Who we are

Bridge is Stripe’s fintech innovation hub focused on building a modern, stablecoin-powered cross-border payments network. We operate like a startup within Stripe: fast-paced, entrepreneurial, and product-obsessed, but with the backing of one of the most trusted names in fintech.

We’re hiring a Security Analyst / Program Manager to build and scale Bridge’s security foundation. This is a rare opportunity to design the security governance, risk and compliance programs from the ground up, while also leveraging the infrastructure, best practices, and tooling of one of the most mature security organizations in the industry.

What you'll do

• Design, and implement Bridge’s security governance, risk and compliance roadmaps from first principles to production.
• Identify and tackle Bridge’s most important security risks quickly and pragmatically.
• Adopt Stripe’s programs, controls and processes where it makes sense, and find custom approaches where it doesn’t.
• Lead risk assessment, control design and testing for all Security and Technology Oversight globally.
• Reinforce engineering best practices around secure development and infrastructure.
• Ensure Bridge meets compliance and audit expectations as we scale to more regulated markets.
• Collaborate cross-functionally with engineering, product, and Stripe’s security org to move fast without compromising safety.

About you

You might be a good fit if you:

• Have 8+ years of experience in Security GRC, ideally with time spent in fast-paced startup environments where you’ve built security practices from the ground up.
• Have a startup mindset: you’re scrappy, pragmatic, and move quickly to solve the most critical problems.
• You’re proficient with NIST CSF, OCC’s Cybersecurity Supervision Work Program and/or FFIEC IT Examination Handbook or other similar global frameworks. 
• Proven prior experience with regulatory audits from Global auditors across Security domains.
• Thrive in ambiguity and know how to ruthlessly prioritize.
• Can balance security rigor with speed, especially in fast-moving environments.
• Communicate clearly across technical and non-technical partners.
• Have experience building or scaling security programs, either at a startup or in an embedded role.
• Are excited about the potential of crypto and stablecoins to power global financial infrastructure (you don’t need deep prior knowledge—just curiosity and openness to learn).

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our San Francisco office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our Vancouver office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000 CAD. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our Seattle office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our New York office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

Brex’s Governance, Risk, and Compliance function is at an exciting and pivotal point in our maturity journey and we’re seeking a team member who can seamlessly bridge compliance expertise with technical execution. As a Senior GRC Engineer, you will drive critical GRC processes that mitigate risk, keep us compliant, and build trust with our customers and partners. You'll evolve the technical foundation of our Trust program by automating security controls, building integrations between security tools and GRC platforms, and creating scalable processes that enable Brex to maintain compliance efficiently as we expand into new markets. You'll work at the intersection of security, engineering, and compliance — translating regulatory requirements into technical solutions and building automation that eliminates manual toil.

You'll leverage your deep understanding of SOC 2, PCI DSS, ISO 27001, AI governance frameworks, and others to both design controls for emerging compliance requirements and mature existing programs through automation and continuous monitoring. You’ll support Trust Assurance, Third Party Risk Management, and other Security Risk Management initiatives. Working with our Engineering, Infrastructure, and Product teams, you'll translate compliance frameworks into technical controls and build automated systems that help us achieve world-class security as Brex expands.

Your contributions will directly accelerate Brex's maturity. You'll design workflows using Tines, build integrations between security and GRC systems, and create dashboards for security metrics. You'll implement controls across the technology stack, support multiple audits (SOC 2, PCI DSS, SOX/ITGC, FINRA, ISO), and contribute to AI governance framework implementation (ISO 42001, NIST AI RMF, EU AI Act).

You'll have autonomy to build innovative solutions, collaborating cross-functionally to implement controls that enable growth while communicating technical concepts effectively across the organization.

Where you’ll work

This role will be based in our San Francisco office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Manage and scale IT infrastructure, services and tooling
• Work with a diverse group of  IT partners to optimize our provided services
• Implement new services in support of Information Technologies vision
• Scale our services by implementing configuration as code via Terraform providers or APIs
• Operationalize and upskill IT and its partners by producing documentation and leading training sessions
• Evangelize best practices both internally and externally facing

Requirements

• 5+ years of experience in GRC, IT Governance, or Security Engineering with a strong track record of automating manual compliance workflows.
• Deep experience with security frameworks such as SOC 2, PCI DSS, ISO 27001, and NIST CSF, specifically within cloud-native environments.
• Technical proficiency in Python (or similar scripting languages) and experience building integrations using APIs to connect security tools with GRC systems. You can read code, design integrations, and understand technical implementations.
• Builder mindset with the ability to design and implement automated control testing, continuous monitoring, and data-driven security metrics. You see manual processes and immediately think about how to automate them.
• Exceptional cross-functional collaboration and communication skills. You can translate complex compliance requirements into technical specifications that engineering teams can actually implement and influence stakeholders across technical and non-technical domains.
• Strong systems thinking. You have the ability to design scalable GRC architectures that grow with the company, rather than just solving for the immediate audit.
• Bias for action. You’re a self-starter who ships solutions quickly and iterates based on feedback. 

Bonus points

• Previous experience in Fintech or banking environments navigating complex regulatory landscapes.
• Hands-on experience with Tines or other SOAR platforms to automate security operations.
• Familiarity with AI/ML governance frameworks (NIST AI RMF, ISO 42001) or securing agentic systems.
• Deep knowledge of Cloud Security (AWS/GCP), infrastructure-as-code (Terraform), or DevSecOps practices.
• Relevant industry certifications such as CISSP, CISA, or CCSP.
• Experience building metrics dashboards for security visualization and reporting.
• Active contributions to the GRC or Security community through open-source projects or public research.

Compensation

The expected salary range for this role is $153,600 - $192,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

About the Role

We are seeking a GRC Automation Lead to join our GRC organization and build the technical foundation for how we scale our risk and compliance programs. In this role, you will lead the team that designs and implements automated workflows, data pipelines, and integrations that transform manual compliance processes into scalable engineering systems. 

This is a greenfield opportunity to establish the team, architecture, and integrations that will define how we approach governance, risk, and compliance at Anthropic. The core challenge is a data problem: compliance information lives across dozens of systems—cloud infrastructure, identity providers, HR platforms, ticketing tools, code repositories—and your job is to design systems that bring it together, normalize it, and make it actionable. Success in this role comes from understanding how systems connect and how data flows between them, not from writing code yourself.

At Anthropic, you'll also have a unique advantage: the ability to design AI-powered workflows where Claude acts as an extension of your team, handling tasks that would traditionally require additional headcount or manual effort. You'll need ingenuity to identify where agentic AI can accelerate evidence collection, interpret unstructured data, triage compliance gaps, and augment human judgment in risk assessments. Working closely with Security, IT, and Engineering teams, you'll translate compliance and regulatory requirements into solutions that support audit programs including SOC 2, ISO, HIPAA, and FedRAMP, building systems that combine traditional automation with AI capabilities to achieve scale that wouldn't otherwise be possible.

Responsibilities: 

• Lead the team that establishes foundational GRC processes and architecture. Design and build automated workflows for risk management and compliance, creating scalable systems that enable continuous monitoring as Anthropic grows.
• Build data pipelines that aggregate risk, control, and asset information from across our technology stack. This means solving hard data integration problems: mapping disparate schemas, handling inconsistent data quality, and creating unified views of compliance posture through dashboards and reporting tools.
• Inform GRC platform strategy and implementation: in partnership with other programs, evaluate, select, and deploy tooling that meets our compliance requirements.
• Translate written policies and compliance requirements into policy-as-code—working with Engineering and Security teams to express requirements as enforceable rules, automated checks, and continuous validation rather than static documents.
• Establish feedback loops between policy and implementation: surface where technical controls diverge from written requirements, identify where policies need to evolve based on infrastructure realities, and ensure that compliance requirements are expressed in terms engineers can act on.
• Design and deploy agentic AI workflows that extend team capacity, using Claude to serve as a virtual GRC analyst to automate evidence analysis, monitor control effectiveness, draft audit responses, interpret policy documents, and handle other tasks that require reasoning over unstructured information.
• Design and maintain integrations connecting GRC tooling with cloud infrastructure, identity management systems, HRIS platforms, ticketing systems, version control, and CI/CD pipelines—working with engineers to implement integrations that enable automated evidence collection and continuous compliance validation.
• Build and lead an AI-forward GRC engineering function as we scale: hiring team members, establishing practices, and defining the technical roadmap for governance and compliance automation at Anthropic.

You may be a good fit if you:

• Have 12+ years of total experience and 3-4+ years of experience managing technical individual contributors or systems-focused teams, with a proven track record of building or scaling small teams (2-5 people) in security, compliance, automation, or operations functions.
• Are a systems thinker first. You understand how complex environments work: how data flows between systems, where integration points exist, what breaks when systems don't talk to each other. Your strength is designing the right architecture and environment for security monitoring, not necessarily implementing it yourself.
• Have 5+ years of experience designing automated workflows, data pipelines, or system integrations, whether through traditional development, low-code platforms, GRC tools, or process automation. We care about your ability to solve integration problems more than your programming language proficiency.
• Have a relentless focus on data integration: you understand how to pull data from multiple sources, normalize it, join it meaningfully, and surface insights. You're comfortable reasoning about messy, inconsistent data and designing systems that handle edge cases gracefully.
• Understand APIs and integration patterns: REST APIs, webhooks, authentication flows, polling vs. push architectures, and can evaluate systems based on how well they expose data and support automation.
• Can work independently with minimal guidance, taking ownership of complex problems from design through implementation while managing ambiguity inherent in early-stage programs.
• Have strong analytical and problem-solving skills with attention to detail necessary for compliance work, balanced with pragmatism about risk-based prioritization in fast-paced environments.

Strong candidates may have:

• Experience designing or implementing AI-powered automation, agentic workflows, or LLM-based tooling in operational contexts.
• Experience with GRC platforms such as ServiceNow GRC, Vanta, Drata, OneTrust, RSA Archer, or similar tools including configuration, customization, and integration capabilities
• Familiarity with scripting languages (Python or similar) for automation tasks, API interactions, and data transformation.
• Prior experience in high-growth startup environments demonstrating ability to build scalable processes and adapt quickly to changing requirements and priorities
• Familiarity with Infrastructure as Code tools (Terraform, CloudFormation, Ansible) and DevSecOps practices including CI/CD pipeline integration and policy-as-code implementations.
• Familiarity with cloud platforms (AWS, GCP, Azure) and an understanding of how compliance-relevant data can be extracted from their APIs and logging systems.

Deadline to apply: None, applications will be received on a rolling basis.

The Head of Legal Operations and Chief of Staff acts as the primary strategic partner to the General Counsel, ensuring the department’s operational goals are in lockstep with the company’s broader vision. This role is responsible for turning the Legal & Governance, Risk, and Compliance (GRC) team into a high-performing business unit–- providing the processes, technology, and data insights necessary to enable a 30+-person global team. You will lead a 2-person Legal Operations team, focusing on high-level strategy and enabling your team to lead their respective workstreams with high degrees of autonomy and accountability.

You will:

• Strategic Partnership (Chief of Staff): Partner with the GC and Legal Leadership (Commercial, Corporate, Litigation, Product, GRC, and Public Sector) to define and execute long-term strategy. Own operational planning cycles, including the OKR process, roadmap development, and All-Hands meetings, to ensure cross-functional alignment and maximize the team’s impact.
• Team Leadership & Mentorship: Manage and mentor the Contracts Manager and Legal Program Manager, empowering them to lead their functional areas with high autonomy. Provide mentorship on a dotted-line basis to subject matter experts (e.g., Corporate Paralegal, Privacy Program Manager), ensuring process consistency and high-standard workstreams across the broader Legal & GRC organization.
• Success Management: Design and own the reporting framework for tracking departmental success. Oversee the development of automated dashboards that provide real-time progress against goals, utilizing AI to synthesize data into actionable insights for the GC and Legal Leadership Team.
• Legal Finance & Vendor Strategy: Manage the global Legal budget, forecasting, and accruals. While partnering with the Procurement team for general needs, you will directly lead the strategy for Legal-specific vendors, including outside counsel and legal tech providers. Drive outside counsel management strategy, emphasizing data-driven performance reviews and the negotiation of arrangements that optimize litigation and specialty matter spend.
• Process & Technology: Maintain and optimize a world-class Legal & GRC tech stack (e.g., CLM, e-billing, and litigation tools). Drive business velocity by designing streamlined intake and triage systems for Product and Engineering teams and implementing practical, automated workflow solutions.
• Risk & Litigation Operations: Direct the litigation technology strategy, including the legal hold lifecycle and e-discovery workflows, to ensure defensible compliance in partnership with IT and Security. Develop and maintain strategic risk registers that provide the GC, Legal Leadership, and executive leadership with a clear, data-driven view of the company’s risk landscape.

Ideally you'd have:

• Experience: 10+ years of professional experience, with a solid background in Legal Operations, Strategy, or Management Consulting in a high-growth environment.
• Education: Bachelor’s degree required. An Engineering degree, MBA, or JD is a significant plus.
• Technical Proficiency: Practical experience with legal technology (e.g., Ironclad, Brightflag) and a curiosity for how AI/automation can solve routine legal hurdles. Familiarity with litigation-specific tools (e.g., Logikcull, Relativity, or specialized legal hold software) is highly preferred.
• Analytical & Risk Modeling: Ability to design and maintain strategic risk registers and financial models. You can translate raw data from various workstreams into a cohesive risk landscape (e.g., impact vs. likelihood heatmaps) that informs executive decision-making. Partner with the GC and Legal Leadership to model potential exposure, manage entity-related risks, and inform corporate reserves.
• Mindset: A pragmatic, "get it done" attitude. You can navigate ambiguity, represent the GC in executive forums, and prioritize the tasks that provide the most value to the department.
• Communication: Exceptional ability to translate operational data into clear, concise updates for the GC and executive leadership.

Scale seeks a business-minded Director and Associate General Counsel, Compliance to lead Scale’s corporate compliance program. This role will set the legal standards, governance model, and escalation framework for the program, working closely with cross-functional partners to translate that guidance into practical workflows.

This is a high-impact role for a lawyer who combines strong legal judgment with practical program execution in a fast-moving, high-visibility business.

You Will:

• Advise on anti-bribery and anti-corruption, conflicts of interest, gifts and entertainment, third-party risk, and other sensitive corporate compliance matters.
• Lead or support privileged compliance investigations, remediation, and escalations, coordinating across Legal and with outside counsel where matters involve potential litigation or enforcement risk.
• Develop practical compliance policies, workflows, training, and reporting processes that support Scale’s growth and IPO-readiness.
• Mature Scale’s Enterprise Risk Management process, including risk assessment methodology, risk register governance, mitigation tracking, and leadership reporting.
• Set legal standards for compliance operations, including hotline triage, sensitive matter review, policy governance, training requirements, and remediation escalation.
• Partner across Legal, GRC, Security, Product, Engineering, Finance, People, Public Sector, and other business teams on compliance and IPO-readiness.
• Represent Scale’s corporate compliance function with internal and external stakeholders, including customers, auditors, partners, and regulators.

Ideally, you’d have:

• JD and active bar membership in at least one U.S. jurisdiction.
• 10+ years of legal experience across corporate compliance, investigations, regulatory counseling, GRC, internal controls, or related areas.
• Experience building or scaling compliance programs in high-growth technology or similarly complex environments.
• Strong experience with anti-bribery and anti-corruption, conflicts of interest, third-party risk, hotline governance, and privileged investigations.
• Experience maturing ERM, policy governance, training, remediation tracking, risk reporting, and IPO-readiness or public-company compliance.
• Strong judgment and communication skills, with the ability to work effectively across legal, technical, operational, and executive stakeholders.

Nice to haves:

• Experience with AI governance or regulation.
• Familiarity with government contractor compliance, export controls, or industrial security.
• Experience with multinational compliance programs, including Europe, the Middle East, Asia, and Latin America.

The Security Governance Team

If you want to be a part of a dynamic, forward-thinking Governance, Risk and Compliance organization focused on building a best-in-class, cutting edge governance program, come join the Security Governance Team at Okta. As a critical foundation of GRC, the Security Governance team’s mission is to provide the documentation, policy adherence, and advisory backbone needed to drive secure operations and behaviors at Okta and position the company as a global leader in security best practices. We are seeking a dedicated and detail-oriented Principal Data Security Engineer to join our team. The ideal candidate will drive Okta’s internal data security strategy and uplift capabilities for safeguarding sensitive information throughout the company.

The Role

The Principal Data Security Engineer will be the business owner of Okta’s data protection tool suite and will be responsible for envisioning, implementing, and maturing data security strategies across Okta, including enforcement of data retention, authoring and implementing data encryption and obfuscation minimums, establishing secure key management best practices, uplifting data handling controls and safeguards, and automating security workflows. This role demands a high level of technical expertise and deep experience with data security applications and services, such as Okta, Crowdstrike, and Palo Alto Networks. This role will work closely with a wide array of internal stakeholders, such as Data Loss Prevention (DLP) Engineering, Defensive Cyber Operations, Defensive Cyber Engineering, and Legal, as well as technology and cloud support teams. This role requires a thorough understanding of DLP technologies such as data security posture management (DSPM), endpoint detection and response (EDR), and cloud access security broker (CASB) as well as significant working experience in the data security and protection domain.

The right candidate will have experience operating in a mature security control environment, will have a strong background in managing mature data security and privacy functions in corporate settings, and will possess a proven track record of successfully implementing complex projects in cross-collaborative teams. The ideal Principal Data Security Engineer will be able to identify and drive appropriate data security strategy that mitigates Okta’s key security risks, including recommending enhancements such as compensating controls and other preventative measures.

The Principal Data Security Engineer will have strong familiarity with security compliance frameworks (e.g., NIST, ISO, PCI) and will be competent in summarizing complex scenarios for management review. If you are a self-starter who wants to make a difference in a global cloud security company, come help us lead the way.

What you'll be doing

• Serve as the business owner of Okta’s data protection tool suite
• Evaluation and implementation of security tools and services
• Design, establish, and implement the strategy for a multi-year data security maturity roadmap
• Identify patterns and trends in data loss incidents to enhance preventative and detective measures
• Collaborate with the Cyber Defense Team and Technology, Data & Intelligence (TDI) Team to realize data security controls within Okta’s data security technology stack
• Oversee and manage the development, implementation, and uplift of DLP rules
• Work closely with technology teams, Legal, Compliance, and other business units to ensure execution of comprehensive data protection strategies
• Provide clear and concise reports and documentation on data loss incidents and resolutions
• Ability to manage complex projects, including identifying dependencies and evaluating impact

What you'll bring to the role

• Bachelor’s degree in Information Security, Computer Science, or equivalent experience 
• 10+ years of experience in information security with a focus on data security and privacy
• Strong understanding of data protection principles and technologies
• Experience with network security, endpoint security, and cloud security solutions
• Certifications such as CISSP, CISA, CISM, or CDPSE are preferred
• Demonstrated experience working in commercial security roles aligned with security compliance frameworks (e.g., NIST, ISO, PCI)
• Experience in building productive relationships and driving collaboration with both technical and non-technical teams
• Clear ability to communicate the desired business outcomes and requirements to technologists building solutions
• Ability to operate effectively in a remote environment
• Self-starting, self-motivated, self-directed, and self-sufficient

Requirements

• Deep understanding of data security, data protection, and data privacy workstreams and related tooling (DSPM, DLP, CASB..etc)
• Demonstrated experience managing projects and data security tool implementations at a large/comparably sized company, ideally in a regulated industry; and/or Big 4 candidates with related engagement experience
• Strong security background; security certification preferred (e.g., CISA, CISM, CISSP, CDPSE)
• Bachelor’s degree or higher in cybersecurity or a related technical focus area and/or equivalent practical experience
• Strategic thinker with strong analytical and critical thinking skills
• Experience managing small teams and/or more junior team members is strongly preferred

#LI-SM1

#LI-HYBRID

P16924_3342877

We're looking for someone who gets excited about building data infrastructure at massive scale and cares deeply about the gaming communities we serve. Someone with passion for building lovable products for Discord users and Discord engineers. We're building the next generation Data Platform that powers decisions for one of the most vibrant platforms in the world.

If you're the kind of Staff Engineer who sees ambiguity as an invitation — who builds systems that make whole teams faster, shapes technical strategy across the org, and wants your decisions to directly impact millions of gamers worldwide — we want to talk to you.

To learn more about Discord's Data Platform, read our engineering blog, including how we built our modern data stack leveraging open-source tools!

This position is based in our San Francisco office.

What You'll Be Doing

• Own the technical direction of major Data Platform initiatives like GRC, scaling, or stream processing, from problem to production system and post-launch health
• Be a force multiplier: build reusable primitives, unblock teammates, and raise the quality bar across the team
• Stay a top code contributor. You write real production code while helping others reach the same bar
• Partner with XFN stakeholders to translate business problems into clear technical strategy
• Champion debate, decide, and commit and 80/20 thinking to drive robust technical solutions supporting multiple team

What you should have

• 7+ years of software engineering experience with a track record of driving large, ambiguous technical initiatives end-to-end
• Expertise in distributed systems and data infrastructure at scale. You've anticipated hard problems before they became incidents
• Demonstrated ability to multiply a team's impact through architectural thought leadership, design reviews, reusable abstractions, and well-timed mentorship
• Strong technical judgment: when to go fast vs. slow, when to build vs. integrate, and how to bring stakeholders along
• Cross-functional influence: you've driven alignment across engineering, product, and business without relying on authority

Bonus Points

• Passion for Discord and gaming
• Experience with data governance, privacy compliance, real-time analytics infrastructure, or cost optimization in large-scale data environments

Candidates must reside in or be willing to relocate to the San Francisco Bay Area (Alameda, Contra Costa, Marin, Napa, San Francisco, San Mateo, Santa Clara, Solano, and Sonoma counties). Relocation assistance may be available.

The US base salary range for this full-time position is $248,000 to $279,000 + equity + benefits. Our salary ranges are determined by role and level. Within the range, individual pay is determined by additional factors, including job-related skills, experience, and relevant education or training. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include equity, or benefits.

Role Overview

As a Security Risk and Compliance Analyst you will play a hands-on role in maturing and operating Asana’s compliance and certification programme—specifically across controls maturity, policy governance, and audit execution. This role sits at the intersection of traditional GRC work and compliance engineering: you will help maintain our control frameworks and run our audit cycles, while also contributing to the automation initiatives that make our compliance programme scalable and repeatable.

This is an excellent opportunity for someone with early-career GRC experience who is excited to grow their technical skills and help shape how a high-growth SaaS company approaches compliance automation. You will partner closely with Security Engineering, Legal, Privacy, and R&D to ensure our controls are effective, our evidence pipelines are reliable, and our certifications—SOC 2, ISO 27001, and FedRAMP—are maintained with rigour.

This role is based in our San Francisco office with an office-centric hybrid schedule. The standard in-office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. If you’re interviewing for this role, your recruiter will share more about the in-office requirements.

What You’ll Achieve

Controls Maturity & Certifications

• Support the maintenance and continuous improvement of Asana’s control framework, tracking control effectiveness across SOC 2, ISO 27001, FedRAMP Moderate, and other applicable standards.
• Proactively engage with a wide range of teams—including Engineering, IT, and People—to work through controls maturity activities, close existing gaps, and drive remediation efforts to completion with clear documentation of progress.
• Build strong working relationships across the business so that control owners feel supported and accountability is shared, not siloed within the compliance team.
• Contribute to controls maturity scoring and reporting, providing ongoing visibility into programme health for senior leadership.
• Support external compliance audits end-to-end: coordinating evidence requests, liaising with auditors, and tracking findings through to closure.

FedRAMP Continuous Monitoring

• Own the monthly FedRAMP ConMon package submission, ensuring it is accurate, complete, and delivered on time every month.
• Track and drive completion of all timebound FedRAMP requirements by working closely with Engineering, People, and other responsible teams.
• Maintain a clear calendar of FedRAMP deliverables and proactively flag risks to timelines, escalating where needed to ensure nothing slips.
• Serve as a day-to-day point of contact for FedRAMP-related queries from internal teams, helping them understand their obligations and what good looks like.

Evidence Collection & Automation

• Own evidence collection workflows within our GRC platform, ensuring controls are reliably mapped, evidence is current, and audit artefacts are ready year-round.
• Where possible, identify opportunities to automate repetitive evidence-gathering tasks—this is a nice-to-have rather than a core requirement, but curiosity and initiative here will be valued.
• Document evidence collection procedures so that processes are transparent, auditable, and maintainable by the broader team.

About You

• 3+ years of experience in Governance, Risk, and Compliance (GRC), information security, or a closely related field—internships and co-ops count.
• Foundational knowledge of security compliance frameworks such as SOC 2, ISO 27001, NIST CSF, or FedRAMP; you don’t need to be an expert in all of them.
• Comfortable engaging with a wide variety of teams—Engineering, People, IT, Legal—to explain compliance requirements, gather evidence, and build the relationships needed to close control gaps.
• Organised and deadline-driven: you can manage multiple workstreams, track time-sensitive obligations (like monthly FedRAMP submissions), and keep audit artefacts tidy without being reminded.
• A clear communicator who can translate compliance requirements into plain language for both technical and non-technical stakeholders.
• Exposure to compliance automation or evidence collection tooling (GRC platforms, scripting, API integrations) is a plus, but not essential—curiosity and a willingness to grow technically matter more.
• Curious about how modern SaaS engineering works—comfortable asking questions and learning the technical context behind a control.

At Asana, we’re committed to building teams that include a variety of backgrounds, perspectives, and skills, as this is critical to helping us achieve our mission. If you’re interested in this role and don’t meet every listed requirement, we still encourage you to apply.

What We’ll Offer

Our comprehensive compensation package plays a big part in how we recognize you for the impact you have on our path to achieving our mission. We believe that compensation should be reflective of the value you create relative to the market value of your role. To ensure pay is fair and not impacted by biases, we’re committed to looking at market value, which is why we check ourselves and conduct a yearly pay equity audit.

For this role, the estimated base salary range is between $130,000–$160,000. The actual base salary will vary based on various factors, including market and individual qualifications objectively assessed during the interview process. In addition to base salary, your compensation package may include equity and benefits. Speak with your Talent Acquisition Partner to learn more.

We strive to provide equitable and competitive benefits packages that support our employees worldwide and include:

• Mental health, wellness & fitness benefits
• Career coaching & support
• Inclusive family building benefits
• Long-term savings or retirement plans
• In-office culinary options to cater to your dietary preferences

These are just some of the benefits we offer, and benefits may vary based on role, country, and local regulations.

About Asana

Asana helps teams orchestrate their work, from small projects to strategic initiatives. Millions of teams around the world rely on Asana to achieve their most important goals, faster. Asana has been named a Top 10 Best Workplace for 5 years in a row, is Fortune’s #1 Best Workplace in the Bay Area, and one of Glassdoor’s and Inc.’s Best Places to Work.

We believe in supporting people to do their best work and thrive, and building a diverse, equitable, and inclusive company is core to our mission. Our goal is to ensure that Asana upholds an inclusive environment where all people feel equally respected and valued, whether they are applying for an open position or working at the company. We provide equal employment opportunities to all applicants without regard to race, colour, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law. We also comply with the San Francisco Fair Chance Ordinance and similar laws in other locations.

#LI-Hybrid

The Opportunity

We are looking for a Security Risk Program Manager to take Grow Therapy's security risk program to the next level of maturity. Reporting directly to the Head of Security, you'll be part of a team focused on protecting Grow's patients, providers, employees, and business by embedding risk awareness into everyday decision-making. Your work will directly support Grow's mission to expand access to high-quality mental healthcare—safely, responsibly, and at scale. Your responsibilities will include building and maturing our enterprise risk management framework, driving audit readiness, shaping executive risk reporting, and partnering closely with teams across Legal, Compliance, Engineering, and Product.

What You'll Be Doing

• Build and mature Grow's enterprise security risk management program, including risk identification, assessment, prioritization, remediation tracking, and maintaining a comprehensive risk register that informs business decisions.
• Lead the charge on AI risk management: Security sits within Grow’s Internal Foundations pillar, which is building company-wide infrastructure to support AI adoption. You’ll be in an incredible position to influence safe and thoughtful adoption of AI tooling at the enterprise level.
• Own the third-party/vendor security risk management program, streamlining review workflows to support business velocity while ensuring robust security oversight of partners and vendors.
• Drive audit readiness and external certifications (SOC 2, HIPAA-aligned assessments, HITRUST readiness) in close partnership with Legal and Compliance, reducing repeat findings and improving remediation timelines.
• Develop and deliver executive-level risk reporting and readouts that translate technical and security risks into clear business impact, enabling leadership to make informed, risk-aware tradeoffs as the company scales.
• Partner proactively across Security Engineering, Product, Engineering, and Operations to embed security and risk awareness into planning and decision-making cycles—positioning security as a strategic enabler rather than a gatekeeper.

You'll Be a Good Fit If

• You have deep experience building and operating security or enterprise risk management programs (not just managing projects) and a strong bias toward execution in fast-paced environments.
• You bring strong knowledge of healthcare security, privacy, and compliance frameworks (HIPAA, SOC 2, HITRUST) and can navigate regulatory obligations without sacrificing speed or innovation.
• You have exceptional stakeholder management and communication skills, including a track record of influencing senior leaders and translating complex risk concepts into actionable business guidance.
• You are a strong program manager with a structured approach to prioritization, documentation, and cross-functional alignment.
• Bonus: Experience scaling risk programs at high-growth or pre-IPO tech companies, prior ownership of vendor risk programs, or familiarity with GRC tooling and automation.

Employment Type: Full Time, Exempt 

Base Compensation: The base compensation range for this position is $152,000–$189,750 USD Annually.
The base compensation for this role will vary depending on several factors, including relevant experience, qualifications, and the candidate's working location.

Location:  This is a hybrid role with the expectation to work onsite from our NYC or San Francisco hub locations three days per week (Tuesday, Wednesday, and Thursday) and travel 2–3 times per year (e.g., company and department offsites).

The Role

We are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.

You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.

This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.

What You’ll Do

1. Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
2. Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
3. Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
4. Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
5. Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
6. Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
7. Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
8. Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
9. Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
10. Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
11. Help mentor and develop more junior team members as the program and team scale

What We’re Looking For

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffs
• Experience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiable
• Strong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatory
• Proven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk silo
• Strong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiences
• Comfort with data; SQL experience or the ability to query and analyze data independently is a strong plus
• Experience supporting or leading regulatory exams in a financial services or fintech environment

Nice to Have

• Experience building a TPRM program from scratch at a high-growth company
• Familiarity with GRC platforms and common TPRM tooling
• Working knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)
• Prior people management or team lead experience

Flex takes a market-based approach to pay, ensuring compensation is commensurate with a candidate's experience and our internal leveling guidelines. For candidates located in our Tier 1 markets (NYC/ SF), the base salary pay range for this role is $176,000—$220,000 USD. For all other U.S. locations, Flex utilizes a geographic pay differential based on a cost of labor index. If you are located outside of the Tier 1 states listed above, your starting pay will be adjusted to align with the market conditions of your specific geographic zone. Please speak with your recruiter for additional information regarding the specific range for your location.

About Flex

Flex is a venture-backed fintech company helping businesses manage and optimize their spend with modern financial products and software. We partner with some of the most innovative companies in the world and operate in a highly regulated, fast-growing environment. As we continue to scale, building best‑in‑class risk and compliance programs is critical to enabling our growth.

The Role

We are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.

You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.

This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.

What You’ll Do

1. Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
2. Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
3. Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
4. Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
5. Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
6. Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
7. Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
8. Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
9. Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
10. Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
11. Help mentor and develop more junior team members as the program and team scale

What We’re Looking For

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffs
• Experience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiable
• Strong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatory
• Proven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk silo
• Strong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiences
• Comfort with data; SQL experience or the ability to query and analyze data independently is a strong plus
• Experience supporting or leading regulatory exams in a financial services or fintech environment

Nice to Have

• Experience building a TPRM program from scratch at a high-growth company
• Familiarity with GRC platforms and common TPRM tooling
• Working knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)
• Prior people management or team lead experience

Flex takes a market-based approach to pay, ensuring compensation is commensurate with a candidate's experience and our internal leveling guidelines. For candidates located in our Tier 1 markets (NYC/ SF), the base salary pay range for this role is $176,000—$220,000 USD. For all other U.S. locations, Flex utilizes a geographic pay differential based on a cost of labor index. If you are located outside of the Tier 1 states listed above, your starting pay will be adjusted to align with the market conditions of your specific geographic zone. Please speak with your recruiter for additional information regarding the specific range for your location.

The Role

We are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.

You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.

This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.

What You’ll Do

1. Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
2. Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
3. Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
4. Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
5. Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
6. Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
7. Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
8. Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
9. Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
10. Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
11. Help mentor and develop more junior team members as the program and team scale

What We’re Looking For

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffs
• Experience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiable
• Strong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatory
• Proven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk silo
• Strong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiences
• Comfort with data; SQL experience or the ability to query and analyze data independently is a strong plus
• Experience supporting or leading regulatory exams in a financial services or fintech environment

Nice to Have

• Experience building a TPRM program from scratch at a high-growth company
• Familiarity with GRC platforms and common TPRM tooling
• Working knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)
• Prior people management or team lead experience

Flex takes a market-based approach to pay, ensuring compensation is commensurate with a candidate's experience and our internal leveling guidelines. For candidates located in our Tier 1 markets (NYC/ SF), the base salary pay range for this role is $176,000—$220,000 USD. For all other U.S. locations, Flex utilizes a geographic pay differential based on a cost of labor index. If you are located outside of the Tier 1 states listed above, your starting pay will be adjusted to align with the market conditions of your specific geographic zone. Please speak with your recruiter for additional information regarding the specific range for your location.

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Senior Application Security Engineer, you will focus on finding and responding to security vulnerabilities across the Brex platform. In this role, you will perform code reviews, design reviews, penetration testing, and vulnerability management. You will develop and maintain tooling to perform static and dynamic testing of the Brex platform and tooling which supports secure developer workflows. Application Security is part of our wider Financial Scale organization, which means you will work closely with Security Operations, GRC, Product Security, Front End Platform,  IT Infrastructure teams.

We’re looking for individuals with a strong background and interest in penetration testing. You should have a demonstrated ability to find vulnerabilities in complex systems and craft exploits to demonstrate business impact. This role is highly cross functional and collaborative, you will have the opportunity to work with every engineering team across Brex. You should be enthusiastic about working with a variety of backgrounds, roles, and needs. Building a world-class financial service requires world-class security. 

Brex is pioneering the next wave of AI-driven financial services for dynamic, high-impact companies like Coinbase, Robinhood, and Anthropic. We're at the early stages of integrating AI across our product suite, this role will have the opportunity to influence and secure the future of AI Security at Brex. You'll be at the forefront of securing our novel AI implementations, identifying attack vectors in agentic-powered features, and partnering with product and engineering teams to build AI capabilities that our customers can trust with their critical financial operations.

Responsibilities

• Identifying vulnerabilities, demonstrating business impact, and articulating the risk of specific vulnerabilities to drive prioritization efforts
• Perform penetration testing and design reviews, looking for vulnerabilities and insecure designs, work with engineering and product to design secure product features
• Maintain and build internal tools to automate security efforts, perform SAST and DAST testing of the Brex platform, and support secure development practices
• Build and contribute to a culture of collaborative security excellence through technical leadership, learning sessions, and mentorship within the team and wider organization

Requirements

• 5+ years work experience in an Application Security or related role
• Ability to find vulnerabilities in complex systems, demonstrating business impact through custom attack chains
• Experience with a wide range of secure development activities including— threat modeling, developer education, and incident response
• Knowledge of Python, scripting languages, and AI/agentic workflows to automate tasks, build tools and improve productivity
• Collaborative mindset paired with strong written and verbal communication skills

Bonus points

• Proficiency with Kotlin, gRPC, GraphQL, Kubernetes
• Previous experience as a software engineer
• Consultancy experience performing web application security reviews
• Experience with securing distributed systems in AWS and cloud environments
• Experience with pentesting and securing agentic features and systems
• Contributions to the wider technical community— open source, public research, mentorship, community organizing, blogging, CVEs, presentations, etc
• Experience submitting to bug bounty programs or responsible disclosure programs

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

What You’ll Do:

CoreWeave is building the infrastructure that powers the next era of AI — and doing it at a pace and scale that demands operational excellence across every function. As we scale toward and beyond public company readiness, the CIO organization is responsible for owning the execution of IT General Controls (ITGCs) and IT application controls across our technology environment.

About the role:
This is not a traditional audit-support role. As the Senior Product Manager, IT SOX Compliance, you will translate SOX compliance requirements into structured programs, drive accountability across IT process owners, and build the systems and workflows that make compliance scalable. You will work closely with the SOX team and IT process owners to ensure controls are designed, reviewed, and evidenced effectively. The day-to-day includes owning the IT SOX compliance program, partnering with cross-functional teams, and ensuring controls are executed, documented, and audit-ready.

• Own the end-to-end IT SOX compliance program within the CIO organization, maintaining the IT control inventory spanning ITGCs, IT-dependent controls, and automated application controls
• Own the control design and documentation, including narratives and risk and control matrices (RCMs), ensuring controls are clearly defined and audit-ready
• Partner with IT, Accounting (where needed), and the SOX team to ensure new systems and modules are implemented with appropriate SDLC controls in place prior to go-live; review control designs to identify and mitigate SOX risks
• On an ongoing basis, partner with IT process owners and control operators to ensure controls are executed in a timely manner
• Review control evidence for quality and completeness before submission to auditors
• Manage the full deficiency lifecycle — from root cause analysis through remediation planning, retesting, and escalation — reporting control health to IT leadership and the SOX team
• Lead root cause analysis for control failures and incidents, track and resolve systemic gaps, and implement and validate remediation plans to prevent recurrence

Who You Are:

• 8+ years of experience in IT audit, IT risk, IT compliance, or a related field, with hands-on IT SOX experience in either a practitioner or oversight capacity
• Deep familiarity with IT General Controls (ITGCs) — access management, change management, SDLC, and computer operations — and how they map to financial reporting risk
• Experience with Workday, Salesforce, NetSuite/SAP, Coupa, and other enterprise business systems
• Strong understanding of PCAOB auditing standards, COSO framework, and COBIT as they apply to IT controls
• Demonstrated ability to manage multiple workstreams, deadlines, and stakeholders across engineering, finance, legal, and audit
• Experience with GRC platforms (e.g., AuditBoard, ServiceNow GRC, Workiva, or similar)

Preferred:

• CISA, CISSP, CISM, or CPA certification
• Experience in a hyperscaler, cloud infrastructure, or high-growth tech environment
• Proven ability to establish or scale SOX IT compliance programs at newly public or pre-IPO companies

Wondering if you’re a good fit?
We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match. Here are a few qualities we’ve found compatible with our team. If some of this describes you, we’d love to talk.

• You love translating SOX compliance requirements into structured, scalable programs
• You’re curious about improving control design, execution, and compliance workflows
• You’re an expert in IT SOX compliance, ITGCs, and control lifecycle management

Why CoreWeave?
At CoreWeave, we work hard, have fun, and move fast! We’re in an exciting stage of hyper-growth that you will not want to miss out on. We’re not afraid of a little chaos, and we’re constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values:

Be Curious at Your Core
Act Like an Owner
Empower Employees
Deliver Best-in-Class Client Experiences
Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking. We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems. As we get set for takeoff, the organization's growth opportunities are constantly expanding. You will be surrounded by some of the best talent in the industry, who will want to learn from you, too. Come join us!

The base salary range for this role is $165,000 to $242,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

The Opportunity

As a Security Sales Specialist, you'll partner with Enterprise Account Executives to drive adoption of Datadog’s Security platform across key accounts. This is a high-impact role focused on positioning our Security solutions (Cloud SIEM, Cloud Workload Security, CSPM, and more) into new and existing customers—expanding our footprint and helping customers modernize their security stack in the cloud.

What You'll Do

• Act as the subject matter expert (SME) for Datadog Security products across a targeted account patch

• Collaborate closely with Enterprise AEs to support net new logo acquisition and expansion in strategic accounts

• Own and drive the security sales cycle from discovery to technical close, working closely with Sales Engineers

• Evangelize Datadog’s security story to security leaders (CISO, Security Architects, SecOps)

• Work cross-functionally with Datadog's partner, channel, and alliance teams to drive joint go-to-market motions

• Co-sell effectively with AEs and partners, contributing to deal strategy, solution alignment, and stakeholder engagement

• Stay informed on security trends and competitive offerings to differentiate Datadog
   

Requirements

• Proven success selling into security buyers (CISO, SecOps, GRC, etc.)

• Experience co-selling in a matrixed environment, supporting or partnering with AEs and cross-functional teams

• Strong understanding of the partner/channel sales model, including how to navigate and influence joint selling motions

• Familiarity with modern security solutions such as SIEM, CSPM, CWPP, container/Kubernetes security

• Ability to build strong relationships with internal stakeholders, partners, and customer technical teams

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As an Application Security Engineer, you will contribute to finding and responding to security vulnerabilities across the Brex platform. In this role, you will participate in code reviews, design reviews, penetration testing, and vulnerability management. You will contribute to tooling that performs static and dynamic testing of the Brex platform and supports secure developer workflows. Application Security is part of our wider Financial Scale organization, which means you will work closely with Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure teams.

We're looking for individuals with a solid foundation in penetration testing and a curiosity for finding vulnerabilities in complex systems. You should have experience identifying and documenting vulnerabilities across common vulnerability classes and be able to communicate their risk clearly to engineering and product teams. This role is highly cross-functional — you'll have the opportunity to collaborate with engineering teams across Brex and grow your security expertise in a fast-moving environment.

Brex is pioneering the next wave of AI-driven financial services for dynamic, high-impact companies like Coinbase, Robinhood, and Anthropic. As we integrate AI across our product suite, this role will give you hands-on experience contributing to AI security at Brex. You'll apply emerging AI security best practices to help secure our agentic features, identify attack surfaces introduced by LLM-powered systems, and partner with product and engineering teams to build AI capabilities our customers can trust with their critical financial operations.

Responsibilities

• Identify vulnerabilities across common vulnerability classes (e.g., OWASP Top 10), document findings clearly, and communicate risk to drive remediation efforts
• Participate in penetration testing and design reviews alongside senior engineers, contributing to the identification of vulnerabilities and insecure designs
• Contribute to internal tooling and automation efforts that support SAST and DAST testing of the Brex platform and promote secure development practices
• Collaborate with engineering and product teams to support the design of secure product features
• Actively contribute to a culture of security awareness through knowledge sharing and peer learning

Requirements

• 4+ years of work experience in Application Security or a related role
• Demonstrated ability to find and document vulnerabilities in complex systems, with clear communication of business risk
• Hands-on experience with a subset of secure development activities, such as code review, threat modeling, or penetration testing
• Experience identifying security risks in AI/ML systems — such as prompt injection, model manipulation, or data poisoning — through work experience, personal projects, CTFs, or bug bounties
• Familiarity with agentic workflows and the ability to reason about attack surfaces introduced by LLM-powered features
• Knowledge of Python or scripting languages to automate tasks and build tooling
• Collaborative mindset paired with strong written and verbal communication skills

Bonus points

• Experience with Kotlin, gRPC, GraphQL, Kubernetes
• Previous experience as a software engineer
• Experience with securing distributed systems in AWS and cloud environments
• Experience with web application security reviews
• Contributions to the wider technical community — open source, public research, CTF participation, blogging, CVEs, or presentations
• Experience submitting to bug bounty or responsible disclosure programs
• Published AI security research or contributions to AI security frameworks

Compensation

The expected salary range for this role is $152,000 - $190,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

About the role

Anthropic's Integrity & Compliance (I&C) function is building the systems that let us scale responsibly as our products reach more people, more enterprises, and more regulated industries. Our global compliance program is bespoke, reflecting our unique mission and position as one of the leading AI labs operating on the frontier.

The Governance & Oversight pillar is the operational and structural backbone of Integrity & Compliance. It owns the frameworks, policies, controls testing, training, GRC tooling, and reporting that hold the rest of the function together — and that allow Anthropic to demonstrate accountability to employees, customers, regulators, and the public as the company scales.

We're hiring a Compliance Governance & Oversight Lead to set the strategy for how compliance governance works at Anthropic, own the systems and reporting that give leadership a clear line of sight into program health, and partner with the leads of our other I&C pillars — Privacy Programs, Regulatory Programs, and Corporate Compliance — to ensure their work is supported by a coherent operating model.

This is a senior leadership role in a function being built from the ground up. You'll have significant autonomy to shape the design of the pillar, and you'll build and develop the team that runs it. You'll report to the Head of Integrity & Compliance.

Key responsibilities

• Set the strategy for compliance governance and oversight at Anthropic, defining how policies, controls, training, and reporting come together into a coherent operating model across the I&C function

• Own the policy lifecycle end-to-end — drafting standards, approval workflows, version control, attestation, and accessibility — and ensure Anthropic's compliance policies are current, coherent, and demonstrably communicated

• Lead selection, implementation, and ongoing administration of the GRC platform that serves as the central system of record for I&C, including risk tracking, control documentation, issue management, and workflow

• Design and run the controls testing and monitoring program across all I&C pillars, partnering with pillar leads to verify controls are operating as intended and to surface gaps before they become issues

• Own the compliance training program, working with subject matter experts across I&C to develop, deliver, and evidence training that meets regulatory requirements and embeds compliance into how the company operates

• Drive issue management across the function — ensuring findings, exceptions, and remediation are documented, owned, escalated where needed, and driven to closure

• Build the metrics, dashboards, and reporting cadences that give the Head of I&C, the broader leadership team and Internal Audit a clear view of program health, key risks, and strategic priorities

• Prepare and present compliance reporting to leadership synthesizing inputs from across pillars into clear narratives

• Coordinate the function's responses to compliance-related due diligence requests from customers, partners, and investors

• Manage the I&C budget and vendor portfolio, providing the administrative foundation for the function's operations

• Build and develop the Governance & Oversight team as the pillar's scope and headcount grow, and embed a culture of practical, well-evidenced compliance across the company

Minimum qualifications

• Significant experience in compliance, risk, internal audit, or a closely related field, including leadership of a compliance operations, governance, or oversight function

• Demonstrated track record building or substantially scaling a compliance program — policies, controls testing, training, GRC tooling, and reporting — end-to-end, ideally from an early stage

• Deep working knowledge of compliance program fundamentals: policy management, training, controls testing, issue management, and program reporting

• Experience selecting, implementing, and operating GRC technology platforms, and using technology to make compliance more effective and less burdensome for the wider organization

• Track record of preparing and presenting compliance reporting to senior leadership, Internal Audit, and/or board-level governance bodies

• Strong written and verbal communication, with the ability to translate substantive compliance requirements into operating processes that engineering, product, and go-to-market teams will actually adopt

• Demonstrated ability to lead through influence across a senior, cross-functional stakeholder group, and to make and defend cross-functional decisions

• Experience building and developing teams

Preferred qualifications

• 10+ years of relevant experience

• Prior experience at a Big 4 or comparable compliance consulting or advisory professional services firm, in addition to in-house leadership experience

• Experience leading compliance governance at a high-growth technology company, ideally one operating across multiple regulatory regimes

• Exposure to AI-specific compliance considerations and the emerging regulatory landscape for AI

• Experience standing up or transforming a compliance function in a hyper-scaling environment, including building from a blank page

• Direct experience presenting to or supporting Audit Committee or board-level reporting on compliance matters

Role-specific policy: For this role, we expect staff to be able to work from either our Washington, DC, San Francisco, or New York City office at least 3 days a week, though we encourage you to apply even if you might need some flexibility for an interim period of time.

About that Role

As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers, and (nascent) industry norms — which we also seek to influence. The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet. The compliance team demonstrates adherence to security expectations through credential attainment, the establishment of assurance and oversight mechanisms, and direct engagement with auditors, customers, and partners.

This opportunity is unique. Anthropic is expanding HIPAA coverage across its product portfolio — including Claude Code, the Claude Developer Platform, and Claude Cowork — and we need to build the compliance infrastructure to match that expansion. We are looking for someone to own HIPAA compliance operations end-to-end, not just advise on it.

Responsibilities:

• Operate Anthropic’s HIPAA compliance review program, executing on HIPAA obligations across the product portfolio.
• Run a dedicated HIPAA review track in parallel with the Product Security Review (PSR) process, applying compliance checklist to every in-scope change and recording a complete, auditable disposition before release.
• Build and maintain change monitoring mechanisms to catch HIPAA-relevant changes — including default setting changes and incremental updates.
• Partner with product and engineering teams upstream to ensure HIPAA considerations are built into first releases rather than addressed as post-launch remediations.
• Assess and document PHI data flows, infrastructure boundaries, and control coverage across Anthropic’s cloud-native product environments.
• Write, update, and enact HIPAA policies, checklists, deployment guides, and audit evidence packages.
• Manage Business Associate Agreement (BAA) obligations and coordinate with legal and external counsel on PHI determination questions and emerging regulatory requirements.
• Contribute to Anthropic’s broader compliance program, including adjacent frameworks (SOC 2, ISO 27001, NIST 800-53) where they intersect with HIPAA obligations.

You may be a good fit if you:

• Have 3+ years of progressive experience in compliance roles, including direct ownership of a HIPAA compliance program at a technology company
• Have evaluated PHI data flows and infrastructure boundaries in cloud-native environments (AWS, GCP, or Azure) and can assess HIPAA exposure without always needing to escalate to legal
• Have designed and operated a compliance review mechanism integrated into a product development or release process
• Can translate HIPAA technical compliance requirements into actionable workstreams for engineering and product teams
• Deliver clear, precise compliance documentation — policies, checklists, audit evidence, deployment guides — for both technical and non-technical audiences
• Thrive in fast-paced, ambiguous environments where you’re expected to build processes from scratch and keep them working under rapid product change
• Are energized by being the organizational expert who educates and influences rather than only advises

Strong candidates may also:

• Have worked in AI/ML or developer-platform companies and understand the unique challenges of PHI exposure in model inference and API environments
• Have HITRUST CSF experience or experience mapping HIPAA requirements to HITRUST controls
• Bring experience from high-growth technology companies where compliance programs had to scale alongside rapid product expansion
• Have implemented or significantly contributed to compliance automation or GRC tooling integrations
• Possess relevant certifications (CHPC, HCISPP, CISA, CISM, CISSP, or equivalent)

Candidates need not have:

• Done everything on this list before — we value learning agility and willingness to tackle novel compliance challenges in the AI space

Deadline to Apply: None, applications will be received on a rolling basis.

The role:
The Technology and Cybersecurity risk and controls team handles a wide range of cross-functional activities, from security compliance certifications and audits, to risk management, inbound and outbound due diligence, third party risk management, security awareness, policy and procedures, and more.

Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy.

We are seeking an experienced Security Compliance Manager responsible for monitoring and governing security controls in the cloud based on regulatory/compliance requirements and industry standards for our core Banking platform. Candidate must be able to assimilate knowledge quickly, understand stakeholder’s business challenges/risks, and act as a trusted advisor to lead change, policy adoption and monitor compliance against policies and standards.

What you'll do:

• Own bank compliance and controls testing, monitoring and issue management

• Manage ongoing investor audits like SOC2, PCI DSS, SOX ITGC, GLBA and security due diligence questionnaires

• Serve as the primary liaison between internal stakeholders (i.e. Cybersecurity,

• Technology, Product, Risk, Privacy, Internal Audit, HR, Legal, Sales etc…) and external auditors, regulators, and third-party assessors

• Monitor compliance with cybersecurity policies and standards and assess security compliance risks for bank scoped products, processes and technologies in a cloud environment

• Partner with stakeholders to conduct walkthroughs and create process maps for critical cybersecurity processes, facilitating in risk and control identification and ensure the environment is operating safely and in control

• Translate technical controls and requirements into audit-ready evidence, and work with technical teams to align implementations with compliance expectations

• Support regulatory, third party attestation, and Internal Audit, audit readiness activities, ensuring control design and execution meet internal policy and external regulatory standards

• Communicate clearly and effectively with both technical and non-technical audiences, including executives, control owners, and external assessors.

What you'll need:

• BS degree in Computer Information Systems or related field

• 7+ years of experience with security GRC initiatives Experience with regulatory cybersecurity compliance examinations

• Substantive and current knowledge of transaction banking compliance, consumer and commercial lending, deposit, wires, cards and privacy regulations applicable to banks

• Experience with onboarding and monitoring cybersecurity controls in cloud environments specifically AWS

• Experience with AI governance and risk assessments using frameworks like NIST AI RMF, ISO42001, ISO 38507 and other privacy regulations like CCPA, GDPR etc

• Strong knowledge of security risk management and running audits/certification programs

• Self-starter with strong interpersonal and communication skills

• Demonstrate ability to assimilate new knowledge quickly

• Comfortable working in a fast-paced, dynamic environment, and managing multiple projects concurrently

• Experience with managing programs in GRC tools

Preferred qualifications:

• Banking/Fintech, Big 4, or management/IT consulting experience

• Strong risk management and governance experience KRI’s/KPI’s reporting

• Familiarity with CSPM, AWS security, CI/CD, SAST/DAST, SIEM and vulnerability

• management tools

• Strong JIRA and workflow management and agile project management experience

• Direct experience with regulatory cybersecurity compliance examinations

• Relevant certification (e.g. CISA, CISSP, PCI QSA, AWS certifications) or equivalent expertise

• Have risk assessment expertise with PCI DSS 4.0.1, SOX, NIST 800-53/800-37, NIST CSF, SOC 2, PCI, NYDFS NYCRR PART 500 and/or ISO 27001 standards, integrated controls framework, and evaluating design and effectiveness of IT controls working directly with auditors, regulators, investors

• Experience in building successful compliance programs for banks or fintech

• Experience defining compliance roadmaps based on customer requirements,

• compliance documentation, and ensuring that committed assessments are delivered on schedule

• Technical fluency; comfortable understanding and discussing technology concepts, experience evaluating tradeoffs and new opportunities with technical team members

The Role:

We are seeking an experienced AI Solutions & Delivery Engineer to join our Business Controls Group (BCG) as a hands-on technical leader focused on applying Artificial Intelligence, including Generative AI and Agentic AI, to accelerate and elevate first line of defense (1LOD) risk and control operations.

The ideal candidate will possess a blend of business and technical savvy, a vision for what AI can unlock within a controls environment, and the drive to transform that vision into reality. You will be responsible for partnering with stakeholders across BCG: listening, facilitating, hands-on developing, and delivering prioritized AI solutions that augment and elevate the capabilities of our risk and controls professionals.

You will focus on building AI-powered solutions for specific BCG initiatives, including control testing, horizontal risk-related reporting, and other 1LOD process acceleration activities, and manage a portfolio of AI initiatives from ideation through production deployment. This role exists to increase the quality, velocity, and scalability of how our Business Controls teams execute their work.

You will also serve as technical lead for the Business Controls AI Engineering function, acting as a system-level thinker, designing, orchestrating, building, and deploying AI agents, tools, and enterprise data integrations for BCG and 1LOD risk management teams within the guardrails of SoFi’s governance framework.

What you’ll do:

AI Strategy & Solutions Delivery

• Partner with BCG leadership to define the AI solutions vision and roadmap for 1LOD risk and controls, based on business use case prioritization and scorecard evaluation.

• Identify and implement opportunities where AI can uplift risk and control processes and practices, with an initial focus on control testing velocity and business controls reporting.

• Design, develop, and deploy AI-powered solutions (including LLM-based agents, automated evidence analysis, and intelligent workflow tools) that deliver measurable improvements to BCG operations.

• Translate ambiguous, fast-evolving AI work into clear narratives, artifacts, and decision frameworks for senior and executive leaders.

• Manage the end-to-end AI product lifecycle, from ideation and requirements gathering through development, testing, launch, and post-launch optimization.

Stakeholder Engagement & Enablement

• Partner with Business Controls teams, risk professionals, technology teams, and other BCG stakeholders to drive development, adoption, and continuous improvement of AI solutions.

• Enable risk professionals’ adoption of AI tools by providing training, documentation, and hands-on support to increase comfort and proficiency across the organization.

• Partner with enterprise AI and platform engineering teams to ensure AI solutions are built in compliance with best practices, enterprise policies, and internal standards.

• Contribute to the uplifting and upscaling of AI capabilities across BCG, assisting in the responsible adoption of best-in-class AI platforms within the organization.

Performance & Metrics

• Define key performance indicators (KPIs) and metrics for AI solutions, monitor performance post-launch, and iterate based on data-driven insights.

• Ensure AI solutions deliver measurable business value, including reductions in cycle time, improvements in testing coverage, and enhanced reporting accuracy.

• Establish and maintain dashboards that communicate AI initiative progress, adoption, and impact to BCG leadership.

Governance, Risk & Compliance

• Manage end-to-end Generative AI and Responsible AI governance for BCG solutions, including documentation, validation, monitoring, explainability, and adherence to internal policies and emerging AI regulations.

• Demonstrate critical thinking and the ability to clearly articulate risks and dimension impact when evaluating AI use cases and deployments.

• Ensure all AI solutions align with enterprise governance standards, regulatory expectations, and model risk management requirements.

Technical Leadership

• Serve as technical lead for the Business Controls AI Engineering function.

• Evaluate, select, and integrate AI/ML tools and platforms that best serve BCG’s operational needs.

• Break ambiguous problems into clear, measurable components and define actionable AI development plans.

• Demonstrate sound judgment when balancing innovation against risk in a regulated financial services environment.

What you’ll need:

• 8+ years of experience in risk management, controls, compliance, or technology roles, with at least 3+ years focused on AI/ML products, applied AI solutions, or AI-driven process transformation.

• Bachelor’s or Master’s degree in Computer Science, Engineering, Data Science, or related field (or equivalent work experience).

• Demonstrated experience in ambiguous or emerging domains, including leadership in defining, launching, and scaling AI solutions that deliver significant business impact.

• Proven experience working at a senior individual contributor level or equivalent in a regulated organization, preferably in financial services.

• Strong understanding of the financial services industry, including 1LOD risk management, control testing, and business controls operations.

• Hands-on experience with AI/ML concepts including LLMs, Generative AI, Agentic AI, supervised/unsupervised learning, model monitoring, and responsible AI practices.

• Understanding of data governance, data pipelines, and MLOps principles.

• Strong communication and executive stakeholder engagement skills, with the ability to explain complex ideas clearly to non-experts at different audience levels.

• Experience with regulatory expectations, model governance, and risk management in a banking or financial services context.

• Strategic thinker with a strong analytical and problem-solving mindset.

• Rapid self-learner in unfamiliar domains with a bias toward action and delivery.

Nice to have:

• Experience with Snowflake, dbt, or other modern data platform tools used in enterprise data environments.

• Familiarity with LLM tooling, RAG systems, AI agent frameworks, or AI-assisted data workflows.

• Financial services experience across domains such as Credit, Fraud, Collections, or Operational Risk.

• Experience with GRC platforms and control testing methodologies.

• Experience implementing AI governance frameworks at scale.

• AWS experience (S3, Glue, Lambda) and infrastructure-as-code familiarity.

About the Team

The Information Security organization at Postman operates across three pillars: Governance Risk & Compliance (GRC), Product Security, and Security Operations. We are a team of builders, not checkbox-checkers. We hold active SOC 2 Type II, ISO 27001, ISO 42001, and HIPAA compliance postures, and we are pursuing FedRAMP High and CMMC Level 2 authorization. Our security stack includes Wiz, SentinelOne, Okta, Jamf, and 1Password, and we operate across a multi-cloud environment.

The Offensive Security team is the "red" pulse of this organization. We don't just find bugs — we simulate the adversary to ensure our defenses hold up under real-world pressure. We focus on continuous security validation, AI-augmented adversary emulation, and offensive AI security research at Postman's scale.

The Opportunity

We are looking for a Senior Manager, Offensive Security who is as much a strategist as they are a hacker. You will own the strategic direction of Postman's offensive security program — including building out a dedicated Offensive AI Security capability from the ground up — and operate as a key partner to CISO leadership on threat-informed defense strategy.

This is not a role where you inherit a mature program and keep the lights on. You will shape what offensive security looks like at Postman for the next three years, with a specific mandate to make us an industry leader in adversarial testing of AI systems, agentic workflows, and LLM integrations.

You will lead a team that doesn't just "report" vulnerabilities but "demonstrates" them, using live exploits to build a deep, visceral security culture across the entire engineering organization.

What You’ll Do

Strategy & Program Ownership

• Set Strategic Direction: Define and execute the multi-year offensive security roadmap, aligning Red Team, Purple Team, and continuous validation capabilities to Postman's evolving threat landscape and business priorities.

• Build the Offensive AI Security Practice: Stand up and scale a dedicated offensive capability targeting AI/ML systems. This includes adversarial testing of LLM integrations, agentic workflows (MCP, tool-use chains), RAG pipelines, and model-serving infrastructure. You will define the methodology, tooling, and engagement frameworks from the ground up.

• Develop AI Threat Intelligence: Track and operationalize the rapidly evolving AI threat landscape — OWASP LLM Top 10, MITRE ATLAS, emerging attack research on agentic systems — translating external research into internal red team playbooks and detection hypotheses for Security Operations.

Hands-On Technical Leadership

• Red Team AI Systems at Depth: Go beyond checkbox assessments. Lead structured adversarial campaigns against Postman's LLM deployments, AI agents, and model pipelines — targeting prompt injection, tool-use abuse, data exfiltration via context manipulation, training data poisoning, model manipulation, and trust boundary violations in multi-agent architectures.

• Architect Autonomous Testing: Design and deploy AI-based penetration testing platforms and autonomous agents to perform continuous security validation across our API ecosystem.

• Continuous Validation: Move from manual pentesting to Continuous Offensive Security, integrating automated breach and attack simulation (BAS) into CI/CD pipelines, including AI model deployment pipelines.

People Leadership

• Lead & Cultivate: Build, manage, and scale a high-performing team of offensive security engineers — including specialized AI red team operators — providing mentorship, career development, and succession planning.

• Recruit for the Future: Identify and hire talent at the intersection of offensive security and AI/ML — a rare and competitive talent market. Build a pipeline that includes internal development paths for existing security engineers to cross-skill into AI red teaming.

Communication & Influence

• Drive Security Culture through "The Show": Lead live "Exploitable Demonstrations" — technical proof-of-concepts presented to engineering teams that show exactly how a vulnerability could be leveraged, turning abstract risks into tangible learning moments. Place particular emphasis on demystifying AI-specific attack vectors for non-ML engineers.

• Executive Communication: Translate offensive findings into business-level risk narratives for executive leadership, the board, and external stakeholders. Partner with GRC on audit evidence and compliance posture derived from offensive operations, including AI-specific risk frameworks (ISO 42001).

• Cross-Functional Partnership: Operate as a senior technical leader across Product Security, Security Operations, and Engineering, ensuring offensive findings — especially from AI red team engagements — drive measurable improvements in detection, response, and architecture.

About You

• Experience: Minimum of 8 years in offensive security (penetration testing, red teaming, vulnerability research, or exploit development) with at least 4 years in a people management or leadership capacity, including experience managing managers or tech leads.

• AI/ML Offensive Depth: Demonstrated experience attacking AI/ML systems — whether through adversarial ML research, LLM red teaming, agentic system exploitation, or building offensive tooling for AI targets. You understand the difference between prompt injection and indirect prompt injection, know what a tool-use confusion attack looks like, and can articulate why RAG poisoning is a supply chain problem.

• Strategic Acumen: Demonstrated ability to build and scale an offensive security program from the ground up or significantly mature an existing one. Experience setting OKRs, managing budgets, and presenting to executive leadership.

• Adversarial Mindset: Deep understanding of the modern threat landscape and how to apply it to cloud-native, API-first environments — extended to AI-native architectures.

• AI Offensive Tooling Fluency: Hands-on experience with AI-augmented pentesting tools (e.g., PentestGPT, Horizon3, custom LLM-based fuzzing) and purpose-built AI red team frameworks (e.g., Microsoft PyRIT, Garak, custom harnesses). Understanding of how to manage non-deterministic AI outputs in both offensive tooling and target systems.

• Pragmatic Storytelling: You believe that a well-executed exploit demo is more effective than a 50-page PDF. You can present a complex exploit chain — including an AI-specific attack path — to a room of developers in a way that is inspiring, not condescending.

• Engineering Fluency: You prefer building an automated "exploit-as-code" validator over performing the same manual test twice. You can architect evaluation harnesses and adversarial test suites for ML models.

Preferred

• Industry Presence: Track record of contributions to the offensive security or AI security community — conference talks (DEF CON, Black Hat, BSides, RSA), tool releases, published research, CVEs, or active participation in OWASP, MITRE, or similar working groups.

• Certifications: OSCP, OSCE, OSEP, GXPN, GPEN, CRTP, or equivalent hands-on offensive certifications. AI/ML-specific credentials (e.g., GIAC GMAI) are a differentiator.

• Cloud Security Expertise: Deep familiarity with AWS security primitives, cloud-native attack paths, and container/Kubernetes exploitation.

• API Security Depth: Experience with API-specific attack methodologies — BOLA, BFLA, mass assignment, GraphQL abuse, gRPC exploitation — reflecting Postman's core product domain.

• Compliance Awareness: Familiarity with how offensive security outputs map to SOC 2 Type II, ISO 27001, ISO 42001, FedRAMP, or CMMC control evidence. You don't run GRC, but you know how to feed it.

The reasonably estimated base salary for this role ranges from $275,000 to $300,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience. 

This is a unique opportunity to contribute to a high-quality SOX program while helping create something from the ground up:  an IT risk management function and operational audit capability at one of the most recognized design companies in the world. The Manager of IT Internal Audit (Risk & Ops) will support Figma's IT SOX compliance program and, in partnership with the Head of Internal Audit, develop the IT risk management and risk-based operational audit workstreams. The right candidate brings compliance rigor and the intellectual curiosity to work in greenfield territory, where the playbook does not yet exist.

This is a full time role that can be held from one of our US hubs or remotely in the United States.

What you’ll do at Figma:

• Execute the IT SOX compliance program: ITGC and ITAC testing, deficiency management, remediation tracking, and SOX documentation. Coordinate with external auditors and co-sourced resources throughout the audit cycle.
• Provide technical support in the assessment, design, and implementation of IT General Controls and IT Application Controls in collaboration with GRC and IT management. Participate in system upgrades and implementations to ensure controls over financial reporting are adequately identified and addressed.
• Lead IT risk conversations with management and contribute to the IT risk register. Support the buildout of Figma's IT risk management program, including risk identification methodology, assessment frameworks, and leadership reporting.
• Contribute to risk updates for the Audit Committee and senior leadership as it relates to the IT risk landscape, including emerging technology risks such as cloud, SaaS, and AI.
• Develop a risk-based operational audit plan and implement audits across IT and business process areas, including where no prior year workpapers exist. Issue findings with risk ratings and actionable recommendations; track remediation to closure.
• Build audit programs from scratch, prepare clear and concise audit reports, and present findings and recommendations to senior leaders and cross-functional partners.

About the Role:

Vercel is hiring a Director of Product Foundations to build the legal foundations that enable our product velocity at scale. The core priority for this role is leading privacy and regulatory matters on the legal team; you will also oversee IP and litigation.

You will report to Vercel’s VP of Legal and partner closely with Security, Trust & Safety, and GRC, as well as product, engineering and other teams.

This role is based in SF where we have a 3 day/week in-office requirement.

What You Will Do:

• Lead Vercel’s privacy program, regulatory strategy and frameworks, IP strategy, litigation, and the legal team’s incident response processes
• Translate complex requirements into business-oriented, actionable guidance so product teams can continue to ship fast
• Build scalable programs using policies, playbooks, templates, trainings, and AI

About You:

• California Bar admission or eligible for Registered In-House Counsel exception and in good standing.
• 12+ years of legal experience, including meaningful product counseling, privacy, and/or regulatory experience in-house at a high-growth technology company serving enterprise customers
• Strong understanding of AI, cloud services, and general b2b SaaS, PaaS, and IaaS business practices and relevant global regulatory requirements
• Strong judgment and creativity around risk-assessment and mitigation. Able to make decisions with imperfect facts, embracing Vercel’s speed and obsession with product innovation
• Deep technical literacy. Comfortable mapping technical architectures, data flows, and controls into legal risk frameworks. Excited to dig deep to understand Vercel’s evolving product suite.
• Exceptional communication and advocacy skills, particularly with non-lawyers
• Cooperative approach, willing to take on additional responsibilities where no job is too big or too small
• Experience managing legal teams, building strategic programs, and partnering with senior business and technical leaders.
• Fluency with AI tools

Bonus If You:

• Prior history leading litigation and IP (including familiarity with open source software)
• Experience supporting IPO readiness, M&A integration, and cyber incidents
• Hands-on experience with DMCA, Digital Services Act, HIPAA, FedRAMP, and other regulations and certifications applicable to Vercel

Benefits:

• Competitive compensation package, including equity.
• Inclusive Healthcare Package.
• Learn and Grow - we provide mentorship and send you to events that help you build your network and skills.
• Flexible Time Off.
• We will provide you the gear you need to do your role, and a WFH budget for you to outfit your space as needed.

The San Francisco, CA base pay range for this role is $310,000 - $340,000. Actual salary will be based on job-related skills, experience, and location. Compensation outside of San Francisco may be adjusted based on employee location. The total compensation package may include benefits, equity-based compensation, and eligibility for a company bonus or variable pay program depending on the role. Your recruiter can share more details during the hiring process. 

Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our Vancouver office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 CAD - $240,000 CAD. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our New York office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our Seattle office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

Strength in Trust

Our goal at OneTrust is to bring the power of trust to companies all over the world. Using cutting-edge technology and a real-world approach to compliance, privacy, security, ethics, and third-party risk, we’ve created a no-nonsense platform to help supercharge the global push for trust.

The Challenge

Your Mission

• Establish Trusted Advisor status with senior business and technology leaders.
• Develop and present strategic application and architectural design documents leveraging OneTrust best practices.
• Lead strategic workshops and develop high-level solution recommendations based on business objectives and feasibility trade-offs.
• Deliver thought leadership through presentations, webinars, and learning events to highlight customer use cases and reference architectures.
• Provide strategic subject matter expertise through advisory sessions, pre-sales support, and field assistance.
• Collaborate with external teams to align roadmaps and technical architectures with strategic business goals.
• Translate and implement strategic needs into functional OneTrust technology-driven solutions.
• Proactively identify and analyze strategic issues/obstacles and recommend appropriate courses of action.
• Successfully present to both implementation teams and C-level executives, earning their trust.
• Advocate for customers by providing strategic insights to the Product organization on future release needs and challenges.
• Refine and improve internal processes and methodologies based on strategic customer feedback and evolving industry standards.
• Manage multiple strategic engagements simultaneously, ensuring timely and successful delivery.
• Engage with customers to build long-term strategic relationships and ensure ongoing success.
• Mentor junior team members to enhance their strategic skills and knowledge.
• Establish structured feedback loops with customers to continuously improve OneTrust products and services.

You Are/Have

• Demonstrated ability in management, mentorship, and organizational behavior.
• Strategic thinker with the ability to quickly learn and apply new concepts, business models, regulations, and technologies.
• Deep aptitude for communicating complex business and technical concepts using visualization and modeling aids.
• Proven record of accomplishment of establishing trusted advisor relationships with senior stakeholders.
• Demonstrated expertise in customer-facing privacy and security consulting, implementation, and advisory roles.
• Impressive written and verbal communication skills, including proficient presentation abilities.
• Ability to work autonomously, prioritize, multitask, and perform appropriately under deadlines.

Your Experience Includes 

• BA/BS in a related subject is required
• 3-5 years of experience in a Privacy role
• Demonstrated success working with enterprise customers on technical products
• Proven ability to engage across corporate functions (Professional Services, Engineering, Sales and Product Management)
• Functional experience in troubleshooting software and web services
• Experience in using software for reporting and task management such as Salesforce preferred

Extra Awesome 

• Relevant certifications (CIPP/E, CIPP/US, CIPM, CIPT, FIP, GRCP, GRCA, AIGP, LPEC, etc.)
• Knowledge of privacy, ethics, security, data governance, risk management, compliance, or sustainability concepts or industry trends
• Intermediate/ Expert working knowledge of the following:
  • APIs (REST and SOAP)
  • File access, sharing, and/or management workflows (S3 and SFTP)
  • Various web application authorization types (Basic, Bearer, OAuth 2, API Key, Custom, Open ID Connect, etc.)
  • Related programming/scripting languages and libraries (JavaScript, Python, PowerShell, SQL, C#, Ruby, PHP, FreeMarker, etc.)
• Extensive experience implementing and troubleshooting integrations
• Excel at learning emerging technologies and creating technical solutions

Governance, Risk & Compliance (GRC) Manager

Sigma is seeking an experienced GRC Manager to lead and scale our governance, risk, and compliance programs. This role is based in our San Francisco office or upcoming New York office and reports to the General Counsel. You'll have the opportunity to build a strategic, enterprise-wide GRC function that enables business growth while managing organizational risk.

As our GRC Manager, you'll partner with Legal, Engineering, Product, Sales, Operations, and leadership to develop a comprehensive GRC framework that protects Sigma's interests, supports our strategic objectives, and builds stakeholder trust. You'll mature our governance structures, implement scalable risk management processes, and ensure compliance with applicable regulatory requirements—all while enabling the business to move quickly and confidently.

What You'll Do

Governance

• Design and implement governance frameworks, including reporting, policy governance, and control oversight
• Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions
• Build and lead a governance committee structure that provides appropriate oversight and decision-making
• Create governance dashboards and metrics to provide visibility into program maturity and effectiveness
• Partner with leadership to align governance activities with business strategy and risk appetite

Risk Management

• Develop and operate a comprehensive Enterprise Risk Management (ERM) program
• Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register
• Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises
• Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring
• Create risk treatment plans and track remediation activities across the organization
• Facilitate risk-informed decision-making at all levels of the organization
• Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately

Compliance

• Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards
• Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact
• Partner with HR and Legal to support labor & employment compliance programs, including workplace safety, anti-discrimination, wage and hour requirements, and multi-jurisdictional employment regulations
• Monitor and ensure adherence to industry-specific regulatory requirements relevant to Sigma's business operations
• Manage security awareness training programs enterprise-wide
• Conduct internal audits and assessments to validate control effectiveness
• Coordinate external audits and assessments with third-party auditors

Business Enablement

• Support sales and customer success teams with compliance documentation and security inquiries
• Develop customer-facing materials that articulate Sigma's risk management and compliance posture
• Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)
• Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation
• Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements

What You Bring

Required

• 4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies
• Demonstrated experience building or significantly maturing a GRC program from the ground up
• Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)
• Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)
• Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)
• Experience developing and maintaining information security and privacy policies, procedures, and control frameworks
• Strong business acumen with ability to translate risk and compliance requirements into business value
• Excellent communication skills with ability to influence stakeholders at all levels, including leadership
• Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment
• Collaborative mindset and commitment to enabling business success while managing risk

Preferred

• Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar)
• Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective
• Experience with labor & employment compliance or cross-functional collaboration with HR on regulatory matters
• Familiarity with multi-state or international employment regulations
• Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or similar)
• Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP
• Experience in high-growth SaaS or technology companies
• Background in both technical and operational risk management
• Experience working in organizations with distributed or remote teams
• Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP

Why Join Sigma

This is an opportunity to build a world-class GRC program that doesn't just check boxes but genuinely enables the business to pursue opportunities with confidence. You'll work across the entire organization, have direct access to the General Counsel, and make a tangible impact on how Sigma manages risk and creates value for customers.

Additional Job details

The base salary range for this position is $190k - $215k annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work at Sigma Computing. This role is eligible for stock options, as well as a comprehensive benefits package.

Governance, Risk & Compliance (GRC) Manager

Sigma is seeking an experienced GRC Manager to lead and scale our governance, risk, and compliance programs. This role is based in our San Francisco office or upcoming New York office and reports to the General Counsel. You'll have the opportunity to build a strategic, enterprise-wide GRC function that enables business growth while managing organizational risk.

As our GRC Manager, you'll partner with Legal, Engineering, Product, Sales, Operations, and leadership to develop a comprehensive GRC framework that protects Sigma's interests, supports our strategic objectives, and builds stakeholder trust. You'll mature our governance structures, implement scalable risk management processes, and ensure compliance with applicable regulatory requirements—all while enabling the business to move quickly and confidently.

What You'll Do

Governance

• Design and implement governance frameworks, including reporting, policy governance, and control oversight
• Establish and maintain enterprise policies, standards, and procedures across technology, security, privacy, and operational functions
• Build and lead a governance committee structure that provides appropriate oversight and decision-making
• Create governance dashboards and metrics to provide visibility into program maturity and effectiveness
• Partner with leadership to align governance activities with business strategy and risk appetite

Risk Management

• Develop and operate a comprehensive Enterprise Risk Management (ERM) program
• Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register
• Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises
• Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring
• Create risk treatment plans and track remediation activities across the organization
• Facilitate risk-informed decision-making at all levels of the organization
• Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately

Compliance

• Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards
• Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact
• Partner with HR and Legal to support labor & employment compliance programs, including workplace safety, anti-discrimination, wage and hour requirements, and multi-jurisdictional employment regulations
• Monitor and ensure adherence to industry-specific regulatory requirements relevant to Sigma's business operations
• Manage security awareness training programs enterprise-wide
• Conduct internal audits and assessments to validate control effectiveness
• Coordinate external audits and assessments with third-party auditors

Business Enablement

• Support sales and customer success teams with compliance documentation and security inquiries
• Develop customer-facing materials that articulate Sigma's risk management and compliance posture
• Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)
• Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation
• Partner with Sales Engineering and Solutions teams to address prospect security and compliance requirements

What You Bring

Required

• 4+ years of experience in governance, risk management, and/or compliance roles, preferably in SaaS or technology companies
• Demonstrated experience building or significantly maturing a GRC program from the ground up
• Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar)
• Experience implementing risk management frameworks (COSO, ISO 31000, NIST RMF, or similar)
• Strong knowledge of data privacy regulations and their practical application (GDPR, CCPA, etc.)
• Experience developing and maintaining information security and privacy policies, procedures, and control frameworks
• Strong business acumen with ability to translate risk and compliance requirements into business value
• Excellent communication skills with ability to influence stakeholders at all levels, including leadership
• Proven ability to manage multiple priorities and stakeholders in a fast-paced, high-growth environment
• Collaborative mindset and commitment to enabling business success while managing risk

Preferred

• Experience with GRC platforms (ServiceNow GRC, Archer, LogicGate, or similar)
• Hands-on experience with cloud environments (GCP, AWS, Azure) from a compliance and security perspective
• Experience with labor & employment compliance or cross-functional collaboration with HR on regulatory matters
• Familiarity with multi-state or international employment regulations
• Experience with continuous compliance automation tools (Vanta, Drata, Secureframe, Tugboat, or similar)
• Professional certifications such as CRISC, CISA, CISM, CGEIT, CISSP, or CIPP
• Experience in high-growth SaaS or technology companies
• Background in both technical and operational risk management
• Experience working in organizations with distributed or remote teams
• Familiarity with security frameworks such as NIST CSF, CIS Controls, or OWASP

Why Join Sigma

This is an opportunity to build a world-class GRC program that doesn't just check boxes but genuinely enables the business to pursue opportunities with confidence. You'll work across the entire organization, have direct access to the General Counsel, and make a tangible impact on how Sigma manages risk and creates value for customers.

Additional Job details

The base salary range for this position is $190k - $215k annually.

Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work at Sigma Computing. This role is eligible for stock options, as well as a comprehensive benefits package.

About the Role: 

We’re looking for a Security Engineering Lead to own and drive Anthropic’s Corporate Security program. This is a player-coach Tech Lead Manager (TLM) role: you’ll be both the most senior technical individual contributor on corporate security and the people leader for a lean, high-impact team of Security Engineers. You will set the technical direction, write code and ship tooling alongside your team, and build the culture and processes that allow the team to scale.

Corporate Security at Anthropic encompasses everything that protects our people, endpoints, networks, SaaS ecosystem, and corporate data—the full surface area outside of production infrastructure. The scope is broad and the team is deliberately small, which means you’ll need deep technical skills across multiple domains, strong judgment about where to invest, and a bias toward automation and engineering-driven solutions over manual process.

You’ll report into Security leadership and partner closely with IT, Infrastructure Security, Detection & Response, and GRC teams. This role is high-visibility and high-autonomy: you’ll be expected to define the roadmap, make architectural decisions, and represent Corporate Security across the company.

Responsibilities: 

Technical Leadership & Hands-on Engineering

• Own the security architecture, tooling, and controls for Anthropic’s corporate environment end-to-end, including endpoint fleets (macOS, Windows, ChromeOS), campus and office networks, SaaS applications, mobile devices
• Design, build, and ship security automation, integrations, and internal tooling—including leveraging Claude and LLMs to accelerate security workflows
• Define and enforce security baselines, hardening standards, and configuration policies across all corporate platforms
• Define what it means to operate safely in an environment where AI agents act more like humans than actual humans
• Evaluate, determine, deploy, and operate corporate security tools (EDR/XDR, MDM, ZTNA, CASB/SSPM, email security, DLP, browser security, etc.)
• Drive vulnerability management for corporate assets, including patch orchestration, risk-based prioritization, and exception management
• Lead security reviews of new SaaS adoptions, corporate infrastructure changes, and IT projects

People Leadership & Team Building

• Manage, mentor, and grow a purposefully lean team of Security Engineers; set clear expectations, run effective 1:1s, and create an environment where engineers do the best work of their careers
• Hire and build the team as scope expands—own the hiring bar and pipeline for Corporate Security Engineering roles
• Balance your own IC contributions with the team’s needs; know when to go deep on a problem yourself and when to delegate and coach
• Foster a culture of operational excellence, blameless incident review, and continuous improvement

Strategy & Cross-Functional Partnership

• Define and own the Corporate Security roadmap, aligning investments to Anthropic’s risk profile and growth trajectory
• Partner with IT Operations to ensure security is embedded in endpoint provisioning, network design, and SaaS lifecycle management
• Collaborate with Detection & Response on telemetry coverage, detection engineering, and incident handling for corporate-sourced events
• Partner with Infrastructure and Security Engineering teams to ensure security standards are consistent across all of Anthropic
• Communicate security posture, risks, and investment needs to Security leadership and cross-functional stakeholders clearly and persuasively

You may be a good fit if you:

• Have 8+ years of Security Engineering experience in a corporate/enterprise security domain (endpoint security, network security, SaaS security, identity, or a combination)
• Have 2+ years of experience managing or tech-leading a team of engineers, with a demonstrated track record of developing talent and shipping results through others
• Are a strong engineer who still writes code regularly—you can prototype a tool, write a detection, build an integration, or debug a complex configuration issue
• Have deep experience with macOS fleet security (this is our primary platform) and solid working knowledge of Windows and ChromeOS security
• Have hands-on experience deploying and operating EDR/XDR, MDM, ZTNA/zero trust, and identity security solutions at scale
• Understand modern SaaS security challenges: shadow IT, OAuth token sprawl, data exfiltration paths, SaaS-to-SaaS integrations, and SSPM/CASB tooling
• Can work independently with high autonomy, manage ambiguity, and make sound risk-based prioritization decisions in a fast-paced environment
• Have excellent communication skills and can translate complex security topics into clear recommendations for technical and non-technical audiences

Strong candidates may have:

• Securing corporate environments at high-growth AI, cloud, or developer-tools companies 
• Maturing a Corporate Security function from early stage, including defining scope, selecting the initial toolset, and hiring the founding team
• Advanced macOS security (system extensions, endpoint security framework, MDM profile engineering, Declarative Device Management)
• Network security architecture for hybrid/multi-office environments, including SD-WAN, ZTNA, DNS security, and network segmentation
• Browser security and isolation technologies (e.g., Island, Talon/Palo Alto, Chrome Enterprise)
• Proficiency in Python, Go, or similar languages for building security tooling and automation
• Experience leveraging LLMs/AI to augment security operations, build investigative tooling, or automate policy enforcement
• Familiarity with IaC (Terraform), CI/CD pipelines, and DevSecOps practices as they apply to corporate infrastructure management
• Mobile security for iOS/Android in a BYOD and corporate-managed device environment
• Data Loss Prevention (DLP) program design and implementation across endpoints, email, SaaS, and cloud storage

Deadline to apply: None. Applications will be received on a rolling basis.

This role can be worked hybrid from these SoFi Offices and possibly 100% remote

San Francisco, CA

Salt Lake City, UT

Seattle, WA

Enterprise Architect (Enterprise Architecture Practice Lead) — SoFi

The Role:

SoFi is seeking an experienced Enterprise Architect to drive the expansion and enhancement of our Enterprise Architecture (EA) practice. While the foundation of our EA function exists, we are looking for a visionary leader to help take the practice to the next level—maturing our methodologies, scaling our standards, and deepening the alignment between our technology investments and SoFi’s rapid growth.

The ideal candidate is business-savvy and technically proficient: a generalist across business, application, data, and technology architecture domains who applies holistic thinking to align technology, business process, risk, and financial outcomes to SoFi’s strategy. Reporting into the Technology organization, you will be a hands-on leader who instantiates the enterprise continuum, establishes rigorous standards, and coaches others in areas such as governance and roadmap development.

What You’ll Do:

1) Strategic Planning & Enterprise Vision

• Enhance and scale the long-term enterprise technology roadmap and vision, ensuring it evolves alongside SoFi’s corporate strategy and operating model.
• Evaluate existing systems and identify modernization opportunities across platforms and shared services to support future business needs.
• Assess emerging technologies—including AI-enabled productivity and automation—to enhance innovation while maintaining architectural integrity.
• Drive financial rigor in technology decisioning, leveraging metrics such as ROI, EVA, and NPV to justify architectural shifts.

2) Architecture Design, Standards & Governance

• Mature the EA practice by curating the enterprise continuum, defining reference architectures, and establishing "gold standards" for the organization.
• Own and enforce architecture governance policies and change advisory processes that ensure systems are scalable, secure, resilient, and interoperable.
• Mature the governance and lifecycle management of our SaaS application portfolio, ensuring consistency, security, and cost-efficiency across the organization.
• Architect the infrastructure and integration patterns required to support our enterprise AI strategy and other high-scale initiatives.

3) Architecture Across Domains

• Business & Security Architecture
• Examine all business processes and technology in a holistic manner, ensuring alignment via methodologies like cascading goals or OKRs.
• Deepen the architectural integration of core corporate processes, including Order to Cash, Procure to Pay, Hire to Retire, Security, and GRC (Governance, Risk, and Compliance).
• Ensure that security and risk management are "baked into" the business architecture rather than treated as an afterthought.
• Applications & Data Architecture
• Lead the design of large-scale, complex enterprise systems using loosely-coupled, service-oriented architecture (SOA) and microservices patterns.
• Oversee enterprise-level application portfolio management, roadmapping, and the maturation of master data management solutions.
• Guide the evolution of data platforms, including EDW/data lakes, ETL/ELT, and real-time streaming data(e.g., Kafka).
• Technology Architecture
• Provide architectural oversight for data center building blocks and cloud capabilities (ideally AWS).
• Proven experience implementing Architecture-as-Code and 'Shift-Left' principles to automate architectural compliance within CI/CD pipelines.
• Proven experience transitioning from manual architectural reviews to a Guardrails-based Governance model that integrates compliance checks directly into the SDLC.

4) Stakeholder Collaboration & Leadership

• Act as the primary bridge between high-level business strategy and technical implementation, translating complex technical trade-offs into business terms for executive leadership.
• Demonstrate diplomacy and persuasion when orchestrating enterprise-wide changes, collaborating effectively across all levels of the organization.
• Passionately elevate the technical talent around you through mentoring, coaching, and establishing best practices that improve productivity and quality across multiple engineering teams.

Requirements:

• 10+ years of broad experience across the architecture domains of: business, applications, data, and technology.
• Proven track record in a similarly scoped role, having owned or significantly enhanced the design and strategy for an organization’s enterprise technology.
• Business Architecture Expertise: Working knowledge of common corporate processes (Order to Cash, Procure to Pay, Hire to Retire, Security and GRC) domains.
• Technical Leadership: Deep understanding of SOA, microservices, and REST APIs (XML/JSON), with real-world experience building scalable, globally-shared solutions.
• Data Proficiency: Experience with master data management, data warehousing, and big data streaming/ETL patterns.
• Infrastructure Awareness: Exposure to IaaS (AWS), IaC, and CI/CD-driven automation.
• Framework Knowledge: Demonstrable knowledge of common frameworks such as TOGAF, Zachman, ISO, ITIL, or Agile/SaFE.
• Communication: Exceptional communication skills with the ability to syndicate roadmaps and influence executive-level stakeholders.
• Tooling: Familiarity with productivity platforms (Google Workspace, Slack, Jira) and emerging AI tools (Copilot, Gemini, Glean) is appreciated.

Education:

• Bachelor’s or Master’s degree in information systems, computer science, or a combination of degrees spanning technical and business disciplines.
• Current TOGAF certification is a plus.

#LI-REMOTE

Who we’re looking for

We are seeking a highly skilled and experienced Director, Information Security to join our team at Fieldwire, a leading provider of Construction Software (SW) solutions. The Director, Information Security for Fieldwire is a Line of Defense 1 role and will be responsible for defining, owning and implementing our product security program, ensuring compliance with legal and regulatory requirements. This role requires a strategic thinker with strong delivery and communication skills, as well as in-depth knowledge of product security protocols, technologies, and standards. 

What you’ll be doing

The primary responsibilities for our next Director of Information Security will be to:

• Act as Product Business Information security officer for Fieldwire  
• Develop, own and implement Fieldwire product security improvement plan.  
• Identify and assess product security risks and threats.  
• Collaborate with Fieldwire management to integrate security measures into the SW product and business processes.  
• Report to management on security incidents and measures.  
• Support the Head of Construction SW Security & GRC in all aspects of cyber security  
• Work closely with other Information Security Officers within Hilti, the Group CISO.  
• Analyze regulatory and legal developments (e.g., NIST, CRA, NIS2, EU AI data act), translate these into actionable requirements, and oversee their implementation.  
• Independently manage business projects related to information and product security, from requirements to implementation.  
• Take responsibility for specific security topics such as Cloud & AI Security or technical risk analysis within Fieldwire.  
• Contribute to the continuous improvement of the security architecture, the ICS, and the ICT & cyber risk management for Fieldwire.  
• Own and maintain Fieldwire SOC2 certification and support Group ISO27001 certification  
• Coordinate internal and external audits in the field of information and product security and support the implementation of the resulting measures. 

At Fieldwire, we’re looking for our next Director of Information Security to have the following skills and experiences

• Bachelor’s or master’s degree in computer science, Information Technology, Information Security, Cybersecurity, or a related field.   
• Several years of experience in a security officer role in SW/IT security.  
• Multiple years of experience in product/SW security  
• In-depth knowledge of security protocols, technologies, and standards (e.g., ISO 27001, SOC2, NIST).  
• Experience in developing and implementing security programs.  
• Certifications such as CISSP, CISM, CISA, or equivalent are advantageous.  
• Proficiency in security frameworks, risk management, incident response, and security architecture.  
• Excellent analytical and problem-solving skills. Ability to assess risks and develop mitigation strategies.  
• Demonstrate assertiveness.  
• Strong written and verbal communication skills. Ability to convey complex security concepts to non-technical stakeholders.  
• Capacity to adapt to a fast-paced and evolving environment. Commitment to staying updated on the latest security trends and technologies.  
• High level of integrity and ethical standards. Commitment to protecting the Construction SW’s information assets. 

And if you have any of the following, we REALLY want you to apply today!

• Technical understanding in areas such as Cloud & AI Security, IAM, Endpoint Security, Data Security, SDLC, DevSecOps, Application Security.  
• Strong conceptual skills, high level of self-responsibility, and structured, solution-oriented approach to work.  
• Strong communication skills, an audience-appropriate manner of expression, and a convincing presence.  
• Good knowledge of the construction industry and regulations is a great advantage.  
• Fluent in English.

This job description is designed to attract highly qualified candidates who are passionate about information security and eager to contribute to the success of our Construction SW offering. If you meet the qualifications and are ready to take on this challenging role, we encourage you to apply. 

Compensation:

The estimated pay ranges for this role are as follows: $220,000 - $300,000

The salary range represents the low and high end of the salary range for this job in the US. Minimums and maximums may vary based on location. The actual salary offer will carefully consider a wide range of factors such as your skills, qualifications and experience. In addition to the salary, you may be eligible for a corporate bonus which can range up to 30%.

Why Fieldwire?

The field-first construction platform for less busywork and more building. Trusted on 4M+ projects worldwide, Fieldwire by Hilti gives crews reliable access to plans, tasks, and updates on one simple platform. It unites the field and office around a single, transparent source of truth, keeping teams aligned from start to finish. Designed for easy adoption, crews gain real-time visibility into progress, clear ownership of work, and the context to make confident decisions. As part of the Hilti Group, Fieldwire combines deep construction expertise with modern digital innovation to deliver better outcomes on every job. Learn more at Fieldwire.com.

Where is the job located?

This role is hybrid and based in San Francisco, California. Our headquarters are based in beautiful San Francisco and our office is centrally located right off of Embarcadero Bart station.

About SecurityScorecard:

SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint. 

Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.”  SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

About the Role

SecurityScorecard's Solutions Architects team are trusted security advisors and business partners both internally and to prospective clients, offering deep knowledge about the market and our solution. We are intellectually curious, find great reward in delivering valuable solutions to customers, and are passionate about cybersecurity.

We are looking for an experienced and dynamic Solutions Architecture to work with our Sales teams across the US. The candidate will own the pre-sales technical engagement with our customers. The ideal candidate will have a strong technical background, exceptional verbal skills and be a strong cross functional collaborator.

Success in this role requires security and technical acumen to develop a deep understanding of SecurityScorecard's architecture and services and a consultative approach to understanding customer business needs. You'll leverage your strategic communication skills to engage in technical and business discussions with engineers and senior decision makers alike, translating customer needs into technical requirements and conveying the merit of SecurityScorecard's solutions throughout.  

NOTE:  It is a requirement that this role is in the Pacific or Mountain time zones.

Key Responsibilities

• Collaborate with the Sales team to identify technical requirements and develop customized solutions that address complex client needs, while driving revenue growth and customer satisfaction
• Delivery of compelling technical presentations, product demonstrations and Proof of Value projects for prospective clients
• Support SecurityScorecard at Industry events and C level round table events
• Work closely with Product Management and Engineering to provide market feedback and influence product roadmap based on customer needs and competitive landscape
• Proven track record of gathering detailed success metrics for customer PoV’s, including tracking and reporting
• Awareness and enforcement of MEDDPICC best practices in sales cycles
• Become a subject matter expert on cyber first Supply Chain services.
• Ability to engage with all different types of personalities and working styles across the team
• Build and foster strong relationships with other business teams, such as Marketing, Support and Customer Success
• Not afraid to be a champion for your prospects, advocating for their needs.

Skills and Experience

• 5+ years of relevant work experience (cybersecurity, TPRM, GRC, and/or similar)
• Demonstrated presentation and interpersonal skills; communicate in front of large groups with a mixed audience of technical and non-technical 
• Experience working with enterprise level clients and managing complex sales cycles
• Demonstrated ability to manage complex technical projects, demonstrate clear business value and lead technical strategy in sales engagements
• Bachelor Degree in Computer Science or equivalent work experience
• Sales experience NOT REQUIRED, but experience of selling technical SaaS and/or managed service solutions a plus
• Industry Certifications such as CEH, CISSP, CompTIA Security+ CISA  GCIH etc a plus

Traits

• Highly motivated self starter who works well cross functionally
• Intellectually curious; seeks to continually self-educate and evolve domain specific knowledge 
• Willing to travel on day and overnight trips throughout the US

Benefits:

Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!

The estimated total compensation range for this position is $100,000 - $195,000 (base plus bonus). Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance-based incentive compensation awards and equity, among other company benefits. 

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law. 

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law. 

SecurityScorecard does not accept unsolicited resumes from employment agencies.  Please note that we do not provide immigration sponsorship for this position.   #LI-DNI

Sr Manager, InfoSec Governance Risk and Compliance (GRC)

(San Francisco Bay Area, California, United States)

Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.

COMPANY OVERVIEW

At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. 

We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. 

Learn more at www.ivalua.com. Follow us on LinkedIn and Twitter.

THE OPPORTUNITY

CONTEXT:

Our InfoSec team is dedicated to building, maintaining, and continuously improving Ivalua’s Information Security program globally. We provide peace of mind and assurance of protection and safety to our customers. In this fast-growing environment, the GRC program is critical to ensuring compliance with industry standards and certifications, managing risks, and supporting business growth.

ROLE:

We are currently looking for an experienced InfoSec Governance Risk and Compliance (GRC) Sr Manager to lead a global team and own the GRC program worldwide. Reporting to the InfoSec leadership, you will manage and develop a high-performing team, drive compliance efforts, and serve as a subject matter expert on security frameworks and standards.

WHAT YOU WILL DO WITH US

• Lead and own the Governance, Risk, and Compliance (GRC) program globally, managing and developing a high-performing team.
• Manage and drive compliance efforts and audits for certifications such as FedRAMP, IRAP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, and others.
• Serve as the subject matter expert (SME) on security frameworks and standards including NIST SP 800-53 Rev 5, NIST 800-171, ITAR, FedRAMP, PCI DSS, SOC2, etc., providing guidance to internal stakeholders.
• Efficiently manage and respond to customer security audit and compliance requests in a timely manner.
• Maintain continuous compliance and monitoring of security controls to ensure ongoing adherence to standards.
• Collaborate closely with Sales, Marketing, and Customer Success teams to effectively communicate Ivalua’s security posture to prospects and customers.
• Review and negotiate information security exhibits and contractual terms in partnership with the legal team.
• Lead the Security Awareness and Training program to promote a culture of security across the organization.
• Track, manage, and drive remediation efforts for control deficiencies and gaps identified through internal and external audits.
• Oversee the Third Party Risk and Vendor Security Assessment program to mitigate supply chain risks.
• Develop, maintain, and enforce InfoSec policies, standards, and plans.

YOUR PROFILE

If you have the below experience and strengths this role could be for you:

Skills and Experience:

• At least 7+ years of proven experience leading GRC programs and managing compliance certifications and audits (FedRAMP, ISO 27001, HIPAA, SOC1/SOC2, PCI DSS, IRAP, etc.). 
• At least 3+ years experience as a direct leader, managing a team. The position will be part of an established global team with opportunity to grow the team
• Strong knowledge of security frameworks such as NIST SP 800-53, NIST 800-171, ITAR, PCI DSS, SOC2, and FedRAMP.
• Demonstrated ability to manage and influence stakeholders across multiple departments and time zones.
• Excellent project management, analytical, and problem-solving skills with keen attention to detail.
• Strong interpersonal and communication skills, capable of building trust and managing conflicts effectively.
• Self-motivated with a high degree of initiative and ability to work independently.
• Ability to handle multiple competing priorities and deadlines efficiently.
• Bachelor’s degree in related field preferred or equivalent experience with proven skills

Soft Skills:

• Excellent interpersonal, communication, and organizational skills.
• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
• High degree of initiative, dependable, and able to work well with limited supervision.

WHAT HAPPENS NEXT

If your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply today!

Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you!

Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role.

Interviews will be conducted virtually via video or on-site with face-to-face meetings.

LIFE AT IVALUA

• Hybrid working model (3 days in the office per week)
• We're a team dedicated to pushing the boundaries of product innovation and technology
• Sustainable Growth, Privately Held
• A stable and cash-flow positive Company since 10 years
• Snacks and weekly lunches in the office
• Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity
• Unlock and unleash your full professional potential with our exceptional training and career development program
• Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued
• Regular social events, competitive outings, team running events, and musical activities,
• Comparably recognized Ivalua for the following (https://www.comparably.com/companies/ivalua) : 

Powered by People - Powered by You!

United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/

Experience life at Ivalua - check out our captivating video! Gain insight into our unique company culture and get a glimpse of what it's like to work with us.

Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents.

The compensation range for this position reflects the cost of labor across our US locations and is based upon careful and continual market research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience.

Title: Manager, InfoSec Governance Risk and Compliance (GRC)

Range minimum: USD 112000

Range maximum: USD 208000

Additional compensation / rewards: Ivalua also offers exceptional benefits including medical, dental, vision and transportation.

#LI-SG1

#LI-HYBRID

Job Purpose:
BTIG is seeking an Associate who will help lead and evolve the governance engine of a global, mid-sized investment bank to support our next phase of growth.  You will report directly to the CISO and be responsible for security assurance, compliance operations, and technology risk management.  You will help maintain control readiness, perform testing and evidence collection, and support risk and vendor assessments for internally developed systems and SaaS applications.  Your work will directly protect the firm's reputation and enable its business.  We don’t expect you to know every regulatory framework on day one. We do expect you to write exceptionally well, ask smart questions, and possess the grit to see difficult tasks through completion. 

Duties & Responsibilities:

IT Governance, Risk and Compliance (GRC) 

• Third-Party Risk Management (TPRM): Own the vendor security review process.  You will assess third-party vendors to ensure compliance with the firm's standards, requiring understanding of our core business processes, attention to detail, and the persistence to chase down answers. Obtain and meticulously review SOC reports (e.g., SOC 1, SOC 2) for critical third-party service providers, evaluating their adherence to 'Complementary Controls at User Entities' and ensuring our internal alignment. 
• Client & Regulatory Due Diligence: Support the completion of external security questionnaires.  You will articulate BTIG’s security posture to institutional clients and regulators, translating technical controls into clear, professional narratives. 
• IT Controls & Audit Collaboration: Assist with internal SOX IT controls audits and access control reviews across our technology stack, including in-house developed systems and third-party SaaS platforms.  You will work with engineering teams to verify that permissions are correct and ensure evidence is gathered efficiently. Actively participate in external IT audits, specifically focusing on validating and documenting controls related to access management, change control, and system operations for key systems that handle financial data. 
• Business Continuity & Disaster Recovery (BCDR): Assist the CISO in maintaining and testing the firm's Business Continuity and Disaster Recovery plans, including documentation updates, tabletop exercises, and coordination with Infrastructure and Operations teams to ensure recovery time objectives (RTOs) are achievable. 

Operational Support 

• Policy Development: Assist in drafting and maintaining information security policies and procedures. 
• Perform risk assessments and gap analyses for IT systems that handle PHI and financial data. 
• Automate and monitor controls through scheduled reviews, scripts, or tooling to reduce manual effort and improve coverage. 
• High-Touch Support: Experience directly supporting executives is valuable here; you will act as a bridge between the CISO and various business units, requiring professionalism and discretion. 

AI & Innovation 

• AI Governance: Support the CISO in defining the guardrails for Generative AI that balance innovation with risk (e.g., data leakage, appropriate use). 
• Applied AI/Automation: Utilize prompt engineering and automation tools to streamline governance workflows. If you can script it or prompt it to save time, we want you to build it. 

Requirements & Qualifications:

• Education: Bachelor’s degree in a related field or equivalent experience. While not required, preferred certifications include Security+, CISA, CRISC, or CISSP. 
• Experience: 2–4 years of experience in IT Governance, Risk & Compliance (GRC), IT Security Risk Management, Risk Audit, Data Privacy Investigation, Technology Risk, and/or Information Security (ideally with a background in Financial Services). 
• Security Framework Knowledge: Working familiarity with standard security frameworks such as NIST CSF, ISO 27001/27002, COBIT, SOC 2 type 2 and CIS controls, etc. 
• Analytical Skills: Experience reviewing IT solution requirements and implementing security controls. Strong analytical and risk assessment skills with the ability to design compensating controls for security vulnerabilities and assess business impact of security tools and policies. 
• General Technical Proficiency: Microsoft Office 365 and associated applications; Excel, Teams, Forms, PowerQuery, etc. 
• Growth Mindset: You are resilient and don't get discouraged by manual processes; you look for ways to optimize them. 
• Communication: Excellent written communication is non-negotiable. You must be able to explain complex technical risks to non-technical stakeholders clearly and concisely. 
• AI Familiarity: Demonstrated interest or experience with LLMs (ChatGPT, Claude, Copilot). Experience with prompt engineering or Python scripting for automation is highly valued. 
• Curiosity: You read about LLM risks, changing regulations or new breaches for fun. You are technically apt enough to converse with engineers but focused on governance. You never have enough knowledge about the business or systems you help oversee. 

Important Notes:

• Must be authorized to work full time in the U.S., BTIG does not offer sponsorship for work visas of any type
• No phone calls please, the applicant will be contacted within two weeks if successful

About BTIG:

BTIG is a global financial services firm specializing in institutional trading, investment banking, research and related brokerage services. With an extensive global footprint and more than 700 employees, BTIG, LLC and its affiliates operate out of 20 cities throughout the U.S., and in Europe, Asia and Australia. BTIG offers execution, expertise and insights for equities, equity derivatives, ETFs and fixed income, currency and commodities. The firm’s core capabilities include global execution, portfolio, electronic and outsource trading, investment banking, prime brokerage, capital introduction, corporate access, research and strategy, commission management and more.
 
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. BTIG is an equal opportunity employer Minorities/Females/People with Disabilities/Protected Veterans/Sexual Orientation/Gender Identity.

Compensation: 

• BTIG offers a competitive compensation and benefits package. Salary range is based on a variety of factors including, but not limited to, location, years of applicable experience, skills, qualifications, licensure and certifications, and other business and organization needs.
• The current estimated base salary range for this role is $110,000.00 - $140,000.00 per year. Please note that certain positions are eligible for additional forms of compensation such as discretionary bonus or overtime. 

Disclaimer: https://www.btig.com/disclaimer.aspx.

As Director, Security & Compliance, you’ll be responsible for building and managing out our Security and GRC (Governance, Risk, IT and Compliance) program, driving strategy and execution of Instabase security and compliance initiatives. This role will also lead the company’s IT function, ensuring secure and compliant internal systems.

What you’ll do

• Formulate and drive GRC roadmap, security policies, vendor security reviews and security training
• Initiate, own and lead new security & compliance programs and audits GDPR, SOC2, HIPAA and ISO 27001
• Establish and continuously improve standards, processes, tooling and procedures for audit and compliance management
• Collaborate and work cross-functionally across the company to deliver successful security compliance programs, partnering with Engineering, Product, GTM, Legal and HR teams
• Oversee IT operations, internal systems, and access controls in alignment with security best practices
• Work with external auditors to achieve security compliance certifications and reports
• Regularly report on status, operational metrics and KPI’s, providing transparency to company Leadership and internal stakeholder teams

About you:

• Extensive experience in security compliance, successfully leading compliance projects, risk assessments and audits
• FedRAMP (NIST 800-53), GDPR, SOC2, HIPAA and ISO 27001 auditing and implementation experience
• Experience working with Engineering teams within the modern cloud / SaaS technology space
• Excellent written and verbal communication skills
• Nice to have’s:
• Past experience at a Big Four consulting firm and/or reputable SaaS provider
• Engineering or Computer Science background

Compensation: The base salary range for this role is $250,000 to $ 300,000 + bonus, equity, and US Benefits. The actual pay may vary based on factors such as location, experience, and skills.

US Benefits:

• Flexible PTO: Because life is better when you actually live it!
• Comprehensive Coverage: Top-notch medical, dental, and vision insurance.
• 401(k) with Matching: We’ve got your back for a secure future. 
• Parental Leave & Fertility Benefits: Supporting you in growing your family, your way.
• Therapy Sessions Covered: Mental health matters— 10 free sessions through Samata Health.
• Wellness Stipend: For gym memberships, fitness tech, or whatever keeps you thriving.
• Lunch on Us: Enjoy a lunch credit when you're in the office.

#LI-Hybrid