and vendor relationships across model providers and tooling

Partner across the organization: Work closely with FDE and AI SWE teams to ensure platform capabilities align with real-world needs

THE STATS
What we're looking for in our next teammate

• Have 10+ years of experience in platform engineering, infrastructure, or large-scale systems, having led platform or infrastructure teams at scale, ideally in data or AI environments
• Have experience building or managing systems related to: AI gateways or service platforms, developer platforms, observability, monitoring, and/or FinOps
• Understand AI/ML systems, including LLMs and their operational challenges
• Have experience working with security, compliance, or regulated environments
• Are comfortable operating at both strategic and deeply technical levels
• Can balance speed, cost, and risk in a fast-moving environment
• Are an effective leader who can build teams and influence across functions

ABOUT FANDUEL

FanDuel Group is the premier mobile gaming company in the United States and Canada. FanDuel Group consists of a portfolio of leading brands across mobile wagering including: America’s #1 Sportsbook, FanDuel Sportsbook; its leading iGaming platform, FanDuel Casino; the industry’s unquestioned leader in horse racing and advance-deposit wagering, FanDuel Racing; and its daily fantasy sports product.  

In addition, FanDuel Group operates FanDuel TV, its broadly distributed linear cable television network and FanDuel TV+, its leading direct-to-consumer OTT platform. FanDuel Group has a presence across all 50 states, Canada, and Puerto Rico.

The company is based in New York with US offices in Los Angeles, Atlanta, and Jersey City, as well as global offices in Canada and Scotland. The company’s affiliates have offices worldwide, including in Ireland, Portugal, Romania, and Australia.

FanDuel Group is a subsidiary of Flutter Entertainment, the world's largest sports betting and gaming operator with a portfolio of globally recognized brands and traded on the New York Stock Exchange (NYSE: FLUT).

PLAYER BENEFITS
We treat our team right

We offer amazing benefits above and beyond the basics. We have an array of health plans to choose from (some as low as $0 per paycheck) that include programs for fertility and family planning, mental health support, and fitness benefits. We offer generous paid time off (PTO & sick leave), annual bonus and long-term incentive opportunities (based on performance), 401k with up to a 5% match, commuter benefits , pet insurance, and more - check out all our benefits here: FanDuel Total Rewards. *Benefits differ across location, role, and level.

FanDuel is an equal opportunities employer and we believe, as one of our principles states, “We are One Team!”. As such, we are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, creed, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, or any other characteristic protected by state, local or federal law. We believe FanDuel is strongest and best able to compete if all employees feel valued, respected, and included.

The applicable salary range for this position is $247,000 - $309,000 USD, which is dependent on a variety of factors including relevant experience, location, business needs and market demand. This role may offer the following benefits: medical, vision, and dental insurance; life insurance; disability insurance; a 401(k) matching program; among other employee benefits. This role may also be eligible for short-term or long-term incentive compensation, including, but not limited to, cash bonuses and stock program participation. This role includes paid personal time off and 14 paid company holidays. FanDuel offers paid sick time in accordance with all applicable state and federal laws.

FanDuel is committed to providing reasonable accommodations for qualified individuals with disabilities. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please email Benefits@fanduel.com.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

#LI-Hybrid

Here’s a summary of the role:  

Diligent is seeking a Senior Manager, Alliances & Partnerships to lead our strategy and execution for driving revenue and customer value through a portfolio of high-impact technology partners. In this role, you will own partner-sourced and influenced pipeline at scale, guide multi-year joint business plans, and ensure strong executive alignment with our most strategic partners. You will orchestrate cross-functional collaboration across Sales, Product, Marketing, Legal, and Operations to standardize partner motions, remove systemic blockers, and refine programs. The ideal candidate brings deep experience in B2B SaaS partnerships, strong commercial and analytical skills, and a proven track record of leading and mentoring partner teams.

This role operates on a hybrid model, with an expectation of 50% office-based work; however, remote working arrangements may also be considered. This opportunity is open to candidates based in the United States only.

Regrettably we are unable to provide visa sponsorship, so you must be eligible to work in the US.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff):

• Own the global or multi-region technology partner strategy, setting direction, priorities, and investment focus across a portfolio of strategic partners
• Drive partner-sourced and influenced revenue at scale, including forecasting, target setting, and regular performance reviews with senior leadership
• Lead joint business planning and executive alignment with top partners, covering solution roadmap, integration strategy, and multi-year GTM plans
• Oversee cross-functional execution across Sales, Product, Marketing, Legal, and Operations, removing systemic blockers and standardizing partner motions and processes
• Use data and market insights to optimize the overall partner portfolio, refine programs, and recommend strategic bets or exits
• Provide leadership and mentorship to Technology Partners Specialists and Managers, elevating partner best practices and representing the function in broader commercial planning

These are the essentials you’ll need to get an interview:

• 5–7 years’ experience in Enterprise SaaS in partnerships, channels or alliances including direct accountability for partner-sourced and influenced revenue
• Strong experience in GRC environments, with a proven track record working with major Global System Integrators, Advisory firms as well as smaller, specialist system integrators
• Proven track record designing and leading partner strategy across regions or segments, with demonstrated success scaling co-selling and co-marketing motions
• Advanced commercial and analytical skills, including portfolio management, forecasting, and data-driven decision making on partner investments and performance
• Deep understanding of SaaS products, integrations, and ecosystems, with the ability to align partner roadmaps to company strategy and customer needs.
• Demonstrated experience leading and mentoring partner teams, setting standards, and building repeatable playbooks and processes for the function

Behavioural Competencies:

• Strong executive presence and stakeholder leadership, able to influence senior leaders internally and at partner organizations and navigate complex negotiations
• Strong relationship-building capability, with a proven ability to develop and maintain trusted senior-level partner and customer relationships
• Ability to operate with urgency in fast-paced, growth-oriented environments while balancing multiple strategic priorities
• Strong commercial mindset with a focus on driving growth, expansion, and long-term partner value creation

#LI-SK2

#LI-SK2

Here’s a summary of the role: 

Diligent is seeking a Senior Manager, Partner Programs & Strategy to architect, launch, and continuously improve a global partner program that turns partner motions into scalable operating mechanisms, enabling partners to drive revenue, adoption, and customer impact across our ecosystem.

This is a role for someone who thrives on building structured, data-driven programs and translating strategy into operational execution, with a hands-on approach to partner program design, governance, and performance management.

At Diligent, you’ll play a central role in shaping how partners engage, operate, and deliver value. You’ll design and run end-to-end partner program frameworks across Advisory, Resale, MSP, AWS Marketplace, and Technology Alliances — covering onboarding, enablement, certification, governance, incentives, and deal registration. You’ll define partner KPIs, build performance dashboards, and deliver executive reporting across pipeline, bookings, revenue attribution, and forecast, using insights to continuously optimise program performance and partner ROI.

Working cross-functionally with Sales, Marketing, Legal, Product, Finance, and Revenue Operations, you’ll ensure alignment across Salesforce and PRM systems, partner data models, attribution rules, and commercial processes. You’ll also support the full partner lifecycle, including onboarding, contract management, pricing and incentives, MDF and commission processes, and ongoing governance, compliance, and optimisation of program performance.

This role operates on a hybrid model, with an expectation of 50% office-based work; however, remote working arrangements may also be considered. This opportunity is open to candidates based in the United States only.

Regrettably we are unable to provide visa sponsorship, so you must be eligible to work in the US.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff):

• Own the end-to-end partner program framework across tiers, requirements, benefits, and incentives for multiple partner types including GSIs, SIs, Resellers, MSPs, and Technology Alliances
• Design and manage partner onboarding, enablement, implementation certification, and lifecycle processes to drive partner productivity
• Establish and maintain program governance including decision rights, change management, RACI, documentation standards, and compliance
• Own deal registration policies, guardrails, SLAs, and exception handling to protect channel integrity and reduce conflict
• Own Salesforce (SFDC) evolution for partner motions, including partner data model, taxonomy, attribution rules, and data governance
• Own partner executive reporting including pipeline, bookings, revenue attribution, and forecasting, and use insights to drive performance, accountability, and optimisation

These are the essentials you’ll need to get an interview:

• 7–10+ years in partner programs and/or partner operations within a SaaS environment
• Experience working across multiple partner types including GSIs, SIs, Resellers, MSPs, Technology Partners, and cloud marketplaces (e.g., AWS Marketplace)
• Experience designing and evolving partner programs covering co-sell, resell, services/implementation, and technology partnerships
• Strong experience in program governance, process design, and change management in complex, matrixed environments
• Hands-on experience with Salesforce and familiarity with PRM/partner portal platforms
• Strong analytical and financial modelling skills (program ROI, incentives, partner economics, investment decisions)
• Experience building dashboards, scorecards, KPI frameworks, and executive reporting for partner performance
• Experience using AI and automation for program operations, governance, and optimisation

#LI-SK2

Here’s a summary of the role:  

Diligent is seeking a Strategic Alliances & Partnerships Director to define and lead our global strategy for driving revenue and customer value through a portfolio of strategic technology partners. In this role, you will own partner-sourced and influenced pipeline at scale, establish clear targets, and maintain strong executive alignment with key partners. You will collaborate closely with Sales, Product, Marketing, Legal, and Operations to shape partner programs, standardize motions, and remove systemic blockers. The ideal candidate combines deep B2B SaaS partnership experience with strong commercial acumen, executive presence, and a proven track record of building and leading high-performing partner teams.

This role operates on a hybrid model, with an expectation of 50% office-based work; however, remote working arrangements may also be considered. This opportunity is open to candidates based in the United States only.

Regrettably we are unable to provide visa sponsorship, so you must be eligible to work in the US.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff):

• Define and own the overall global technology partnerships strategy, ensuring tight alignment with company growth, product, and go-to-market priorities
• Hold ultimate accountability for partner-sourced and influenced revenue, setting targets, overseeing forecasts, and reviewing performance with executive leadership
• Build and maintain executive-level relationships with top technology partners, driving multi-year joint plans, strategic initiatives, and complex negotiations
• Lead cross-functional alignment and execution across Sales, Product, Marketing, Legal, and Operations to standardize partner motions and remove systemic blockers
• Shape and evolve partner programs, operating models, and governance, using data and market insights to prioritize investments and refine the partner portfolio
• Provide vision, leadership, and coaching to the Technology Partnerships organization (Specialists, Managers), building high-performing teams and scalable playbooks

These are the essentials you’ll need to get an interview:

• 10+ years’ experience in Enterprise SaaS in partnerships, channels or alliances,  including significant ownership of partner-driven revenue targets
• Strong experience in GRC environments, with a proven track record working with major Global System Integrators and Advisory firms, as well as smaller, specialist system integrators
• Proven track record building and executing global partner strategy, including portfolio design, multi-year joint business planning, and complex deal/partner negotiations
• Advanced commercial, analytical, and strategic thinking skills, with the ability to use data and market insights to prioritize investments and optimize partner programs
• Deep understanding of SaaS product, integrations, and ecosystems, and the ability to align partner roadmaps with company strategy, product direction, and customer needs

Behavioural Competencies:

• Demonstrated people leadership experience, successfully leading and developing partner teams in a fast-paced, high-growth environment
• Strong executive presence and stakeholder management skills, able to influence C-level leaders internally and at partner organizations
• Strong relationship-building capability, with a proven ability to develop and maintain trusted senior-level partner and customer relationships
• Ability to operate with urgency in fast-paced, growth-oriented environments while balancing multiple strategic priorities
• Strong commercial mindset with a focus on driving growth, expansion, and long-term partner value creation

#LI-SK2

About Parloa

Parloa’s mission is to make every customer conversation feel effortless for both customers and the companies serving them. As agentic AI accelerates, Parloans are shaping the foundation of a new era in customer experience — one where customer support is no longer transactions, but meaningful exchanges. It is not just a vision; Parloa has powered over ONE BILLION interactions between global enterprise brands and their customers, with companies like IKEA and Booking.com already deploying Parloa at scale. 

About the role:

As a Senior IS&T Governance Partner at Parloa, you will play a key role in safeguarding the trust and credibility of our platform by ensuring the highest standards of governance, security, and regulatory compliance. You will be entrusted with one of the organization’s most critical responsibilities: enabling Parloa to scale rapidly while remaining compliant, secure, and audit-ready at all times. at Parloa, you will play a key role in safeguarding the trust and credibility of our platform by ensuring the highest standards of governance, security, and regulatory compliance. You will be entrusted with one of the organization’s most critical responsibilities: enabling Parloa to scale rapidly while remaining compliant, secure, and audit-ready at all times.

Our IS&T Governance Department is building a world-class framework for governance, assurance, and risk management. We are establishing a mature structure of internal controls, reviews, and audits to certify our products and operations against the highest international standards, including ISO 27001, ISO 22301, PCI DSS, HIPAA, and other relevant regulatory and industry frameworks.

Today, our team consists of four specialists covering Risk Management, Compliance, Business Continuity, and Information Security Management. We are now expanding this function to scale with the company’s growth and increasing regulatory and security demands.

This is a rare opportunity to become an early member of Parloa’s internal Governance function and play a pivotal role in shaping how security, compliance, and risk management are embedded into a high-growth, AI-driven organization. You will help ensure that Parloa not only complies with all applicable regulatory and contractual obligations, but set

Areas of ownership:

• Act as a core member of the remotely distributed IS&T Governance team, fostering a strong culture of security and compliance awareness across planning, development, and operational activities.
• Ensure that changes in product, development, and operational processes are properly documented, risk-assessed, and reviewed in a timely and structured manner.
• Partner with the Commercial organization by supporting security and compliance questionnaires, contributing to contract and DPA reviews, and participating in customer calls as a trusted subject matter expert.
• Manage and respond to incoming requests related to compliance, information security, and regulatory topics, providing clear, pragmatic, and actionable guidance to internal stakeholders.
• Serve as the internal authority on information security best practices, continuously promoting industry standards and driving their consistent adoption across the organization.
• Lead and support the preparation, execution, and continuous maintenance of security certifications and regulatory frameworks (e.g., ISO 27001, ISO 22301, SOC 2, PCI DSS, HIPAA).
• When new certifications or regulatory frameworks are required, take ownership of understanding the applicable security and legal requirements in close alignment with Legal and the DPO, and translate them into hands-on guidance for engineering, product, and operations teams.
• Drive the practical implementation and adoption of compliance controls by embedding governance and security requirements into daily workflows and technical designs.
• Contribute to the definition and continuous improvement of governance processes, policies, and standards to ensure scalability and long-term audit readiness.
• Support risk assessments, DPIAs, and control design activities for new products, features, and architectural changes..

Who you are:

• A seasoned GRC / Information Security professional with 6–10+ years of experience across information security, compliance, risk management, and regulatory frameworks in technology-driven environments.
• Deeply experienced in security and compliance standards such as ISO 27001, SOC II, FedRAMP, PCI DSS v4, ISO 42001, and data protection regulations (e.g., GDPR, CCPA), with a strong understanding of how they apply in modern SaaS and AI platforms.
• A trusted advisor who can confidently engage with engineers, product leaders, legal teams, auditors, and enterprise customers, translating complex regulatory requirements into clear, practical actions.
• A hands-on operator who is comfortable moving between strategic governance design and detailed control implementation, audits, and evidence generation.
• A builder of scalable governance who designs processes and controls that enable speed and innovation rather than slow them down.
• A culture carrier who naturally embeds security, privacy, and compliance thinking into everyday decision-making across the organization.
• Analytical and pragmatic, balancing regulatory rigor with business reality to deliver solutions that are both compliant and operationally efficient.
• Resilient under pressure, remaining structured, credible, and decisive in audits, customer security reviews, and high-stakes compliance discussions.
• A continuous learner who stays current on emerging regulations, security standards, and best practices in cloud security, AI governance, and data protection.

Our recruiting process:

Talent Acquisition → Hiring Manager → Technical Interview(s) → Bar Raiser

Why Parloa?

We’re at the beginning of a new era in customer experience, one where AI doesn’t just respond, but understands, reasons, and takes action. We’re building agentic AI that enterprises trust with their most important customer moments: complex questions, high volumes, real stakes. When millions of people reach out to a brand, those interactions aren’t just support tickets; they’re defining experiences. We’re here to raise the standard: making every conversation seamless, intelligent, and genuinely helpful. If you care about shaping how businesses and customers connect at scale—and want your work to matter in real, everyday moments—this is where you do it.

At Parloa, ownership isn’t a buzzword; it means being accountable for outcomes, not just tasks. We operate in a category that’s evolving fast, where the bar is high, and the problems are complex. We hire people who think in solutions, communicate with clarity, and follow through. People who are comfortable making decisions, taking responsibility, and raising the standard for themselves and those around them.

We’ve grown beyond the earliest startup phase, but we’ve kept the intensity: fast execution, direct feedback, and a strong expectation to contribute meaningfully from day one.

Backed by leading global investors like General Catalyst, EQT Ventures, and Altimeter Capital, we’re scaling with a clear ambition: to become the global category leader in enterprise-grade conversational AI.

OTE Salary Range - $150,000 - $170,000 + Equity
Range includes Bonus

This is a unique opportunity to contribute to a high-quality SOX program while helping create something from the ground up:  an IT risk management function and operational audit capability at one of the most recognized design companies in the world. The Manager of IT Internal Audit (Risk & Ops) will support Figma's IT SOX compliance program and, in partnership with the Head of Internal Audit, develop the IT risk management and risk-based operational audit workstreams. The right candidate brings compliance rigor and the intellectual curiosity to work in greenfield territory, where the playbook does not yet exist.

This is a full time role that can be held from one of our US hubs or remotely in the United States.

What you’ll do at Figma:

• Execute the IT SOX compliance program: ITGC and ITAC testing, deficiency management, remediation tracking, and SOX documentation. Coordinate with external auditors and co-sourced resources throughout the audit cycle.
• Provide technical support in the assessment, design, and implementation of IT General Controls and IT Application Controls in collaboration with GRC and IT management. Participate in system upgrades and implementations to ensure controls over financial reporting are adequately identified and addressed.
• Lead IT risk conversations with management and contribute to the IT risk register. Support the buildout of Figma's IT risk management program, including risk identification methodology, assessment frameworks, and leadership reporting.
• Contribute to risk updates for the Audit Committee and senior leadership as it relates to the IT risk landscape, including emerging technology risks such as cloud, SaaS, and AI.
• Develop a risk-based operational audit plan and implement audits across IT and business process areas, including where no prior year workpapers exist. Issue findings with risk ratings and actionable recommendations; track remediation to closure.
• Build audit programs from scratch, prepare clear and concise audit reports, and present findings and recommendations to senior leaders and cross-functional partners.

We are seeking a strategic operator to serve as the force multiplier for our CTO and Engineering Leadership Team. Our 800-person SaaS organization has reached a pivotal scale, product-market fit is strong, velocity is high, and our next stage of growth depends on maturing our internal engine. This role sits at the intersection of strategy, data, delivery, and culture, ensuring that Engineering operates with clarity, efficiency, and alignment.

The Director of Engineering Operations will architect the operational rhythm of the Engineering organization, elevate decision quality through data, drive cross-functional initiatives, and build the systems that enable predictable, high-quality delivery at scale. This is a highly visible, career-accelerating role for a leader who thrives at the point where people, process, and technology meet.

Key Responsibilities

Operational Mechanics & Rhythm of Business (RoB)

· Architect and own the Engineering operating cadence, including QBRs, Monthly Business Reviews, strategic planning sessions, and org-wide communications.

· Drive fiscal and resource governance, partnering with Finance and HR on budgeting, headcount planning, workforce strategy, and cloud cost optimization (FinOps).

· Act as the communication conduit for the CTO—drafting strategic memos, board-facing narratives, and alignment messages for 400+ engineers.

Engineering Intelligence, Metrics & Insights

· Define Engineering “success” metrics, moving beyond vanity KPIs to track velocity, quality, efficiency, and people health (e.g, capital allocation, retention, eNPS).

· Own the Engineering Performance Dashboard, synthesizing complex data sets into clear, actionable insights for senior leadership.

· Lead data-driven interventions, proactively identifying bottlenecks, risks, or delivery challenges and recommending solutions.

Delivery Assurance & Portfolio Management

· Maintain a portfolio-level view of all major engineering initiatives, serving as the CTO’s early warning system for slippage, dependency risks, and scope creep.

· Standardize delivery frameworks—create lightweight yet high-compliance definitions of "Ready" and "Done" to drive consistent execution across teams.

· Oversee major cross-functional programs, ensuring alignment on scope, priorities, and timelines.

Tools, Systems & Workflow Optimization

· Optimize engineering tooling, workflows, and automation, driving adoption of systems (Jira, Confluence, GitHub, CI/CD) that increase velocity and output quality.

· Partner with Engineering and Product to evaluate and implement AI-driven tools and practices that improve productivity, automation, and decision-making.

· Establish training, communication, and safe-use guidelines for responsible and effective AI integration.

Horizontal Initiatives & Cross-Functional Leadership

· Serve as the cross-functional glue between Engineering, Product, Design, QA, Customer Success, and other partners.

· Lead complex, horizontal initiatives such as GRC framework implementations, cloud migrations, or GenAI adoption programs.

· Act as a change agent, driving organizational adoption of new processes, structures, and operating models.

Engineering Business Operations

· Manage operational budgets, vendor relationships, and resource planning.

· Partner with Finance, Talent Acquisition, and HR on hiring priorities, onboarding, and retention efforts.

· Prepare operational dashboards and reporting for executive leadership and the Board.

Leadership & Culture

· Mentor and develop Engineering Operations and Program Management staff.

· Foster a culture of accountability, continuous improvement, operational rigor, and data-driven decision making.

· Strengthen clarity, communication, and alignment across the Engineering org.

· Demonstrate diplomatic authority, the ability to influence without formal power, hold senior leaders (including VPs of Engineering) accountable to commitments, and preserve strong, trust-based    relationship.

Required Experience/Skills

· 8–10+ years in Engineering Operations, Technical Program Management, Strategy/Business Operations, or Software Engineering leadership within a high-growth SaaS environment.

· Strong understanding of SDLC, agile methodologies, CI/CD, DevOps, and microservices architecture.

· Advanced analytical skills with expertise in Excel, Looker, Tableau, or similar tools—able to convert data into executive-ready narratives.

· Demonstrated experience driving AI-related innovation across engineering teams, including evaluating AI opportunities, implementing tools, and influencing change at scale.

· Exceptional communication and stakeholder management skills; ability to influence without authority and build trust across all levels.

· Demonstrated success improving engineering processes, delivery predictability, and cross-functional alignment at scale.

· Experience defining operational frameworks, delivery standards, and KPI systems within a Global Organization.

· Preferred: experience with OKR frameworks, people leadership, or certifications (PMP, Agile, Lean).

This is a rare opportunity to operate at the right hand of the CTO and influence how a large-scale technology organization is steered. You'll gain exposure to executive decision-making, board-level communication, and enterprise-wide strategic architecture.

Position Overview:

In this role, you’ll help build and maintain the core strategic foundations that commercial teams rely on to sell Diligent Boards effectively. You’ll own and evolve a centralized Messaging House that serves as a one-stop shop for key product messages, target audiences and personas, pain points, and competitive context. You’ll also support the development of a Director Persona Agent, using existing materials and new research to help reps quickly understand what Directors care about, the challenges they face, and how Diligent Boards’ capabilities map to their needs.

You’ll further shape go-to-market strategy through win/loss analysis, delivering weekly qualitative insights on key deals and a quantitative summary of trends by the end of the internship. You’ll analyze the performance of our new pricing and packaging, providing insight into adoption, feedback, and what’s working or not six months into launch. Finally, you’ll help maintain and enhance our Competitive Intelligence Agent, continually feeding it fresh data and surfacing new patterns and insights to inform sales and marketing.

Key Responsibilities

• Support core go-to-market initiatives for the Board product through research, analysis, and development of clear, sales-ready messaging and positioning.
• Build and maintain foundational assets (Messaging House, personas, value narratives) by synthesizing product capabilities, target audiences, pain points, and competitive context into usable insights for commercial teams.
• Conduct persona and customer research, including creating and refining a Director persona, mapping challenges and buying drivers to product capabilities and value propositions.
• Own ongoing win/loss analysis, performing weekly qualitative reviews of key deals and delivering concise insights and an end-of-internship quantitative and qualitative summary.
• Analyze pricing and packaging performance, assessing adoption trends, deal feedback, and customer signals to identify what’s working, what’s not, and why.
• Maintain and enhance competitive intelligence, monitoring competitor messaging, positioning, and product changes to surface implications and recommendations for sales and marketing.

Required Experience/Skills 

• Turn complex information into clear, structured, and usable insights, with strong written communication skills.
• Conduct research and analysis across qualitative sources (interviews, deal notes, call summaries) and basic quantitative/data sets (spreadsheets).
• Apply strong organizational skills and attention to information structure to create repeatable, easy-to-use outputs.
• Leverage AI tools to support research, synthesis, and knowledge management workflows.

Preferred Experience/Skills 

• (Nice to have) Prior experience in product marketing, strategy, consulting, or sales operations, especially within B2B SaaS or enterprise software.
• (Nice to have) Familiarity with competitive analysis, pricing research, CRM data, or BI tools.

Position Overview:

Diligent is the AI leader in GRC solutions, helping organizations around the world turn governance, risk, compliance, audit, and ESG into a competitive advantage. Within HR we're embarking on our own transformation journey to fundamentally redesign how our people experience HR at Diligent.

We’re looking for an HR Technology & People Experience Intern who is deeply interested in the intersection of people and systems—someone who can think critically about how to make our employee experience better, more scalable, AI-native, and user-friendly. During a key 10-week window of our Workday implementation, you’ll have a front-row seat and play a meaningful role, gaining exposure to AI-enabled process redesign, user acceptance testing, data migration and validation, AI agent development, documentation creation, and more!

You’ll join a broader cohort of interns and participate in core internship program activities, while being embedded in the HR function as part of the transformation team. You’ll report to the Senior Director of HR AI & Systems Transformation based in London while working from our New York office, collaborating closely with HR, IT, Finance, and regional teams. Our HR team is global, so you’ll build relationships locally, work with increasing independence, and learn to collaborate effectively across time zones as we shape the future of HR at Diligent.

Key Responsibilities

• Redesign documentation and employee experience by mapping current vs. future-state HR processes (onboarding, performance, time off, offboarding) and identifying opportunities to simplify and improve.
• Create clear, user-friendly guides, FAQs, and training materials to support Workday adoption for employees and managers.
• Support Workday implementation through data validation and cleanup (Oracle vs. Workday), HR process and policy inventory, and user acceptance testing with clear issue documentation.
• Innovate with AI by helping design and refine DiligentGPT (powered by Glean) and other AI-enabled tools, structuring knowledge, testing responses, and proposing new use cases that are ethical and user-friendly.
• Drive analytics and insights by analyzing HR data in Excel and Tableau and contributing to the redesign of metrics and dashboards that track organizational health.
• Collaborate across a global HR ecosystem, partnering with HR Operations, HRIS, regional HR, and cross-functional teams in IT, Finance, and Legal.

Required Experience/Skills

• Data comfort and Excel skills (pivot tables, formulas, data analysis) or strong aptitude and eagerness to learn quickly (Tableau or previous data analysis work is a plus but not required).
• Excellent written communication and attention to detail, able to make complex information clear and spot inconsistencies or gaps that others might miss.
• Proactive, collaborative working style, knowing when to take initiative, when to ask for help, and when to escalate or partner with others; 
• Pursuing or recently completed a related degree (e.g., HR, IS, Analytics, CS, Product Management) 

Position Overview:  

We’re thrilled to announce an exciting new opportunity as we expand our presence in US, Canada and Caribbean. This is a market-defining role for a high-performing individual contributor who thrives on strategic, high-impact selling, with a strong focus on expansion within existing accounts as well as new business development.

As an Account Director, you will act as the CEO of your own portfolio, driving revenue growth across enterprise accounts ($1B+), managing the full account lifecycle, and leveraging internal teams to deliver exceptional results. This is a highly visible, strategic role for someone who enjoys solving complex business challenges and taking ownership of outcomes.  

This role is ideal for a sales professional with a proven track record of success, a strong outbound and expansion mindset, and the confidence to manage strategic discussions independently. You will have the autonomy to grow accounts like a business while benefiting from the expertise and support of a specialist team.

Key Responsibilities   

• Drive revenue growth: Own the full sales cycle for new and existing accounts, including complex enterprise deals with long sales cycles. 
• Be the CEO of your accounts: Manage resources, orchestrate stakeholders, and strategically leverage internal teams to deliver results. 
• Strategic account management: Lead and execute account plans, expand customer relationships, and identify opportunities to grow within accounts. 
• Innovative selling: Adopt a solutions-selling mindset, proactively sourcing new business opportunities and creatively solving hiring challenges. 
• Coach and influence: Guide internal teams and stakeholders to adopt best practices, ensuring consistency in account execution. 
• Insights-driven execution: Provide detailed reporting, insights, and analysis of your accounts and pipeline to inform business decisions. 
• Market expertise: Stay ahead of industry trends, understand the competitive landscape, and use insights to drive strategic advantage. 

What does Success Look Like? 

• Deliver measurable growth across a portfolio of enterprise accounts. 
• Independently manage strategic discussions and influence senior decision-makers. 
• Provide actionable reporting and clear insights to managers and internal teams. 
• Innovate and execute strategies to identify and convert opportunities across the Saudi market. 
• Demonstrate reliability, credibility, and ownership in every aspect of the role. 

Required Experience/Skills: 

• Experience: 10+ years in enterprise sales/account management, ideally in technology, GRC, or related sectors. 
• Strategic thinker: Able to align solutions to business objectives and navigate complex sales cycles independently. 
• Influencer and relationship builder: Able to engage senior leaders and stakeholders across all levels. 
• Self-starter: Comfortable managing your own portfolio, making decisions, and driving results without constant oversight. 
• Analytical and data-driven: Able to deliver detailed insights and strategic recommendations. 
• Outbound expertise: Strong expectation for proactive sourcing, creative outreach, and pipeline generation. 
• Team collaborator: Leverages cross-functional support while confidently running your own accounts. 

Hi, we're Oscar. We're hiring a Senior Security Engineer 1, GRC to join our Security Team.

Oscar is the first health insurance company built around a full stack technology platform and a relentless focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

About the role:

The Principal GRC Engineer designs and operates the systems that enable continuous security assurance, deep risk visibility, and scalable regulatory compliance. Rather than managing documentation or preparing for audits, this role engineers the infrastructure that allows the organization to demonstrate security and compliance continuously through automation, telemetry, and self-evidencing controls.

Operating at the intersection of security engineering, platform engineering, risk management, and regulatory assurance, you will embed governance and control validation directly into how systems are built and operated. By connecting controls, operational telemetry, engineering workflows, and risk signals, you will surface patterns and relationships that traditional GRC programs cannot see, creating a feedback loop where security intelligence continuously informs engineering guardrails and platform architecture.

You will report into the Sr. Manager GRC.

Work Location: This position is based in our New York City office, requiring a hybrid work schedule with 3 days of in-office work per week. Thursdays are a required in-office day for team meetings and events, while your other two office days are flexible to suit your schedule. 

Pay Transparency: The base pay for this role is: $163,944 per year - $215,176 per year. You are also eligible for employee benefits, participation in Oscar's unlimited vacation program, company equity grants and annual performance bonuses.

Responsibilities:

• Design systems that continuously measure and validate security controls through operational telemetry, automated evidence generation, and control health monitoring.
• Build automation and orchestration across security tools, cloud platforms, and engineering systems to eliminate manual compliance processes and reduce audit overhead.
• Translate governance expectations into machine-enforceable guardrails embedded within infrastructure platforms, CI/CD pipelines, and engineering workflows.
• Apply automation, orchestration, and AI-assisted capabilities to scale governance workflows, enabling intelligent analysis and adaptive control systems.
• Architect control and telemetry pipelines where operational systems produce the evidence required for regulatory assurance and audit readiness.
• Compliance with all applicable laws and regulations 
• Other duties as assigned 

Requirements:

• 4+ years experience in Technology related field. 
• 4+ years experience in Security Engineering.

Bonus points:

• Familiarity with industry standards and compliance frameworks (such as SOC, SOX., NIST, HIPAA) and experience in ensuring organizational adherence to these standards.
• Certifications such as CISSP, CISM, CISA, CEH, or vendor-specific certifications.
• Proficiency in managing security projects, including planning, execution, and successful delivery within timelines and budgets.
• 4+ years of experience in Security Engineering, DevSecOps, or Site Reliability Engineering (SRE), with at least 3 years specifically focused on GRC automation or internal security tooling.

The role:

SoFi is looking for a Senior Manager, Data Engineering to join our IRM Analytics team. This is a hands-on leadership role (50% individual contributor, 50% people manager) for a seasoned data engineering leader with deep roots in US banking and financial risk data.

You will own the data models, data pipelines, and data infrastructure that underpin our risk and AI applications - spanning critical domains like lending, credit, fraud, AML, and compliance. You will lead a focussed team of data engineers, set technical direction, and be an integral contributor to every data and AI initiative we build.

This role is for someone who has spent most of their career inside US banks and understands not just the technology, but the data - the domains, the regulatory context, the critical datasets, and why they matter.

What you’ll do: 

• Own the data model - design, build, and maintain integrated data models for lending, credit, fraud, AML, KYC, and related risk domains; ensure models reflect banking semantics and regulatory requirements
• Own the data pipeline and infrastructure - architect and manage end-to-end data pipelines using dbt, Airflow, Snowflake, MongoDB, and Terraform; ensure reliability, performance, and scalability
• Lead data and AI projects - serve as the data engineering anchor for all data and AI initiatives; partner with full stack engineers, AI/ML engineers, and product managers to deliver production-grade applications; own the data infrastructure for AI use cases including RAG pipeline data management and evaluation dataset / ground truth curation
• Lead a team of data engineers - manage and develop the team; set standards for code quality, code review, testing, documentation, and CI/CD practices for data pipelines
• Drive data quality and governance - establish data definitions, lineage, and quality standards aligned to regulatory expectations (BCBS 239, SR 11-7, etc.); implement data observability practices including dbt tests, data contracts, freshness SLAs, and anomaly detection to ensure reliability across all pipelines
• Stay 50% hands-on - write and review production code, own critical pipelines, and lead by example

What you’ll need:

• 15+ years of experience in data engineering, with the majority of that tenure inside US banks or financial institutions
• Deep knowledge of banking risk data domains - lending, credit risk, deposits, AML, KYC, fraud, banking regulations, and the critical datasets that support them
• Expert-level Snowflake, dbt, and Python - proven ability to design and own complex analytical data models; Python fluency for Airflow DAGs, pipeline logic, and data quality scripting
• Strong pipeline and infrastructure skills - hands-on experience with Airflow, MongoDB, and Terraform in production environments
• People leadership - experience managing and mentoring data engineers; strong code review culture
• Banking regulatory awareness - familiarity with BCBS 239, BSA/AML regulations, OCC/Fed/FDIC data expectations
• Communication - able to translate complex data concepts for risk, compliance, and executive stakeholders

Nice to have:

• Experience at a US bank in Model Risk, Integrated Risk, ERM, or Compliance Analytics
• Familiarity with GRC platforms (ServiceNow) and risk data warehouses
• Experience with LLM/AI application data pipelines and observability tooling

Risk Management Associate

IEX (IEX Group, Inc.) is an exchange operator and technology company dedicated to innovating for performance in capital markets. Founded in 2012, IEX launched a new kind of securities exchange in 2016 that combines a transparent business model and unique architecture designed to protect investors. Today, IEX applies its proprietary technology and experience to drive performance across asset classes, serve investors, and advocate for transparent and competitive markets.

As a Risk Management Associate with the Enterprise Risk and Vendor Management teams, you will work with individuals across the organization to help advance IEX's Risk Management Programs. This is a cross-functional opportunity where you will be able to leverage your interpersonal skills through meeting engagements with various individuals, departments, and groups across the organization as well as program and data analytics skills to help IEX set new standards and raise the bar for performance, fairness, and transparency.

About you:

• Self-starter
• Excellent analytical and problem-solving skills
• Organized and extremely detail-oriented
• Collaborative team player
• Exceptional written and verbal communication skills

What you’ll do:                                                                                                                                                    

• Serve as a day-to-day back-up and support for both Vendor Management and ERM (approx. 70% Vendor Management and 30% Enterprise Risk).
• Continue to enhance and maintain the vendor dashboard reporting metrics.
• Work with VM to enhance the information and functionality in Gatekeeper (i.e., Use of AI tools, vendor URLS, Finance IDs, emergency contacts, etc.).
• Continue the integration of the Exchange Risk program into Zen GRC and assist with Risk and Control assessment within the tool (audit/assessment readiness).
• Continue to review current IEX policy and procedure documents to identify controls performed by business functions in order to build comprehensive Control Inventory.

Your background:

• Undergraduate degree in Business Management, Risk Management, Finance or Economics.
• Strong Microsoft Office skills, especially Excel and PowerPoint.
• Experience managing multiple projects simultaneously.
• Ability to work closely with senior executives.

Why you should apply:

• Comprehensive Benefits
• Unlimited PTO
• 100% coverage for medical, dental, and vision
• New hire stock equity (RSUs)
• 401K employer match
• OneMedical membership
• 16 weeks paid parental leave
• Flexible workplace
• Employer charity match
• Learning stipend
• Commuter benefits
• Jump Start onboarding program
• Internal mentor program cross-departmentally 
• Friendly and inclusive workplace culture

Our job titles may span more than one career level. The starting annual base pay is between $75,000 and $85,000 for this NY-based position. The actual base pay is dependent upon many factors, such as: training, transferable skills, work experience, business needs and market demands. The annual base pay range is subject to change and may be modified in the future. This role is eligible for bonus and equity.

Here at IEX, we are dedicated to an inclusive workplace and culture. We are an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, color, creed, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, genetic information or any other characteristic protected by applicable federal, state or local laws. This policy not only complies with all applicable laws and protects workers' rights but is vital to IEX’s overall mission and values.

NYC Applicants_Notice Regarding Use of Automated Employment Decision

Here’s a summary of the role 

In this role, you will turn complex, multi-product capabilities into clear, persona-led stories that show senior decision-makers exactly how Diligent helps them manage governance, risk and compliance with AI-driven insight. You’ll own solution-level messaging and narratives for key personas, then translate them into campaigns, sales plays and launch programs that drive pipeline, win rates and cross-sell across our portfolio. You’ll work directly with Product, Product Marketing, Sales and Content to make Diligent the AI company in GRC and a growth engine for your business unit. 

Here’s a breakdown of what you’ll do (not all of it, just the important stuff) 

• Develop persona-specific, solution-level messaging grounded in market trends, buyer challenges, our products and the business outcomes your personas care about most. 

• Serve as the central point of contact for your assigned business unit, aligning with Product Management and Product Marketing from roadmap through to go-to-market execution. 

• Partner with Content and Demand Generation to define persona-led campaigns, including campaign briefs, core narratives and landing-page messaging that drive engagement and conversion. 

• Lead and support product and solution launches by applying proven launch frameworks and ensuring clear, differentiated solution-level positioning. 

• Activate analyst research and market insights into compelling stories, content and sales enablement that improve confidence, consistency and win rates. 

• Collaborate closely with Sales and Enablement to deliver persona-specific narratives, use-case stories and repeatable sales plays that help teams open, progress and close opportunities – including cross-sell into our existing customer base. 

These are the essentials you’ll need to get an interview 

• 7+ years of experience in enterprise B2B SaaS marketing, with a strong background in Product Marketing and/or Solutions Marketing. 

• Proven track record developing persona-based messaging and positioning, ideally at both product and solution / portfolio levels. 

• Experience launching products, programs or major campaigns end to end, collaborating across Product, Sales and Marketing. 

• Demonstrated ability to translate complex technology into clear, outcome-oriented stories for senior personas (e.g., legal, compliance, audit, risk, CIO). 

• Strong storytelling and communication skills – you’re comfortable building narratives, slides and briefs, and presenting them to senior stakeholders and cross-functional partners. 

• High comfort level working in a fast-moving, evolving environment, with the confidence to prioritize, push back constructively and define process where needed. 

• Experience messaging about AI and using AI tools in your work (for research, content, analysis or experimentation). 

It would be great if you had these too, but we’ll support you if you don’t 

• Experience in governance, risk and compliance (GRC) or adjacent risk/compliance markets. 

• Background marketing to Boards of Directors, General Counsel or other senior legal and risk leaders. 

• Familiarity with product marketing frameworks (e.g., SiriusDecisions, Pragmatic / Practical Marketing) and analyst relations or working with industry reports. 

• Experience building integrated campaigns in partnership with Demand Generation, Field Marketing and Sales. 

• Comfort presenting to customers, at events and in virtual / in-person sessions, including tailoring your narrative for different audiences. 

Here’s a summary of the role 

In this role, you will turn complex, multi-product capabilities into clear, persona-led stories that show senior decision-makers exactly how Diligent helps them manage governance, risk and compliance with AI-driven insight. You’ll own solution-level messaging and narratives for key personas, then translate them into campaigns, sales plays and launch programs that drive pipeline, win rates and cross-sell across our portfolio. You’ll work directly with Product, Product Marketing, Sales and Content to make Diligent the AI company in GRC and a growth engine for your business unit. 

Here’s a breakdown of what you’ll do (not all of it, just the important stuff) 

• Develop persona-specific, solution-level messaging grounded in market trends, buyer challenges, our products and the business outcomes your personas care about most. 

• Serve as the central point of contact for your assigned business unit, aligning with Product Management and Product Marketing from roadmap through to go-to-market execution. 

• Partner with Content and Demand Generation to define persona-led campaigns, including campaign briefs, core narratives and landing-page messaging that drive engagement and conversion. 

• Lead and support product and solution launches by applying proven launch frameworks and ensuring clear, differentiated solution-level positioning. 

• Activate analyst research and market insights into compelling stories, content and sales enablement that improve confidence, consistency and win rates. 

• Collaborate closely with Sales and Enablement to deliver persona-specific narratives, use-case stories and repeatable sales plays that help teams open, progress and close opportunities – including cross-sell into our existing customer base. 

These are the essentials you’ll need to get an interview 

• 7+ years of experience in enterprise B2B SaaS marketing, with a strong background in Product Marketing and/or Solutions Marketing. 

• Proven track record developing persona-based messaging and positioning, ideally at both product and solution / portfolio levels. 

• Experience launching products, programs or major campaigns end to end, collaborating across Product, Sales and Marketing. 

• Demonstrated ability to translate complex technology into clear, outcome-oriented stories for senior personas (e.g., legal, compliance, audit, risk, CIO). 

• Strong storytelling and communication skills – you’re comfortable building narratives, slides and briefs, and presenting them to senior stakeholders and cross-functional partners. 

• High comfort level working in a fast-moving, evolving environment, with the confidence to prioritize, push back constructively and define process where needed. 

• Experience messaging about AI and using AI tools in your work (for research, content, analysis or experimentation). 

It would be great if you had these too, but we’ll support you if you don’t 

• Experience in governance, risk and compliance (GRC) or adjacent risk/compliance markets. 

• Background marketing to Boards of Directors, General Counsel or other senior legal and risk leaders. 

• Familiarity with product marketing frameworks (e.g., SiriusDecisions, Pragmatic / Practical Marketing) and analyst relations or working with industry reports. 

• Experience building integrated campaigns in partnership with Demand Generation, Field Marketing and Sales. 

• Comfort presenting to customers, at events and in virtual / in-person sessions, including tailoring your narrative for different audiences. 

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our New York office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our Seattle office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.