Description:

The Assurance, Risk, and Compliance (“ARC”) Initiatives team at MongoDB owns the strategy, governance, and delivery of our most critical cross-functional risk and compliance initiatives. We design and execute programs that support compliance audits, risk assessments, employee awareness and enablement, and the implementation of common control frameworks, along with consistent operating cadences that align key stakeholders, accelerate decision making, and drive the execution of initiatives that reinforce MongoDB’s assurance, risk management, and compliance objectives. We define and track key metrics and deliver clear and timely, executive reporting to provide transparency, measure progress, and ensure lasting operational resilience and governance.

We serve as the central coordination point for ARC-wide initiatives, connecting Product, Engineering, Security, and Legal teams around clear priorities, milestones, and outcomes. Our focus is on building scalable governance structures, defining decision-making frameworks, and establishing repeatable ways of working so that complex efforts can be executed consistently across the team.

The Policy Program Manager is a mid-to-senior level individual contributor role responsible for leading the development and operationalization of policies and procedures aligned to established control frameworks. You will drive end-to-end ownership of policy lifecycle management, from drafting and review through implementation and ongoing maintenance, while coordinating inputs across teams to ensure accuracy, consistency, and adoption. Additionally, you will lead documentation standardization efforts, facilitate stakeholder reviews, and perform gap analyses to continuously strengthen and mature our ARC policy framework.

Responsibilities:

• Lead the end-to-end execution of company-wide compliance programs, including the annual security policy and procedure review cycle
• Design and implement scalable frameworks for policy lifecycle management (creation, review, approval, publication, and retirement)
• Establish standards, templates, and governance processes to ensure consistency and clarity across all compliance documentation
• Maintain a centralized, audit-ready repository for policies, procedures, and supporting artifacts
• Act as the primary point of contact for cross-functional teams (HR, Legal, Engineering, Product)
• Drive alignment, gather inputs, and ensure timely completion of policy updates and compliance deliverables
• Ensure policies and procedures align with regulatory, security, and internal control requirements
• Support internal and external audits by maintaining complete, accurate, and accessible documentation
• Translate audit findings and regulatory changes into actionable policy program updates
• Maintain the integrity of project-specific Jira boards and Confluence pages. Ensure all project artifacts are organized, up-to-date, and ready for leadership review or external audit
• Develop and maintain dashboards to report on program health, completion rates, and obstacles. Present status updates and metrics to leadership
• Evaluate existing program workflows and implement improvements to increase efficiency, reduce manual effort, and improve the stakeholder experience

Requirements:

• 5-8 years of program management experience, ideally within an Information Security or high-growth technology environment
• Experience creating and managing policy and procedure programs or governance frameworks
• Deep understanding of security and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, NIST CSF)
• Strong proficiency in managing full-lifecycle projects, including scoping, planning, risk mitigation, and change control
• Advanced experience with Jira and Confluence, including the ability to build custom dashboards and manage complex documentation repositories
• Maintain and support a GRC/policy management platform to ensure consistent policy administration and system usability
• Excellent interpersonal skills with the ability to hold cross-functional stakeholders accountable to deadlines in a professional and effective manner
• Exceptional attention to detail and the ability to manage multiple overlapping priorities without losing sight of milestones
• A proactive, self-directed approach to work. You enjoy taking ownership of a program and building the structure necessary for its success

Responsibilities & Expectations

• You are expected to be the owner of your assigned programs. While you will work closely with technical SMEs, you are responsible for the logistical success of the workstream. Your success is measured by the timely completion of program goals, the clarity of your reporting, and your ability to anticipate and resolve project bottlenecks
• You don't just track tasks; you own the success of the program

Scope & Complexity

• The scope is horizontal and impacts multiple departments across MongoDB
• Managing complex programs that require coordination with various business units, ensuring that project delays in one area do not derail the overall compliance roadmap

Authority & Impact

• You have the authority to manage the timelines and execution steps of your assigned programs
• Your impact is reflected in the strength of policy program management and organizational readiness you drive; by overseeing and coordinating these workstreams, you ensure the Compliance team consistently meets foundational policy requirements and aligns with external audit expectations

Expertise

• You will develop deep expertise in compliance and audit operations
• You will become the go-to resource for designing, scaling, and executing policy and compliance programs within a cloud-first organization. This role is responsible for independently and collaboratively developing and managing policies and procedures, with a strong understanding of compliance frameworks and the ability to interpret and operationalize control requirements

Leadership

• Leadership in this role is demonstrated through influence and mentorship. While you may not have direct reports, you will guide cross-functional teams in developing and standardizing policies/supporting documentation, as well as provide mentorship on policy governance, standardized documentation practices, and compliance alignment

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

REQ ID: 1273402887

MaintainX is the world's leading AI-powered maintenance and asset management platform, serving 13,000+ customers including Duracell, Shell, Cintas, and Brenntag. We raised $150M in Series D funding led by Bessemer Venture Partners and Bain Capital Ventures, bringing our total funding to $254M. We were named to the Forbes 2025 Cloud 100, the definitive ranking of the top 100 private cloud companies in the world. We're growing fast and hiring the engineering talent to match.

• Architect and manage infrastructure on AWS GovCloud using IaC tools
• Implement and maintain CI/CD pipelines aligned with FedRAMP controls
• Support FedRAMP Authorization to Operate (ATO) processes
• Automate compliance checks and enforce configuration baselines across environments
• Collaborate with Security, Engineering, and GRC teams to remediate findings and maintain ATO status

• 3+ years of DevOps or cloud engineering experience
• Direct experience deploying and operating workloads in AWS GovCloud or regulated environments
• Proficiency with Terraform or equivalent IaC tools
• Experience with containerization (ECS/EKS) in regulated environments
• Strong understanding of security frameworks and their technical implementation

• AWS GovCloud or security certifications (AWS Solutions Architect, CompTIA Security+)
• Experience with FedRAMP, ITAR, or DoD IL2/IL4/IL5 environments
• Working knowledge of FedRAMP authorization processes (Moderate or High baseline preferred)

• Competitive salary and meaningful equity opportunities.
• Healthcare, dental, and vision coverage.
• 401(k) / RRSP enrollment program.
• Take what you need PTO.
• A Work Culture where:
• You’ll work alongside folks across the globe that reflect the MaintainX values: Smart Humble Optimists.
• We believe in meritocracy, where ideas and effort are publicly celebrated.
  
  

About MaintainX

Our mission is to deliver one platform for maintenance, repair & operations teams to keep the physical world running. We believe the greatest asset in any organization is the people. That’s why we built an intuitive, mobile-first solution to help boost productivity and collaboration across teams and locations.

MaintainX is committed to creating a diverse environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Joining Collibra’s Field Security team

The Field Security team acts as the critical bridge between our Field teams and our customers, ensuring customer trust remains our number one priority. We engage with Sales, Product, and Engineering to structure security initiatives that add business value and foster high levels of customer satisfaction and loyalty.

Our customers are our true north, and we live this value by consulting directly with strategically important customers to provide resolution on significant, business-critical security issues.

This is a hybrid role based in our Raleigh office. Our hybrid model means you’ll work from the office at least two days each week. This setup helps us stay connected, work more closely together, and keep making progress as a team.

Director of Field Security's at Collibra are responsible for

• Strategic Advisor to Sales combining a deep cybersecurity expertise with ability to engage externally with customers, prospects and regulators.
• Excellent Communicator with ability to articulate and own the security narrative and insights to help drive sales.
• Customer-Facing Security Leader acting as a public facing persona representing Collibra’s security posture, roadmap and philosophy.
• Collaborating and negotiating with internal business, product, and functional leadership to define and manage customer requirements, regulations into clear security objectives.
• Analyzing customer needs, requirements, and expectations from a product technical and security perspective to optimally allocate Field Security resources.
• Handling complex, strategically important situations by forming and implementing complex project plans, specifications, and schedules to ensure critical outcomes are met.
• Continually evaluating the security organization’s capability to define, develop, and implement structures and controls that are scalable, resilient, and effective.
• Engaging the full set of stakeholders to ensure appropriate decision-making regarding security analysis, planning, and evolution.

You have

• Extensive 5 - 7 years professional experience in an information security, field security, GRC andor customer-facing technical leadership role.
• A proven track record of consulting with senior leadership and enterprise customers on business-critical security concerns and structural/operational implications.
• Strong experience in security audits, due diligence questionnaires and third party vendor management practices.
• Experience in technical concepts of software development, including Kubernetes with a proven track record of management of vulnerabilities.
• Strong understanding of compliance frameworks (SOC 2, ISO 27001, HIPAA, FedRAMP, EU AI Act, DORA etc.)
• Excellent written and verbal communications; comfortable presenting to internal and external stakeholders.
• Demonstrated experience establishing organizational standards and managing complex project plans in a rapidly evolving environment.
• Deep understanding of multiple security perspectives, including customer business cases, physical infrastructure, and information assurance.
• Strong cross-functional collaboration skills, particularly working alongside Sales, Product, and Engineering teams.
• A bachelor’s degree or equivalent related working experience is required.
• This position is not eligible for visa sponsorship.
• Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil.

You are

• Analytical, leveraging multiple sources of data to gain a holistic understanding before reaching conclusions and making clear-eyed decisions about field security risks and trade-offs.
• Authentic, demonstrating self-awareness, self-mastery, and a commitment to ongoing reflection that reinforces integrity across the leadership team.
• Inclusive, soliciting diverse opinions, giving others time to think, and leading others to recognize the assumptions and biases that might sway decision-making.
• Adaptable, ensuring a holistic approach to learning and adapting in a rapidly evolving environment.
• Consistent, demonstrating a consistent approach and manner in all circumstances and ensuring actions align with personal and company values.

Measures of success

• Within your first month, you will gain a holistic understanding of Collibra's field security landscape, establish relationships with key Sales, Product, and Engineering stakeholders, and evaluate our current organizational standards.
• Within your third month, you will actively consult with senior stakeholders within strategically important customers, addressing their critical issues, and begin setting priorities to direct/re-direct field security efforts.
• Within your sixth month, you will define and manage the Field Security strategic roadmap, implement scalable controls, and ensure security initiatives actively add business value and foster customer loyalty.

Solutions Lead, GRC & Trust (SOC 2, Privacy, & AI)

Location: Remote or Raleigh, NC 

About Greenplaces

We’re on a mission to make sustainability and compliance a competitive advantage for businesses of all sizes - not just the Fortune 500. As global supply chains become increasingly scrutinized, Greenplaces helps companies navigate the complex web of reporting requirements from their own customers. Through our innovative software and services, we empower businesses to measure their carbon emissions and act as the definitive source of truth for all sustainability and compliance activity.

Headquartered in Raleigh, NC, with a distributed team across the country, we’re backed by world-class investors including Redpoint, Felicis, and Tishman Speyer. As our customers face mounting pressure to prove their "trustworthiness" to retain major contracts - responding to exhaustive questionnaires ranging from carbon footprints to data privacy - we are expanding our platform to become the comprehensive hub for corporate ESG and InfoSec compliance.

About the Role

We are looking for a Solutions Lead to help scale our delivery and execution as we expand into SOC 2, Data Privacy, and AI Security. This role is execution-heavy and hands-on. You will own the strategy for our compliance offerings, partner deeply with Engineering and Design, and help bring more predictability to how we solve complex trust hurdles for our customers.

You will work closely with the VP of Product and Tech to shape how compliance and privacy are practiced across the team. This is a senior individual contributor role with strong influence - acting as a consultant, entrepreneur, and project manager to build this function from the ground up.

What You’ll Own

• Ownership of our SOC 2 and Privacy compliance roadmap, from problem framing to tracking adoption.
• Gap analysis and consulting with clients to assess their InfoSec posture and provide actionable paths to certification.
• Internal playbook development, creating the checklists, policy templates, and controls that will be automated within our software.
• AI Security frameworks, defining security controls for AI implementation to help us and our clients manage the risks of emerging technology.
• Cross-functional collaboration with Design, Engineering, and Leadership to translate manual compliance tasks into scalable product features.

How You’ll Work

• Bring structure and clarity to the ambiguous and evolving space of AI security and data privacy.
• Focus on outcomes, ensuring our customers actually achieve compliance goals rather than just following "process theater".
• Operate pragmatically for a small, scrappy team, adapting formal audit processes to work for high-growth startups.
• Partner closely with Leadership to identify market needs and "sell" the value of our new GRC (Governance, Risk, and Compliance) offerings.

What Success Looks Like (First 6 Months)

• Client Confidence: Pilot customers feel aligned and effective in their journey toward SOC 2 or Privacy certification.
• Predictable output: Our compliance service is easier to plan around and consistently delivers value to clients.
• Healthy backlogs: You have identified and prioritized the technical and policy requirements needed for our platform expansion.
• Strong partnerships: You have built low-friction working relationships internally and externally. 

About You

• Professional Services Excellence: 4+ years of experience in SOC 2, IT Audit, or Privacy consulting - ideally from a high-rigor environment (e.g., Big 4 / established regional firm) or a fast-paced compliance startup.
• Proven ability to own execution: You have a track record of building programs or products from scratch, not just providing high-level strategy.
• Entrepreneurial Mindset: You are comfortable working in ambiguity and enjoy the "zero-to-one" phase of a scale-up environment.
• AI Savvy: You have a solid understanding of how AI systems work and are comfortable collaborating on the technical tradeoffs of AI security risks.
• Analytical Skills: Strong ability to reason about complex data, workflows, and reporting requirements.

Nice to Haves

• Experience with compliance or other regulated product areas.
• Background in B2B software and an understanding of software infrastructure.
• Experience helping teams mature their practices during periods of rapid growth.
• CISA, CISSP, or CIPP certifications.

What We Offer

• A chance to make a meaningful impact on climate action and corporate trust.
• Flexible, unlimited paid time off and generous benefits.
• Equity packages for all employees.
• Annual team and department retreats.

Compensation: Base salary plus early-stage company equity.