Position Description:

The Enterprise Risk Management (ERM) Team PM is responsible for developing, instituting, and managing a FAIR-based and NIST-based ERM process to ensure that enterprise risks are appropriately recorded, managed, and leveraged to produce business logic that informs budget requests and cybersecurity strategy.

The ideal candidate has proven experience in managing ERM processes, tools, roles, reports, and forums, and how these align with FinOps and Governance, Risk & Compliance (GRC). 

The ideal candidate is fluent in NIST and FAIR risk methodologies and taxonomies and will be responsible for providing informed process architecture recommendations to stand up and maintain an ERM program and process. The program will include an ERM tool, stakeholder roles and responsibilities, a hierarchy of forums, to include the Executive Risk Function.

The individual will be responsible for working directly with the executive client to shape and realize this program and process while managing a small team in the day-to-day activities.

Key Responsibilities:

• Program Execution & Federal Alignment:
• Work directly with the executive clients to architect and develop an ERM program and process, informed by NIST and, FAIR methodologies, separate from but working in relation to FinOps and GRC processes.
• Develop a program roadmap for maturing and advancing the ERM program to include direct alignment with organizational budgetary decision-making.
• Roll out the ERM program and process to enterprise stakeholders to include process guidance and a clear RACI.
• Facilitate or support a hierarchy of ERM forums to include the Enterprise Risk Executive Function.
• Ensure stakeholder compliance with the established ERM program.
• Identify and implement continuous improvement.
• Supervisory & Team Management:
• Lead, mentor, and manage the ERM Specialist, fostering a collaborative and effective working environment.
• Assign and prioritize team tasks, set performance objectives, and provide regular feedback and coaching to ensure high-quality deliverables.
• Manage the day-to-day activities of the risk management team, ensuring compliance with established processes and timely completion of all duties.
• Operational & Tool Oversight:
• Manage the team's execution of the analysis, selection, and implementation of a suitable ERM registry tool, reporting progress and findings to federal counterparts.
• Institute the ERM registry tool and processes across the stakeholder landscape, working collaboratively with federal partners to drive adoption.
• Ensure the ERM program provides continuous support to all stakeholders, guaranteeing the accurate recording, maintenance, and disposition of enterprise risks within the registry.
• Facilitation & Reporting:
• Lead the team in facilitating or supporting a hierarchy of enterprise risk management forums.
• Prepare and deliver enterprise risk briefings to stakeholders and NNSA leadership, often in direct coordination with the Federal Executive.
• Develop and deliver clear, accurate, and transparent enterprise risk reporting and outputs to inform organizational funding decisions and strategy development; identify opportunities for and implement automation                          

Qualifications:

• Must be a US Citizen.
• Bachelor’s degree in Business Process Management, Enterprise Risk Management, or a related field
• 5+ years of professional experience in enterprise risk management as a business process.
• Strong experience managing project and program risks (end to end risk management)
• Client facing strong, working high level stakeholders
• Demonstrated experience in developing and implementing enterprise risk management processes, policies, tools, procedures, and outputs that inform business funding decisions.

Bonus:

Experience with risk registry tools, including requirements gathering and implementation.

ABOUT THE TEAM

The Corporate Assurance Team manages enterprise cybersecurity governance, risk, and compliance (GRC) by implementing and operationalizing global compliance frameworks across Anduril's corporate and product environments. The team serves as the bridge between regulatory requirements and engineering execution, ensuring that Anduril's rapidly evolving technology stack meets the highest standards of security and compliance.

ABOUT THE JOB

The Compliance Engineer is a technically hands-on role responsible for driving automation, compliance, and security engineering principles into the design, integration, and operation of Anduril's internal systems. This individual will be instrumental in securing Anduril's software development process by translating complex compliance requirements into scalable, automated, and developer-friendly solutions.

The ideal candidate brings a strong DevSecOps background with deep expertise in cloud infrastructure security, embedded systems security, and federal compliance frameworks. They are equally comfortable writing Terraform modules as they are interpreting NIST controls, and they thrive at the intersection of security policy and engineering execution.

This is not a paperwork-driven compliance role. This is a builder's role. You will architect and automate compliance infrastructure that enables Anduril's engineering teams to deploy secure, compliant applications by default — removing bottlenecks rather than creating them.

WHY THIS ROLE MATTERS

At Anduril, compliance is not a checkbox — it is an engineering discipline. The Compliance Engineer plays a critical role in ensuring that Anduril can move fast without compromising the security and regulatory posture required to serve national defense missions. By building compliance into the foundation of our infrastructure, you will directly enable engineering teams to focus on what they do best: building transformative technology that protects those who protect us.

KEY RESPONSIBILITIES

Infrastructure & Automation

• Design, develop, and maintain Infrastructure as Code (IaC) and Policy as Code (PaC) that enforce compliance with NIST SP 800-171 and 800-53, CMMC, and other applicable frameworks, enabling developers to deploy CMMC-certified applications using pre-packaged, compliant infrastructure templates.
• Architect, build, and deploy robust, scalable security controls across Anduril's corporate, development, and production cloud environments (AWS, Azure, GCP) and on-premise environments.
• Develop and automate IaC pipelines for managing and scaling cloud deployments securely and efficiently, including automated pipelines for deploying infrastructure, applications, and updates.
• Build automation for procedural compliance controls, generating compliance and audit artifacts at scale without manual intervention.
• Develop security models that integrate Continuous Monitoring (ConMon), DISA STIG scanning, and compliance reporting into a unified, automated workflow.
• Ensure that compliance requirements for rapid, secure deployments translate into robust, repeatable tool chains.

Compliance Engineering & Framework Implementation

• Analyze, interpret, and operationalize federal and industry cybersecurity regulations, including NIST SP 800-171 and 800-53, CMMC, FedRAMP, and SOC 2, translating regulatory language into actionable engineering guidance and enforceable technical controls.
• Evaluate system architectures and configurations to ensure alignment with required security controls for moderate-impact information systems.
• Interface directly with infrastructure teams to verify and enforce compliance across existing on-premise and cloud stacks, identifying gaps and driving remediation.
• Collect, review, and where necessary modify system architecture to meet evolving compliance requirements, ensuring that security is embedded into the design phase rather than bolted on after the fact.
• Conduct compliance testing, studies, and assessments of Anduril's products and integrated components to uncover potential weaknesses and validate control effectiveness.
• Develop, update, and maintain cybersecurity policies, standards, procedures, and playbooks in coordination with the Information Security Team.
• Stay current on changes to federal and industry cybersecurity regulations and proactively communicate their impact to engineering and leadership teams.

Cross-Functional Collaboration & Enablement

• Partner with engineers, the DevSecOps Team, and the Automation Team to implement and verify security controls in both corporate and product software environments.
• Act as a force multiplier by embedding security best practices into the workflows of infrastructure, application, and product teams, particularly for environments holding mission-critical data.
• Support and expedite the new software onboarding process by evaluating the technical requirements of new software for CMMC compliance and guiding developers through the path to compliant deployment.
• Coordinate and deliver briefings to ensure Anduril's technical teams understand their compliance obligations, translating complex security concepts for diverse technical and non-technical audiences.
• Brief security architectures and approaches to program leadership, providing clear recommendations and risk-informed guidance.
• Work closely with Information Systems leadership, project managers, and stakeholders to integrate compliance requirements into active projects and update or modify compliant systems as organizational needs evolve.
• Collaborate with other principals and subject matter experts to ensure end-to-end automation across the compliance lifecycle.
• Act as SME for security and automation topics during internal reviews, audits, and cross-team planning sessions.

Strategic & Advisory

• Develop strategies and implementation plans for compliance-related matters, advising management on risk posture, regulatory changes, and investment priorities.
• Institute best-practice procedures for compliance and risk mitigation across the organization.
• Guide technical and operational decision-making towards future product offerings and efficient organizational processes.
• Ensure the company's ongoing technical compliance with all applicable laws, regulations, and contractual obligations.
• Produce clear documentation and reporting on compliance testing outcomes, process improvements, and emerging risks.

REQUIRED QUALIFICATIONS

Education & Experience

• 3+ years of professional experience in Cloud Security, DevSecOps, Site Reliability Engineering (SRE), or a related security engineering role.
• Background in one or more of the following disciplines: Systems Security Engineering, Cybersecurity, Systems Engineering, Software Engineering, Computer Engineering, or Computer Science.
• Proven experience building and securing complex cloud environments at scale.
• 3+ years of hands-on experience working with compliance frameworks such as CMMC, NIST SP 800-171 and/or 800-53, and FedRAMP.
• Previous work on security engineering and architecture for defense/national security systems and/or complex embedded commercial systems is strongly preferred.
• Hands-on experience executing against recurring operational regulatory requirements (e.g., continuous monitoring, periodic assessments, audit cycles).

Technical Skills

• Deep proficiency in at least one major cloud provider (AWS, Azure, or GCP), with a strong understanding of cloud infrastructure and security concepts.
• Strong hands-on experience with Infrastructure as Code tools, particularly Terraform; experience with CloudFormation or Bicep is a plus.
• Demonstrated ability to build, deploy, and manage Terraform modules and infrastructure templates in production environments.
• Solid programming and scripting ability in one or more languages (e.g., Python, Go, Rust).
• Firm understanding of public cloud networking principles, including VPCs, subnets, routing, security groups, and network segmentation.
• Proficiency with core security concepts including encryption, authentication, identity and access management, and Zero-Trust Architecture (ZTA).
• Experience with continuous monitoring and security tooling such as Tenable, Splunk, Elasticsearch, or equivalent platforms.

Soft Skills & Competencies

• Ability to communicate compliance requirements clearly and effectively to engineering teams, development teams, and non-technical stakeholders.
• Strong understanding of the "why" behind product, systems, and security design decisions — not just the "what."
• Comfort working at the interface of compliance and infrastructure engineering, with the ability to context-switch between policy interpretation and hands-on technical work.
• Self-directed, with the ability to prioritize across multiple concurrent compliance and engineering initiatives.

Eligibility

• Must be eligible to obtain and maintain a U.S. Secret security clearance.

PREFERRED QUALIFICATIONS

• Experience hardening and monitoring Kubernetes clusters (EKS, GKE, AKS).
• Experience with Cloud Security Posture Management (CSPM) or cloud-native threat detection tooling.
• Familiarity with CI/CD pipelines and experience securing the software supply chain.
• Experience with security assessment methodologies and vulnerability management programs.
• Relevant certifications such as AWS Solutions Architect, Certified Kubernetes Administrator (CKA), CISSP, CISM, or CompTIA Security+.
• Experience working in fast-paced, high-growth defense technology environments

The Customer Success Manager II is responsible for driving long-term success and growth across a strategic portfolio of enterprise customers. This role serves as the primary business partner and trusted advisor to senior stakeholders, ensuring an exceptional customer experience, strong net revenue retention, high product adoption, and advocacy.

As the key point of contact for Diligent’s solutions, the CSM II leads proactive account management, orchestrates cross-functional resources, and partners closely with Sales and Services to deliver measurable outcomes and expand our footprint within each account.

Key Responsibilities

• Own a portfolio of enterprise accounts with accountability for renewal, net revenue retention, and expansion, leveraging data and insights to proactively manage risk and opportunity.
• Drive product adoption and value realization by developing and executing customer success plans aligned to the customer’s strategic objectives and key outcomes.
• Deliver a best-in-class customer experience across all phases of the customer lifecycle, from onboarding through renewal, coordinating with Implementation, Professional Services, Support, Product, and other internal teams.
• Lead executive-level engagements, including QBRs/EBRs and strategic reviews with C-suite, board administrators, and senior directors, to demonstrate ROI, influence adoption, and surface new opportunities.
• Identify, qualify, and partner on expansion opportunities in close collaboration with the Expansion Sales team, ensuring smooth handoffs, aligned account strategies, and clear growth plans.
• Facilitate successful onboarding and rollout of Diligent products and modules, working alongside the Implementation team to ensure stakeholder alignment, training, and effective change management.
• Build and maintain strong, multi-threaded relationships with key business and technical stakeholders, becoming a trusted advisor who understands their governance, risk, compliance, and operational priorities.
• Act as the voice of the customer internally, providing structured feedback and insights to Product, Marketing, Services, and Operations to influence roadmap and process improvements.
• Monitor account health and usage leveraging dashboards and analytics, intervening early to address risks, drive adoption, and reinforce value.
• Champion customer advocacy, by identifying referenceable customers, case study opportunities, testimonials, and participation in user groups or events.
• Collaborate on process and playbook improvements within the Customer Success organization to drive consistency, scalability, and excellence in how we serve enterprise customers.

Required Experience & Skills

• 5+ years of professional experience, including 2–4+ years in Customer Success, Account Management, or a similar client-facing role within B2B SaaS.
• Proven experience managing mid-market and/or enterprise accounts, with comfort engaging senior and executive stakeholders (Director, VP, C‑Suite).
• Demonstrated track record of meeting or exceeding renewal, retention, and expansion targets.
• Strong experience using CRM tools (preferably Salesforce) to manage accounts, opportunities, and customer health activities.
• Excellent communication and presentation skills, able to translate complex concepts into clear, compelling narratives for multiple stakeholder groups.
• Strong consultative and problem-solving skills, with a natural curiosity about the customer’s business, use cases, and success metrics.
• High level of resilience, ownership, and accountability, with the ability to navigate ambiguity and manage competing priorities across a large book of business.
• Passion for technology and a solution-centric mindset, with the ability to quickly learn new products and articulate their business value.
• Strong organizational skills and attention to detail, with experience managing multiple customers, projects, and deadlines simultaneously.

Preferred Qualifications

• Experience in governance, risk, compliance, legal, or adjacent enterprise software environments is a plus.
• Background working in a matrixed, global organization with cross-functional partners across time zones.
• Familiarity with customer success platforms and data-driven approaches to managing account health and adoption.

SAP Application Security Specialist

The SAP Application Security Specialist is responsible for performing all User Management (UM) functions such as user role creations, changes, assignments, and activities including User Access Review, UM audit requests, and Segregation of Duties (SOD) Risk Assessment. 
Responsibilities include: 

• Leading and participating in User Access Management design, implementation, enhancement and maintenance
  • Analyzing, designing, developing, and testing of Governance, Risk, and Compliance (GRC) security components
  • Providing user provisioning and role design/development/testing in accordance with SoD protocol and Security
  • Ability to assess client specific security requirements and be able to propose potential solutions beyond standard SAP security such as ABAC based controls, Information Assurance, etc.

Here’s what you need:

• At least 6 months of SAP Experience
• Experience implementing and maintaining SAP Application Security controls

Nice to have:

• Experience in coordinating multiple SAP Security full life cycle implementations from preparation to go-live and operation
• CompTIA Security+ certification
• Relevant SAP and technical certifications

Eligibility Requirement:

• US Citizenship

Description

Reusable launch systems depend on security, compliance, and risk management that enable speed without compromising the mission. As a GRC Security Architect, you will own the security governance, risk, and compliance architecture for Stoke’s NOVA program as we build and scale a fully reusable launch vehicle.

This is a hands-on role with end-to-end ownership of how security requirements become practical, auditable, and scalable controls across the company. You will define and drive the policies, standards, control implementations, risk processes, and evidence systems that support frameworks such as NIST 800-171, NIST 800-53, CMMC, DFARS, CUI, ITAR, and other customer or regulatory requirements. You will work directly with SMEs across IT, security, software, infrastructure, engineering, manufacturing, legal, finance, and operations to translate complex obligations into controls that are clear, effective, and realistic for a fast-moving rocket company. You own the outcome, not just the checklist.

We are a small, highly motivated team. You will work shoulder-to-shoulder with engineers, system owners, business leaders, and operations teams to identify risk, design practical mitigations, prepare for audits and assessments, and build a security program that enables the company to move fast while protecting sensitive information and mission-critical systems.

You must be ready to stay focused, move quickly, self-direct, and learn on the fly.

Responsibilities

• Lead the design, implementation, and continuous improvement of the company’s governance, risk, and compliance program for our NOVA program
• Architect security and compliance controls that support a regulated aerospace environment, including systems that may process or support CUI, ITAR-controlled data, export-controlled information, proprietary engineering data, and other sensitive business information
• Own and mature the company’s risk management process, including risk identification, assessment, treatment planning, exception handling, control validation, and executive-level risk reporting
• Define, document, and maintain security policies, standards, procedures, control narratives, and implementation guidance aligned with frameworks such as NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, DFARS, FedRAMP-informed cloud security practices, and other applicable requirements
• Translate regulatory and contractual security requirements into practical, scalable technical and operational controls that can be implemented by IT, Engineering, Manufacturing, Software, Legal, Finance, and business teams
• Partner with IT and software engineering teams to design security controls that are effective, auditable, and compatible with fast-moving technical operations
• Develop and maintain key compliance artifacts, including control mappings, system security plans, control implementation statements, risk registers, POA&Ms, evidence repositories, audit responses, and executive summaries
• Lead internal readiness activities for audits, assessments, customer security reviews, and third-party compliance engagements
• Evaluate proposed systems, tools, vendors, cloud services, and business processes for security, compliance, data protection, and regulatory risk
• Provide security architecture guidance for sensitive systems, including identity and access management, logging and monitoring, endpoint protection, vulnerability management, network segmentation, secure cloud design, data handling, and secure software development practices
• Identify opportunities to automate evidence collection, control monitoring, compliance reporting, and risk tracking
• Serve as a senior advisor to technical and business leaders on security risk, compliance obligations, control tradeoffs, and practical implementation paths
• Perform additional duties as needed to support company security, compliance, and mission objectives

Qualifications

• 7+ years of experience in information security, security architecture, GRC, compliance engineering, infrastructure security, or related roles
• Exceptional understanding of IT and security architecture across applications, networks, servers, storage, identity systems, endpoint platforms, SaaS, cloud infrastructure, and hybrid environments
• Strong working knowledge of governance, risk, and compliance frameworks, including NIST SP 800-171, NIST SP 800-53, CMMC, SOC 2, ISO 27001, and related security control models
• Ability to interpret regulatory, contractual, and framework requirements and translate them into actionable technical and operational controls
• Strong understanding of risk management practices, including risk assessment, risk treatment, exception management, compensating controls, and executive risk communication
• Experience building or maturing security documentation, including policies, standards, procedures, control implementation statements, SSPs, POA&Ms, risk registers, and audit evidence packages
• Strong analytical and problem-solving skills, with sound judgment when balancing security, compliance, business velocity, and operational practicality
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field, or equivalent practical experience

Preferred Qualifications

• Experience operating in regulated environments subject to NIST SP 800-171, CMMC, DFARS, NIST SP 800-53, FedRAMP, ISO 27001, SOC 2, CUI handling, ITAR, export control, aerospace, defense, or other government-driven security requirements
• Experience designing security and compliance programs for fast-growing organizations where processes, systems, and controls must be built while the business is scaling
• Experience supporting or preparing for CMMC, SOC 2, ISO 27001, government customer reviews, or other formal security assessments
• Experience with secure software development lifecycle practices, including threat modeling, secure code review processes, CI/CD security controls, software supply chain risk management, and vulnerability remediation workflows
• Professional security certifications such as CISSP, CISM, CISA, GIAC, or equivalent practical experience
• Prior experience in a startup, aerospace, defense, manufacturing, engineering, or highly technical environment

Benefits

• Equity – We know that our employees are the reason we succeed. To give everyone a stake in our future, we are pleased to offer equity in the form of stock options to all regular, full-time employees. 
• Comprehensive benefits program including subsidized medical, dental, and vision insurance 
• Company-paid life and disability insurance 
• 401(k) plan with employer match 
• 4 weeks’ Paid Time Off  
• Holidays – 10 days (including an end-of-year closure) 
• Paid Family/Parental Leave  
• On-site gym or monthly wellness stipend (depending on location) 
• Dog friendly offices! 

Compensation

Target Levels:

• Level 4 Range: $160,230 - $240,450
• Level 5 Range: $192,360 - $288,435

Our job posts are intentionally written to attract a wide variety of experience levels, and we make decisions about the right fit on a per-candidate basis. 

Your actual level and base salary will be decided based on your specific experience and skill level.

Position Overview

The Solutions Sales Specialist will play an instrumental role in driving revenue growth for Diligent for existing and new accounts for specialized products. This position will collaborate with Account Executives and Directors to develop pipeline through prospecting, performing inbound and outbound activity to generate pipeline for team members and assume a quota within a territory to close business.

This position will require a commercially astute individual that is confident in showcasing our offerings in a compelling way to customers by uncovering how the customer requirements map to our products as part of the Diligent solutions. The Solutions Sales Specialist I embodies our culture and values and has demonstrated experience collaborating with stakeholders to realize shared goals.

Key Responsibilities

• Demonstrate an in-depth knowledge of Diligent’s solution and specialized products.
• Prospect new leads within existing accounts to drive new opportunities.
• Adopts a ‘solutions’ selling approach, understanding customer needs and developing solutions through the lens of the Diligent solutions.
• Demonstrate Sales excellence by managing the end-to-end sales cycle from opportunity to deal close using the Diligent approved sales methodology.
• Effectively utilize sales tools to prospect new leads, schedule initial meetings, increase win rates and generate bookings.
• Accurately maintain CRM records, forecast and report out on projected bookings, deals closed etc. on a regular basis.
• Proactively gathers external insights of the competitor landscape, including customers’ business strategy and the direction of the industry to inform the creation of strategic account plans.
• Collaborates with Account teams to discover new and growth opportunities, qualify opportunities and build pipeline.

Required Experience/Skills:

• Proven track record of success in account management and achieving revenue targets within the technology or GRC industry.
• SLED experience.
• Familiarity with selling through channel distribution processes. 
• Ability to build and maintain relationships with diverse stakeholders at different levels of the organization.
• Continuous learning, including a desire to develop knowledge and expertise in internal products, external industry trends and the customer landscape.
• Strong communication, presentation and influencing skills.
• A high level of curiosity and empathy with the ability to understand a potential customer's context, issues and pain points through effective questioning and listening.
• Self-motivated, results-driven, and ability to work in a fast-paced and dynamic environment.

The posted salary range reflects the base salary for this role. In addition, this position is eligible for commission/variable compensation based on performance.

Position Overview

The Senior Corporate Accountant will be primarily responsible for many aspects of the financial statement close process performed at the corporate level, including financial reporting and multi-entity consolidation. This includes ensuring proper application of US GAAP for various processes, such as ASC 842 Leases, ASC 718 Stock Compensation, ASC 470 Debt, ASC 350 Intangibles - Goodwill & Other, ASC 805 Business Combinations, transfer pricing, and other technical accounting matters. The role is pivotal in driving Diligent’s AI-first transformation, ensuring operational excellence, compliance, and scalable growth across all accounting functions.  

This role will also play a key part in identifying opportunities to leverage AI and automation tools to enhance accuracy, streamline recurring workflows, and drive efficiency across the accounting function. The Senior Corporate Accountant will assist with ad-hoc technical accounting projects and have high-visibility within the organization, ensuring that US GAAP is applied correctly for new company-wide initiatives. This role will report to the Senior Director, Corporate Accounting. We are looking for someone who has excellent problem-solving skills, intellectual curiosity about emerging technologies, and enjoys working in a challenging and fast-paced environment to support our continued success.

Key Responsibilities

• Assist in the monthly, quarterly, and annual general ledger closing process by:
• Owning the accounting for equity compensation and incentive awards including grants issued, grant-date valuation, exercises, expense recognition, modifications, and forfeitures, utilizing the Certent Equity Management solution.
• Calculating transfer pricing, preparing journals, and managing cross-border transactions, including preparation of inter-company entries, coordinate review of output with statutory teams, support tax team with transfer pricing documentation.
• Perform accounting for internally developed software in accordance with US GAAP, including capitalization of development costs, amortization, and impairment assessments for both internal-use software and software developed for sale.
• Prepare the necessary journal entries and monthly account reconciliations for accounts including, but not limited to intangible assets, compensation and payroll related items, and deferred commissions and incentives.
• Provide support to revenue recognition team for a smooth revenue recognition process, write offs, recoveries, deferred revenue and runoff, multi-year arrangements, bundled offerings, flux analysis.
• Review journal entries and account reconciliations assigned, perform monthly close activities to ensure accurate and timely financial reporting.
• Financial statement accounts analysis, identification of non-routine transactions, investigate anomalies, and document findings.
• Prepare group and statutory audit workpapers for assigned accounts and disclosures. Support external and statutory audits by preparing schedules, responding to auditor inquiries, and maintaining supporting documentation.
• Provide support or act as accounting lead in enterprise-wide initiatives and assist in other special projects, including but not limited to system upgrades, implementations, and AI-driven process transformations.
• Collaborate cross-functionally with finance, tax, legal, and other operational teams on accounting and reporting matters.
• Obtain and maintain a thorough understanding of the business operations, the financial reporting, and the general ledger structure for all of Diligent’s legal entities, and actively support the consolidation and intercompany elimination process.
• Support in all compliance related matters assigned including, but not limited to, annual financial statement audits, quarterly reporting requirements.
• Provide support or act as accounting lead in enterprise-wide initiatives and assist in other special projects, including but not limited to system upgrades, implementations, and AI-driven process transformations.
• Build strong working relationships with internal stakeholders and contribute to team efficiency through cross-training, sharing responsibilities, and serving as position backup.
• Develop and maintain internal accounting controls, policies, procedures, and process documentation to ensure timely and accurate financial reporting.
• Drive process improvement and automation initiatives by identifying use cases for AI-assisted accounting workflows, testing and validating AI-generated outputs, and helping build scalable, technology-enabled processes across the close cycle.
• When assigned, assist or manage the monthly close for newly acquired entities and support the transition of balance sheet and income statement responsibilities to designated team members.
• Champion the adoption of AI-driven automation and modern platforms to streamline processes, reduce manual effort, and deliver actionable insights.
• Drive the integration of AI and automation in key accounting processes (e.g., account reconciliations, procure-to-pay, financial statement reviews, cash forecasting, and T&E), freeing teams for higher-value work. 
• Perform ad-hoc projects as assigned.

Required Experience/Skills

• Bachelor’s degree in accounting; CPA required.
• Strong knowledge of U.S. GAAP required.
• Minimum of 3 years of progressive accounting experience, Big 4 and SaaS industry experience preferred.
• Knowledge of NetSuite or similar accounting systems. Familiarity with AI-assisted tools and a willingness to adopt emerging technologies in an accounting context is a plus.
• Experienced with accounting concepts related to the software industry, international accounting, multi-entity consolidation, and debt & equity accounting is preferred.
• Strong written and oral communication skills with the ability to work cross-functionally and cross-geography and relate effectively across all levels of staff.
• Hands-on, energetic, organized, team player with proven ability to adapt quickly in a changing environment and facilitate change, multitask effectively and work independently.
• Ability to prioritize competing projects and analyze processes to simplify, automate, and improve them, including the use of AI and other emerging technologies.
• Excellent attention to detail, strong business ethics, and demonstrated ability to handle confidential information.

About the Role:

The GRC Analyst, Federal & Customer Programs is responsible for the hands-on analysis, documentation, and operational execution of the company's security governance, risk, and compliance obligations. This role sits at the intersection of customer contracts, regulatory frameworks, and the company's security control environment — translating external requirements into clear, traceable internal commitments and evaluating how well current capabilities satisfy them. The GRC Analyst reviews incoming contractual security language, maps obligations to applicable frameworks and existing controls, produces compliance matrices and gap analyses, owns the operational risk assessment process, contributes to governance and policy lifecycle activities, and supports audit, assessment, and customer inquiry activities.

A meaningful portion of this role is dedicated to ongoing contract and requirements analysis as new programs are awarded and existing programs evolve. The GRC Analyst serves as the security function's primary reviewer of incoming contractual cybersecurity language and works directly with legal and sourcing on flow-down negotiation and redlines. Candidates who enjoy careful reading of contractual and regulatory text — and who want this to be a substantial part of their day-to-day work — will find this role a strong fit.

This is a detail-oriented, writing-intensive role requiring strong analytical judgment, fluency across multiple compliance frameworks, and the ability to work effectively with legal, sourcing, program management, engineering, and security operations stakeholders.

Key Responsibilities:

Contract & Requirements Analysis

• Review customer contracts, statements of work, security annexes, CDRLs, data protection addenda, and flow-down clauses to identify cybersecurity, privacy, and information handling obligations applicable to the company.
• Extract and catalog specific security requirements from contractual language, and translate them into structured, testable statements suitable for traceability and control mapping.
• Compare identified requirements against the company's current product scope, control environment, and certification posture to determine where compliance is already met, partially met, or requires new implementation work.
• Produce gap analyses, compliance matrices, and Requirements Traceability Matrix (RTM) artifacts that clearly communicate the state of compliance for a given contract, program, or system.
• Serve as the security function's primary point of contact for legal and sourcing during contract review, redline cycles, and flow-down negotiation, including review of subcontractor and supplier flow-down language.

Framework Mapping & Interpretation

• Maintain working proficiency across the frameworks relevant to the company's regulatory and contractual posture, including NIST SP 800-171, NIST SP 800-53, NIST CSF, CMMC, ISO 27001, FedRAMP, and applicable European frameworks such as NIS2 and GDPR.
• Map controls across frameworks to minimize duplicated work and enable consistent responses to overlapping requirements; contribute to a shared control inventory used by compliance, security, and program teams.
• Interpret framework language and authoritative guidance (NIST publications, DoD guidance, regulator FAQs) in the context of specific company systems and business scenarios and escalate ambiguity for formal risk decisions when appropriate.

Governance, Policy & ISMS Support

• Contribute to the maintenance of the company's Information Security Management System (ISMS) documentation set, including keeping control descriptions, evidence references, and scope statements accurate and current.
• Support the policy and standard lifecycle, including periodic review cycles, version control, exception governance, and clarification of control owner accountability.
• Produce compliance posture reporting and audit readiness metrics for governance forums and leadership review, including framework coverage, finding aging, and remediation progress.

Deliverable Writing & Artifact Contribution

• Draft and revise compliance deliverables including System Security Plans (SSP), Plans of Action & Milestones (POA&M), policy and standard content, control narratives, customer security questionnaire responses, and audit artifacts.
• Author clear, concise written responses to customer, auditor, and regulator inquiries, calibrated to the technical level of the audience and consistent with approved company positioning.

Risk Assessment & Treatment

• Own the operational risk assessment process and the supporting risk register, including conducting periodic and event-driven risk assessments, documenting current state, identifying deficiencies, and developing risk treatment recommendations.
• Route risk acceptance and exception decisions to the appropriate decision authority with the underlying analysis and documentation prepared for review; track decisions and ensure follow-through on conditions or expirations.
• Track open compliance findings and remediation activities, prepare status updates, and flag aging or high-severity items for escalation.

Third-Party & Supply Chain Risk

• Contribute to vendor and supplier security review activities, including evaluating vendor security questionnaires, reviewing supplier control attestations, and assessing residual risk for inclusion in procurement and program decisions.
• Support assessment of subcontractor and supplier flow-down compliance, including coordinating with sourcing and program management on supplier security obligations and remediation.

Audit & Assessment Support

• Support internal and external audit, assessment, and certification activities, including C3PAO engagements, ISO 27001 surveillance audits, customer assessments, and regulator inquiries.
• Coordinate evidence collection with system owners and control operators; validate that evidence is accurate, complete, and appropriately scoped before submission.
• Participate in assessor and auditor interviews as a subject matter contributor on specific controls and artifacts.

Cross-Functional Collaboration

• Partner with legal and sourcing on contract review, redlines, and flow-down language; with security program management on milestones, schedules, and audit coordination; and with security engineering and IT on evidence, control implementation detail, and remediation planning.
• Serve as a knowledgeable point of contact for internal teams seeking to understand what a given regulatory or contractual requirement means in practice.

What Success Looks Like in Year One

• Established a repeatable contract review intake process with legal and sourcing, including a maintained library of standard cybersecurity flow-down clauses and review turnaround expectations.
• Produced an end-to-end Requirements Traceability Matrix for at least one active federal program, traceable from contract clauses through framework controls to evidence sources.
• Stood up the operational risk register and routine risk reporting cadence, with at least one full assessment cycle completed and risk treatment decisions documented.
• Maintained the ISMS documentation set in audit-ready condition through at least one external assessment or surveillance cycle.

Required Qualifications:

• Five or more years of progressive experience in cybersecurity governance, risk, and compliance; IT audit; or a closely related discipline, with substantial hands-on exposure to framework interpretation and contract requirement analysis.
• Demonstrated working knowledge of NIST SP 800-171 and NIST SP 800-53, including control families, assessment procedures, and common implementation patterns.
• Experience contributing to SSP and POA&M artifacts, compliance matrices, or Requirements Traceability Matrices in a regulated environment.
• Practical experience supporting at least one formal audit, certification, or assessment cycle (for example CMMC, ISO 27001, SOC 2, FedRAMP, or comparable).
• Strong technical writing skills, including the ability to produce accurate, concise, and audience-appropriate compliance documentation. Writing samples may be requested as part of the interview process.
• Demonstrated comfort and interest in reading contractual and regulatory language carefully and translating it into specific, actionable internal requirements. This is a core part of the role, not an occasional task.
• Comfort working across multiple stakeholder groups — legal, sourcing, engineering, IT, security operations, and program management — and adjusting communication style accordingly.
• Bachelor's degree in Information Security, Information Systems, Business, a related field, or equivalent practical experience.

Preferred Qualifications:

• Direct experience with CMMC 2.0 assessment preparation, including familiarity with DFARS 252.204-7012 and 48 CFR Part 204.
• Familiarity with ISO 27001, FedRAMP, SOC 2, NIS2, GDPR data security obligations, or EU dual-use export control regimes.
• Experience handling Controlled Unclassified Information (CUI) in accordance with NARA and DoD requirements.
• Exposure to aerospace, defense, space, or other regulated technology environments.
• Experience reviewing or negotiating cybersecurity flow-down language in customer or supplier contracts.
• Working familiarity with Governance, Risk, and Compliance (GRC) tooling such as ServiceNow GRC, Archer, Hyperproof, Drata, Vanta, or equivalent.
• Industry certifications such as CISA, CRISC, CISSP, CGRC (formerly CAP), ISO 27001 Lead Implementer / Lead Auditor, CMMC Registered Practitioner (RP), or CMMC Certified Professional / Certified Assessor (CCP / CCA).
• Active US security clearance, or eligibility to obtain one.

Spire operates a hybrid work model, and this position will require you to work a minimum of three days per week in the office.

Access to US export-controlled software and/or technology may be required for this role. If needed, Spire will arrange the necessary licenses—this is not something candidates need to have before applying. #LI-DC1

Scale is at the forefront of powering artificial intelligence. We believe that trust in AI is earned with high-quality data for training, fine-tuning, and evaluating AI systems. Our products are transforming how organizations build and deploy AI. Our customers are the world’s most innovative model developers and enterprise and public sector entities looking to apply AI in their organizations and institutions.

We're looking for an Industrial Security Specialist who will play a vital role in supporting personnel security, physical security and program support. The ideal candidate brings strategic and operational experience, a security-first mindset, and a willingness to engage directly with customers, employees and stakeholders. If you're excited by ensuring the integrity and protection of national security, we invite you to apply.

This Industrial Security Specialist will report to the Industrial Security team with close collaboration with GRC, Workplace, and cross-functional teams to support the Public Sector security strategy for Scale. 

You will:

• Balance the timelines and requirements of US Government contracts while supporting Scale AI Public Sector efforts, accredited facilities, and sensitive R&D initiatives
• Assist in the development and execution of security education and awareness programs
• Conduct audits and inspections to ensure compliance with DoD and company policies
• Support all aspects of personnel security management in working directly with government partners to ensure compliance
• Initiate, review, and submit electronic background investigations to DCSA
• Responsible for mandatory USG reporting as it relates to our personnel, facility, and insider threat programs
• Assists in the protection of government, intellectual, third party and company information from unauthorized disclosures
• Conduct security briefings, debriefings, and annual refresher training for cleared employees
• Ensure frameworks are met for NISPOM, ICDs, SAPs, OPSEC, Insider Threat and continuous evaluation programs.
• Prepare, send, and receive visitor certifications
• Review performance work statements (PWS) or Statements of Work (SOW) for contracts and ensure properly executed DD Form 254s. 
• Coordinate incident response and reporting for security violations or concerns.

Ideally you'd have:

• Active U.S. DoD Top Secret, and willingness to obtain a TS/SCI
• Familiarity with USG information systems, such as DISS, NBIS, NISS, SWFT, e-App
• Experience assisting with the implementation and maintenance of a relevant industrial security program
• Must be able to support work 2-3 days a week from the office
• Knowledge of industrial security procedures (NISPOM, ICDs, other DoD/IC regulations and procedures)

Nice to haves:

• Excellent written and verbal communication- able to align with security strategy, IT and executive teams
• Adaptability and Learning Agility: Willingness to quickly grasp and apply new concepts and stay up-to-date with emerging trends in industrial security
• Willingness to work in a dynamic, high-growth company where speed, adaptability, and judgment are essential
• FSO Program Management for Possessing Facilities certification

About the role

Anthropic's Integrity & Compliance (I&C) function is building the systems that let us scale responsibly as our products reach more people, more enterprises, and more regulated industries. Our global compliance program is bespoke, reflecting our unique mission and position as one of the leading AI labs operating on the frontier.

The Governance & Oversight pillar is the operational and structural backbone of Integrity & Compliance. It owns the frameworks, policies, controls testing, training, GRC tooling, and reporting that hold the rest of the function together — and that allow Anthropic to demonstrate accountability to employees, customers, regulators, and the public as the company scales.

We're hiring a Compliance Governance & Oversight Lead to set the strategy for how compliance governance works at Anthropic, own the systems and reporting that give leadership a clear line of sight into program health, and partner with the leads of our other I&C pillars — Privacy Programs, Regulatory Programs, and Corporate Compliance — to ensure their work is supported by a coherent operating model.

This is a senior leadership role in a function being built from the ground up. You'll have significant autonomy to shape the design of the pillar, and you'll build and develop the team that runs it. You'll report to the Head of Integrity & Compliance.

Key responsibilities

• Set the strategy for compliance governance and oversight at Anthropic, defining how policies, controls, training, and reporting come together into a coherent operating model across the I&C function

• Own the policy lifecycle end-to-end — drafting standards, approval workflows, version control, attestation, and accessibility — and ensure Anthropic's compliance policies are current, coherent, and demonstrably communicated

• Lead selection, implementation, and ongoing administration of the GRC platform that serves as the central system of record for I&C, including risk tracking, control documentation, issue management, and workflow

• Design and run the controls testing and monitoring program across all I&C pillars, partnering with pillar leads to verify controls are operating as intended and to surface gaps before they become issues

• Own the compliance training program, working with subject matter experts across I&C to develop, deliver, and evidence training that meets regulatory requirements and embeds compliance into how the company operates

• Drive issue management across the function — ensuring findings, exceptions, and remediation are documented, owned, escalated where needed, and driven to closure

• Build the metrics, dashboards, and reporting cadences that give the Head of I&C, the broader leadership team and Internal Audit a clear view of program health, key risks, and strategic priorities

• Prepare and present compliance reporting to leadership synthesizing inputs from across pillars into clear narratives

• Coordinate the function's responses to compliance-related due diligence requests from customers, partners, and investors

• Manage the I&C budget and vendor portfolio, providing the administrative foundation for the function's operations

• Build and develop the Governance & Oversight team as the pillar's scope and headcount grow, and embed a culture of practical, well-evidenced compliance across the company

Minimum qualifications

• Significant experience in compliance, risk, internal audit, or a closely related field, including leadership of a compliance operations, governance, or oversight function

• Demonstrated track record building or substantially scaling a compliance program — policies, controls testing, training, GRC tooling, and reporting — end-to-end, ideally from an early stage

• Deep working knowledge of compliance program fundamentals: policy management, training, controls testing, issue management, and program reporting

• Experience selecting, implementing, and operating GRC technology platforms, and using technology to make compliance more effective and less burdensome for the wider organization

• Track record of preparing and presenting compliance reporting to senior leadership, Internal Audit, and/or board-level governance bodies

• Strong written and verbal communication, with the ability to translate substantive compliance requirements into operating processes that engineering, product, and go-to-market teams will actually adopt

• Demonstrated ability to lead through influence across a senior, cross-functional stakeholder group, and to make and defend cross-functional decisions

• Experience building and developing teams

Preferred qualifications

• 10+ years of relevant experience

• Prior experience at a Big 4 or comparable compliance consulting or advisory professional services firm, in addition to in-house leadership experience

• Experience leading compliance governance at a high-growth technology company, ideally one operating across multiple regulatory regimes

• Exposure to AI-specific compliance considerations and the emerging regulatory landscape for AI

• Experience standing up or transforming a compliance function in a hyper-scaling environment, including building from a blank page

• Direct experience presenting to or supporting Audit Committee or board-level reporting on compliance matters

Role-specific policy: For this role, we expect staff to be able to work from either our Washington, DC, San Francisco, or New York City office at least 3 days a week, though we encourage you to apply even if you might need some flexibility for an interim period of time.

About that Role

As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers, and (nascent) industry norms — which we also seek to influence. The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet. The compliance team demonstrates adherence to security expectations through credential attainment, the establishment of assurance and oversight mechanisms, and direct engagement with auditors, customers, and partners.

This opportunity is unique. Anthropic is expanding HIPAA coverage across its product portfolio — including Claude Code, the Claude Developer Platform, and Claude Cowork — and we need to build the compliance infrastructure to match that expansion. We are looking for someone to own HIPAA compliance operations end-to-end, not just advise on it.

Responsibilities:

• Operate Anthropic’s HIPAA compliance review program, executing on HIPAA obligations across the product portfolio.
• Run a dedicated HIPAA review track in parallel with the Product Security Review (PSR) process, applying compliance checklist to every in-scope change and recording a complete, auditable disposition before release.
• Build and maintain change monitoring mechanisms to catch HIPAA-relevant changes — including default setting changes and incremental updates.
• Partner with product and engineering teams upstream to ensure HIPAA considerations are built into first releases rather than addressed as post-launch remediations.
• Assess and document PHI data flows, infrastructure boundaries, and control coverage across Anthropic’s cloud-native product environments.
• Write, update, and enact HIPAA policies, checklists, deployment guides, and audit evidence packages.
• Manage Business Associate Agreement (BAA) obligations and coordinate with legal and external counsel on PHI determination questions and emerging regulatory requirements.
• Contribute to Anthropic’s broader compliance program, including adjacent frameworks (SOC 2, ISO 27001, NIST 800-53) where they intersect with HIPAA obligations.

You may be a good fit if you:

• Have 3+ years of progressive experience in compliance roles, including direct ownership of a HIPAA compliance program at a technology company
• Have evaluated PHI data flows and infrastructure boundaries in cloud-native environments (AWS, GCP, or Azure) and can assess HIPAA exposure without always needing to escalate to legal
• Have designed and operated a compliance review mechanism integrated into a product development or release process
• Can translate HIPAA technical compliance requirements into actionable workstreams for engineering and product teams
• Deliver clear, precise compliance documentation — policies, checklists, audit evidence, deployment guides — for both technical and non-technical audiences
• Thrive in fast-paced, ambiguous environments where you’re expected to build processes from scratch and keep them working under rapid product change
• Are energized by being the organizational expert who educates and influences rather than only advises

Strong candidates may also:

• Have worked in AI/ML or developer-platform companies and understand the unique challenges of PHI exposure in model inference and API environments
• Have HITRUST CSF experience or experience mapping HIPAA requirements to HITRUST controls
• Bring experience from high-growth technology companies where compliance programs had to scale alongside rapid product expansion
• Have implemented or significantly contributed to compliance automation or GRC tooling integrations
• Possess relevant certifications (CHPC, HCISPP, CISA, CISM, CISSP, or equivalent)

Candidates need not have:

• Done everything on this list before — we value learning agility and willingness to tackle novel compliance challenges in the AI space

Deadline to Apply: None, applications will be received on a rolling basis.

Position Overview 

The Field Marketing Manager, Americas will own and scale the field marketing engine for a high-impact business unit, directly influencing pipeline growth, accelerating revenue, and shaping how we go to market across the region.

This is a highly visible role that blends strategy and execution. You’ll design and orchestrate integrated campaigns, events, webinars, and ABM programs; working side-by-side with Sales and cross-functional Marketing teams to turn ideas into measurable business outcomes.

If you’re equal parts strategist, operator, and innovator; and excited to leverage AI to unlock smarter, faster marketing - this role is for you.

As a senior individual contributor on the Americas Field Marketing team, this person will: 

• Lead the development and execution of pod-level field marketing plans aligned to regional and business unit goals. 

• Partner closely with Sales to identify and activate priority plays that progress opportunities through the funnel and into bookings. 

• Build scalable field marketing programs and infrastructure, leveraging AI to improve efficiency, targeting and insights. 

• Shape team-wide processes and workflows and provide day-to-day guidance and coaching to Field Marketing Specialists and Senior Specialists, exerting influence without formal authority. 

Key Responsibilities

Strategy & Planning 

Own the field marketing strategy and annual plan for an assigned Americas pod or business unit, aligned to shared MQL, pipeline and bookings targets. 

Translate GTM plays and regional priorities into integrated field programs that pull the right marketing levers at the right time across the customer journey. 

Use data, insights and AI tools to seize opportunities, refine targeting, and continuously optimize program mix and investment. 

Campaigns, Events & ABM 

Design and execute multi-channel field campaigns, including events, webinars, ABM motions and localized programs that support both new logo and expansion goals. 

Own end-to-end delivery of field marketing activities — brief development, project management, enablement, execution and debriefs — with extreme attention to detail and operational rigor. 

Partner with Demand Generation, Product Marketing, Brand, and Corporate Events to ensure Americas field programs are on-brand, on-message and coordinated across channels. 

Sales & Cross-Functional Partnership 

Build strong, trust-based relationships with Sales leaders and AEs in the assigned pod/region; act as the primary marketing counterpart for planning and performance reviews. 

Align on coverage models, territories, key accounts and follow-up expectations with BDR/SDR teams; ensure smooth handoffs from MQL to opportunity and into bookings. 

Collaborate with other Field Marketing Managers across Americas to share best practices, standardize processes and identify opportunities to scale what works. 

AI-Enabled Execution & Innovation 

Champion the use of AI across field marketing workflows — from audience and target account list refinement to content creation, testing and reporting — to increase throughput and impact. 

Pilot new AI-driven tactics in partnership with Brand, Content and Demand Generation, and document learnings to inform broader adoption. 

Measurement, Reporting & Optimization 

Own pod-level field targets and KPIs; track and report on MQLs, opportunities, pipeline and bookings influenced by field programs, as well as marketing ROI. 

Build regular performance readouts for Sales and Marketing leadership, surfacing insights, risks and recommended optimizations. 

Use data to identify gaps in the funnel, propose corrective actions, and test alternative approaches to unlock growth. 

Required Experience/Skills 

• 5+ years of B2B SaaS field marketing or closely related experience (e.g., growth, revenue, campaign marketing), with a track record of driving pipeline and bookings with Sales. 

• Deep experience building and executing integrated field programs across tactics such as events, webinars, ABM and partner campaigns. 

• Demonstrable capability with AI tools, with real use cases that improve operational excellence, visibility and speed-to-impact in marketing programs. 

• Motivated self-starter with a “get stuff done” mindset and the ability to set priorities, manage multiple projects and hit deadlines with limited oversight. 

• Strong interpersonal and communication skills (written and verbal), including comfort presenting to and influencing senior Marketing and Sales leaders. 

• Proven ability to partner and develop strong relationships across all levels of a complex, matrixed commercial organization. 

• Highly organized, process-driven operator with strong project management skills and extreme attention to detail. 

• Commercial, strategic and data-driven mindset; uses data and reporting to make decisions, optimize plans and demonstrate impact against regional growth goals. 

• Proficiency with core marketing and productivity tools (e.g., Salesforce, Marketo, Wrike, Microsoft Office Suite) and comfort adopting new AI-powered technologies. 

• Familiarity with the GRC space and experience working in a complex matrixed organization are strong pluses. 

#LI-SR1

The work

The Audit & Cybersecurity Manager is responsible for leading complex risk assessments, security governance, and compliance monitoring

Key responsibilities:

• Lead efforts to enable security-compliant S/4HANA solutions, ensuring that functional and technical designs incorporate "Security by Design" and "Least Privilege" principles
• Oversee the development of SAP Security Roles, ensuring Segregation of Duties (SoD) is maintained and that sensitive federal data is protected via robust authorization concepts
• Assess and manage risk-reducing behaviors and processes, implementing continuous monitoring frameworks to detect and mitigate insider threats and external vulnerabilities
• Drive the implementation of SAP GRC (Access Control / Process Control) or similar tools to automate audit logging and compliance reporting
• Review and integrate security requirements across the Universal Journal, PII-heavy modules (H2R), and high-value financial workstreams (B2R/P2R)
• Provide input into final decisions regarding cybersecurity tools, identity and access management (IAM), encryption standards, and secure integration with external interfaces
• Manage and ensure compliance with federal mandates, such as NIST 800-53, FISMA, and the DATA Act, while preparing the organization for unmodified audit opinions
• Facilitate the audit lifecycle, serving as the central point of contact for audit inquiries, managing the collection of evidence, and driving the remediation of any identified findings
• Execute program management support functions for the security workstream, including staffing specialized cyber resources, budgeting for security software, and forecasting compliance needs
• Monitor and report on security posture, providing executive-level dashboards on risk exposure, SoD violations, and the status of audit-readiness activities
• Mentor and train junior team members, fostering a culture of risk awareness and technical excellence in SAP security configuration and audit techniques

Here’s what you need:

• Proven leadership skills at a Manager level, with a track record of successfully navigating complex federal audits or large-scale cybersecurity transformations
• In-depth knowledge of Cybersecurity Frameworks, including experience with NIST, FISMA, or SOC 1/SOC 2 compliance within an ERP environment
• Strong communication and interpersonal skills to effectively collaborate with Chief Information Security Officers (CISOs), Internal Auditors, and technical architects
• Proficiency in risk management and mitigation, specifically the ability to translate technical vulnerabilities into business-risk impact statements for leadership

Eligibility requirements:

• US Citizen (no dual citizenship)
• Must be eligible to obtain a government Secret Clearance

Here’s a summary of the role:  

Diligent is seeking a Senior Manager, Alliances & Partnerships to lead our strategy and execution for driving revenue and customer value through a portfolio of high-impact technology partners. In this role, you will own partner-sourced and influenced pipeline at scale, guide multi-year joint business plans, and ensure strong executive alignment with our most strategic partners. You will orchestrate cross-functional collaboration across Sales, Product, Marketing, Legal, and Operations to standardize partner motions, remove systemic blockers, and refine programs. The ideal candidate brings deep experience in B2B SaaS partnerships, strong commercial and analytical skills, and a proven track record of leading and mentoring partner teams.

This role operates on a hybrid model, with an expectation of 50% office-based work; however, remote working arrangements may also be considered. This opportunity is open to candidates based in the United States only.

Regrettably we are unable to provide visa sponsorship, so you must be eligible to work in the US.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff):

• Own the global or multi-region technology partner strategy, setting direction, priorities, and investment focus across a portfolio of strategic partners
• Drive partner-sourced and influenced revenue at scale, including forecasting, target setting, and regular performance reviews with senior leadership
• Lead joint business planning and executive alignment with top partners, covering solution roadmap, integration strategy, and multi-year GTM plans
• Oversee cross-functional execution across Sales, Product, Marketing, Legal, and Operations, removing systemic blockers and standardizing partner motions and processes
• Use data and market insights to optimize the overall partner portfolio, refine programs, and recommend strategic bets or exits
• Provide leadership and mentorship to Technology Partners Specialists and Managers, elevating partner best practices and representing the function in broader commercial planning

These are the essentials you’ll need to get an interview:

• 5–7 years’ experience in Enterprise SaaS in partnerships, channels or alliances including direct accountability for partner-sourced and influenced revenue
• Strong experience in GRC environments, with a proven track record working with major Global System Integrators, Advisory firms as well as smaller, specialist system integrators
• Proven track record designing and leading partner strategy across regions or segments, with demonstrated success scaling co-selling and co-marketing motions
• Advanced commercial and analytical skills, including portfolio management, forecasting, and data-driven decision making on partner investments and performance
• Deep understanding of SaaS products, integrations, and ecosystems, with the ability to align partner roadmaps to company strategy and customer needs.
• Demonstrated experience leading and mentoring partner teams, setting standards, and building repeatable playbooks and processes for the function

Behavioural Competencies:

• Strong executive presence and stakeholder leadership, able to influence senior leaders internally and at partner organizations and navigate complex negotiations
• Strong relationship-building capability, with a proven ability to develop and maintain trusted senior-level partner and customer relationships
• Ability to operate with urgency in fast-paced, growth-oriented environments while balancing multiple strategic priorities
• Strong commercial mindset with a focus on driving growth, expansion, and long-term partner value creation

#LI-SK2

#LI-SK2

Here’s a summary of the role: 

Diligent is seeking a Senior Manager, Partner Programs & Strategy to architect, launch, and continuously improve a global partner program that turns partner motions into scalable operating mechanisms, enabling partners to drive revenue, adoption, and customer impact across our ecosystem.

This is a role for someone who thrives on building structured, data-driven programs and translating strategy into operational execution, with a hands-on approach to partner program design, governance, and performance management.

At Diligent, you’ll play a central role in shaping how partners engage, operate, and deliver value. You’ll design and run end-to-end partner program frameworks across Advisory, Resale, MSP, AWS Marketplace, and Technology Alliances — covering onboarding, enablement, certification, governance, incentives, and deal registration. You’ll define partner KPIs, build performance dashboards, and deliver executive reporting across pipeline, bookings, revenue attribution, and forecast, using insights to continuously optimise program performance and partner ROI.

Working cross-functionally with Sales, Marketing, Legal, Product, Finance, and Revenue Operations, you’ll ensure alignment across Salesforce and PRM systems, partner data models, attribution rules, and commercial processes. You’ll also support the full partner lifecycle, including onboarding, contract management, pricing and incentives, MDF and commission processes, and ongoing governance, compliance, and optimisation of program performance.

This role operates on a hybrid model, with an expectation of 50% office-based work; however, remote working arrangements may also be considered. This opportunity is open to candidates based in the United States only.

Regrettably we are unable to provide visa sponsorship, so you must be eligible to work in the US.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff):

• Own the end-to-end partner program framework across tiers, requirements, benefits, and incentives for multiple partner types including GSIs, SIs, Resellers, MSPs, and Technology Alliances
• Design and manage partner onboarding, enablement, implementation certification, and lifecycle processes to drive partner productivity
• Establish and maintain program governance including decision rights, change management, RACI, documentation standards, and compliance
• Own deal registration policies, guardrails, SLAs, and exception handling to protect channel integrity and reduce conflict
• Own Salesforce (SFDC) evolution for partner motions, including partner data model, taxonomy, attribution rules, and data governance
• Own partner executive reporting including pipeline, bookings, revenue attribution, and forecasting, and use insights to drive performance, accountability, and optimisation

These are the essentials you’ll need to get an interview:

• 7–10+ years in partner programs and/or partner operations within a SaaS environment
• Experience working across multiple partner types including GSIs, SIs, Resellers, MSPs, Technology Partners, and cloud marketplaces (e.g., AWS Marketplace)
• Experience designing and evolving partner programs covering co-sell, resell, services/implementation, and technology partnerships
• Strong experience in program governance, process design, and change management in complex, matrixed environments
• Hands-on experience with Salesforce and familiarity with PRM/partner portal platforms
• Strong analytical and financial modelling skills (program ROI, incentives, partner economics, investment decisions)
• Experience building dashboards, scorecards, KPI frameworks, and executive reporting for partner performance
• Experience using AI and automation for program operations, governance, and optimisation

#LI-SK2

Here’s a summary of the role:  

Diligent is seeking a Strategic Alliances & Partnerships Director to define and lead our global strategy for driving revenue and customer value through a portfolio of strategic technology partners. In this role, you will own partner-sourced and influenced pipeline at scale, establish clear targets, and maintain strong executive alignment with key partners. You will collaborate closely with Sales, Product, Marketing, Legal, and Operations to shape partner programs, standardize motions, and remove systemic blockers. The ideal candidate combines deep B2B SaaS partnership experience with strong commercial acumen, executive presence, and a proven track record of building and leading high-performing partner teams.

This role operates on a hybrid model, with an expectation of 50% office-based work; however, remote working arrangements may also be considered. This opportunity is open to candidates based in the United States only.

Regrettably we are unable to provide visa sponsorship, so you must be eligible to work in the US.

Here’s a breakdown of what you’ll do (not all of it, just the important stuff):

• Define and own the overall global technology partnerships strategy, ensuring tight alignment with company growth, product, and go-to-market priorities
• Hold ultimate accountability for partner-sourced and influenced revenue, setting targets, overseeing forecasts, and reviewing performance with executive leadership
• Build and maintain executive-level relationships with top technology partners, driving multi-year joint plans, strategic initiatives, and complex negotiations
• Lead cross-functional alignment and execution across Sales, Product, Marketing, Legal, and Operations to standardize partner motions and remove systemic blockers
• Shape and evolve partner programs, operating models, and governance, using data and market insights to prioritize investments and refine the partner portfolio
• Provide vision, leadership, and coaching to the Technology Partnerships organization (Specialists, Managers), building high-performing teams and scalable playbooks

These are the essentials you’ll need to get an interview:

• 10+ years’ experience in Enterprise SaaS in partnerships, channels or alliances,  including significant ownership of partner-driven revenue targets
• Strong experience in GRC environments, with a proven track record working with major Global System Integrators and Advisory firms, as well as smaller, specialist system integrators
• Proven track record building and executing global partner strategy, including portfolio design, multi-year joint business planning, and complex deal/partner negotiations
• Advanced commercial, analytical, and strategic thinking skills, with the ability to use data and market insights to prioritize investments and optimize partner programs
• Deep understanding of SaaS product, integrations, and ecosystems, and the ability to align partner roadmaps with company strategy, product direction, and customer needs

Behavioural Competencies:

• Demonstrated people leadership experience, successfully leading and developing partner teams in a fast-paced, high-growth environment
• Strong executive presence and stakeholder management skills, able to influence C-level leaders internally and at partner organizations
• Strong relationship-building capability, with a proven ability to develop and maintain trusted senior-level partner and customer relationships
• Ability to operate with urgency in fast-paced, growth-oriented environments while balancing multiple strategic priorities
• Strong commercial mindset with a focus on driving growth, expansion, and long-term partner value creation

#LI-SK2

Position Overview:  

Diligent is seeking a high-performing federal sales professional to drive growth across the U.S. Federal Government. The Senior Regional Sales Director will be responsible for building and executing the federal go‑to‑market strategy for Diligent’s Governance, Risk, and Compliance (GRC) SaaS platform.

This role requires a seasoned federal sales professional with deep knowledge of government procurement, established relationships within federal agencies, and a track record of closing complex enterprise software deals. The ideal candidate combines strategic account leadership with disciplined pipeline execution and thrives in a fast‑growing SaaS environment.

You will work closely with Sales Engineering, Solution Architects, Marketing, Customer Success, and channel partners to develop opportunities, navigate federal buying processes, and deliver measurable mission value to federal agencies.

Key Responsibilities 

• Own and execute Diligent’s U.S. Federal sales strategy, driving new revenue growth and expanding market share across civilian, defense, and intelligence agencies.
• Identify, develop, and close complex enterprise SaaS opportunities within federal agencies through proactive territory development and strategic account planning.
• Leverage existing relationships and federal market expertise to generate pipeline and accelerate sales cycles.
• Navigate federal procurement processes, including contract vehicles such as GSA, GWACs, IDIQs, and agency-specific vehicles.
• Build executive-level relationships with agency leadership, risk and compliance stakeholders, and procurement decision-makers.
• Lead complex deal cycles using a disciplined qualification methodology (MEDDPICC) and value-based selling approach.
• Partner closely with system integrators, channel partners, and distribution partners to drive co-sell opportunities and expand market reach.
• Collaborate cross-functionally with Sales Engineering, Product, Marketing, and Customer Success to deliver compelling proposals, demonstrations, and customer outcomes.
• Maintain accurate pipeline visibility and forecasting through Salesforce and sales engagement tools.
• Represent Diligent in the federal ecosystem through industry engagement, events, and strategic partnerships.

Required Experience/Skills: 

• 8+ years of enterprise software or SaaS sales experience with a demonstrated track record of success in the U.S. Federal Government market.
• Proven ability to close complex, multi-stakeholder enterprise deals within federal agencies.
• Strong understanding of federal procurement processes, budgeting cycles, and acquisition vehicles (GSA, IDIQ, GWAC, BPA, etc.).
• Experience selling Governance, Risk, and Compliance (GRC), cybersecurity, audit, or compliance solutions into government organizations.
• Established network of relationships across federal agencies, system integrators, and channel partners.
• Demonstrated success working in partner-led or co-sell sales motions with SIs and distribution partners.
• Strong strategic account planning, territory development, and pipeline generation skills.
• High level of business acumen with the ability to translate mission challenges into technology-driven solutions.
• Self-starter mentality with the ability to operate independently in a highly competitive market.

The compensation range listed in this job description reflects the On-Target Earnings (OTE) for this role, inclusive of base salary and variable compensation.

Your Mission 

We are seeking a rare combination of disciplines: an experienced Sr. Compliance Engineer with deep AI Subject Matter Expertise (SME) and export compliance background to join our Governance, Risk, and Compliance (GRC) team. This role is responsible for building, implementing, and sustaining the organizational compliance posture across key regulatory and security frameworks — with a primary emphasis on RMF (NIST 800-53 Rev. 5 + Classified Overlays), CMMC Level 3, NIST 800-171 Rev. 3, EAR/ITAR cyber regulations, and — critically - the governance, risk management, and compliance controls surrounding AI/ML systems and large language models (LLMs) deployed across the enterprise. 

As AI becomes embedded in True Anomaly's operations, mission systems, and products, this role serves as the organizational authority on how AI capabilities are adopted, audited, and controlled responsibly. You will architect and operationalize compliance checkpoints and governance gates within LLM pipelines, evaluate AI vendors and platforms (including OpenAI, Anthropic Claude, and others) against classified and unclassified compliance requirements, and ensure AI-driven workflows satisfy both regulatory obligations and internal risk tolerance. 

The ideal candidate brings deep GRC knowledge, hands-on AI/LLM engineering fluency, and the ability to engage credibly with compliance assessors, government partners, and internal AI/ML engineering teams alike. 

Responsibilities 

Compliance Program Execution 

• Lead and support compliance assessment readiness across key organizational frameworks including NIST SP 800-171 Rev. 2 and 3, CMMC Level 3, NIST SP 800-53 Rev. 5, and the NIST Cybersecurity Framework (CSF). 

• Provide direction on cybersecurity readiness to address EAR and ITAR-related controls and requirements. 

• Drive CMMC readiness activities across the organization, including scoping, gap analysis, control implementation validation, evidence collection, and pre-assessment preparation. 

• Review, maintain, and mature System Security Plans (SSPs) to accurately reflect organizational control implementations, system boundaries, and operational practices — including AI/ML system boundaries and data flows. 

• Manage Plans of Actions and Milestones (POA&Ms), tracking open findings to resolution, communicating status to GRC leadership, and coordinating remediation efforts across responsible teams. 

• Conduct internal compliance audits and control effectiveness reviews to ensure ongoing adherence to applicable frameworks and to surface emerging gaps before external assessments. 

• Maintain audit-ready evidence repositories and documentation packages, ensuring traceability between controls, evidence, and framework requirements. 

AI Governance, Risk & Compliance (AI-GRC) 

• Serve as the organizational AI compliance SME — the primary authority on how AI/LLM systems (including OpenAI GPT models, Anthropic Claude, open-source models, and internally developed models) are evaluated, onboarded, and continuously governed within True Anomaly's compliance boundaries. 

• Design, implement, and maintain compliance checkpoints and enforcement gates within LLM pipelines, including:  

• Input/output filtering and content policy enforcement layers 

• Prompt injection detection and mitigation controls 

• Data classification guardrails to prevent CUI, ITAR-controlled, or classified data from flowing into non-authorized AI systems or endpoints 

• Automated audit logging of AI interactions for traceability and incident investigation 

• Model access control and role-based permissions within AI platforms 

• Conduct AI-specific risk assessments, including evaluation of AI vendor data handling practices, model training data provenance, and third-party AI API security postures against NIST AI RMF, NIST SP 800-53 AI overlays, and internal standards. 

• Develop and enforce an AI System Acceptable Use Policy and supporting standards that govern how employees and systems interact with LLMs, including permissible data inputs, output handling, human-in-the-loop requirements, and escalation procedures. 

• Evaluate proposed AI/ML use cases for regulatory risk (EAR/ITAR, CMMC, data privacy) and provide compliance go/no-go determinations with documented rationale. 

• Collaborate with AI/ML engineers and DevSecOps teams to integrate compliance gates into CI/CD pipelines and MLOps workflows, ensuring model changes and prompt changes undergo review before production deployment. 

• Maintain an AI system inventory, tracking all deployed models, APIs, integrations, and associated risk and compliance status. 

• Monitor emerging AI regulatory developments (e.g., EO 14110, NIST AI RMF, DoD AI Ethics Principles, EU AI Act implications for U.S. defense partners) and assess organizational impact. 

Cross-Functional Compliance Enablement 

• Serve as a primary GRC team resource for compliance questions, control guidance, and framework interpretation across engineering, IT, operations, legal, and security teams. 

• Partner with IT and security operations teams to verify that technical controls — including access management, logging, configuration baselines, and incident response procedures — meet CMMC and NIST requirements at an organizational level. 

• Partner with AI/ML engineers, data scientists, and product teams to embed compliance thinking into AI system design, model selection, and deployment architecture. 

• Collaborate with the Enterprise Risk Manager and broader GRC leadership to ensure compliance findings — including AI-specific risks — are reflected in the enterprise risk register and remediation priorities. 

• Support the development of compliance training and awareness materials, including AI-specific training that builds organizational understanding of responsible AI use, LLM risk, and CMMC obligations. 

• Coordinate with external assessors, third-party auditors, and government partners during assessment engagements, serving as a knowledgeable point of contact for evidence walkthroughs and control discussions. 

Qualifications 

• 7+ years of experience in IT security compliance, GRC, or a closely related discipline, with direct ownership of compliance program activities. 

• Demonstrated expertise in NIST SP 800-171, CMMC (Level 2 or 3), and NIST SP 800-53, with hands-on experience conducting gap assessments, implementing controls, and preparing organizations for external audits. 

• Extensive, hands-on experience with AI/LLM systems, including practical knowledge of platforms such as OpenAI (GPT-4/o-series), Anthropic Claude, Meta Llama, Microsoft Azure OpenAI Service, and/or comparable commercial and open-source LLM ecosystems. 

• Demonstrated ability to design, implement, and operationalize compliance controls within LLM pipelines, including guardrail layers, content filtering, audit logging hooks, and data classification enforcement. 

• Working knowledge of AI security risks, including prompt injection, jailbreaking, data exfiltration via LLM outputs, model inversion, and supply chain risks associated with third-party AI APIs. 

• Familiarity with NIST AI Risk Management Framework (AI RMF) and its application to enterprise and defense AI deployments. 

• Strong understanding of SSP development and maintenance, POA&M management, and audit evidence lifecycle practices in an organizational (non-product) compliance context. 

• Proven experience developing and operationalizing information security policies, standards, and procedures across a multi-disciplinary organization. 

• Strong communication skills with the ability to explain compliance requirements — including AI risk concepts — clearly to both technical practitioners and non-technical business stakeholders. 

• Highly organized, with demonstrated ability to manage multiple concurrent compliance workstreams and deadlines in a fast-paced environment. 

• Active or ability to obtain SECRET or TS/SCI security clearance. 

• Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). 

Preferred Qualifications 

• Strong EAR/ITAR background as it pertains to cybersecurity, AI-generated outputs, and policy development. 

• J.D. focusing on technology law, export compliance (EAR and ITAR), AI regulation, or cyber law. 

• Experience building MLOps or AI DevSecOps pipelines with integrated compliance gates, including automated policy enforcement, prompt review workflows, or model change management processes. 

• Hands-on experience with AI safety and alignment tooling (e.g., LangChain guardrails, NeMo Guardrails, Azure Content Safety, OpenAI Moderation API, Anthropic Constitutional AI/policy layer configurations). 

• Experience evaluating AI vendor agreements and data processing agreements against DoD/CMMC/ITAR data handling requirements. 

• Familiarity with DoD AI Ethics Principles, Responsible AI (RAI) frameworks, and emerging federal AI governance requirements (e.g., EO 14110, OMB AI guidance). 

• Industry certifications such as:  

• Certified Information Systems Auditor (CISA) 

• Certified in Risk and Information Systems Control (CRISC) 

• Certified Information Systems Security Professional (CISSP) 

• CMMC Registered Practitioner (RP) or Certified Professional (CP) 

• CompTIA Security+ or equivalent 

• AWS/Azure AI or Security certifications 

• Background in startup, aerospace, defense technology, or SaaS environments operating under DoD compliance obligations. 

• Familiarity with cloud environments — particularly Azure Government, AWS GovCloud, or Azure OpenAI Government deployments — as they relate to organizational control implementation and AI boundary scoping. 

• Experience coordinating with C/3PAOs or supporting CMMC assessments. 

• Working knowledge of DFARS 252.204-7012, ITAR, and supply chain compliance obligations. 

• Familiarity with Agile/Scrum environments and hybrid project delivery models. 

Compensation 

• Base Salary: Denver - $145,000 to $195,000, Long Beach - $150,000 to $205,000, Washington, DC - $150,000 to $205,000 

• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave 

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. 

Additional Requirements 

• Work Location: Successful candidates will be located near Denver, CO, Long Beach, CA, or Washington D.C. While we observe a hybrid work environment, some work must be done on site. #LI-Onsite

• Work Environment: Standard office setting, working at a desk or in a production factory environment. 

• Physical Demands: May include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20 lbs. 

This position will be open until it is successfully filled. 

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. 

We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. 

Your Mission 

We are seeking a Senior Enterprise Risk Manager to build, lead, and mature two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). This is a foundational leadership role for a seasoned risk professional who thrives in fast-moving, mission-critical environments and understands the unique demands of operating at the intersection of defense, aerospace, and commercial SaaS. 

The ideal candidate brings deep experience navigating regulated government environments—including RMF, DoD IL5/IL6, and CMMC—and is fluent in industry-standard risk quantification and assessment methodologies such as FAIR (Factor Analysis of Information Risk) and OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation). They pair that expertise with a startup mindset that enables them to build programs from the ground up, not just maintain inherited ones. You will work cross-functionally with engineering, security, legal, compliance, product, and executive leadership to identify, assess, communicate, and mitigate risk across the enterprise and its extended supply chain. 

Responsibilities: 

Enterprise Risk Management 

• Design, implement, and continuously mature a scalable enterprise risk management program aligned to NIST RMF, ISO 31000, and applicable DoD frameworks. 

• Apply FAIR methodology to quantify cyber and operational risk in financial terms, enabling data-driven prioritization and executive-level risk decision-making. 

• Leverage OCTAVE or similar threat-centric methodologies to lead structured risk assessments that identify critical assets, threat profiles, and organizational vulnerabilities. 

• Establish and maintain an enterprise risk register, risk appetite statements, and risk tolerance thresholds in collaboration with executive leadership and the Board (as applicable). 

• Lead recurring risk identification, assessment, and prioritization processes across business units, ensuring alignment between operational risk posture and strategic objectives. 

• Develop and maintain executive-ready risk dashboards, KPI/KRI reporting, and program metrics using tools such as Jira, Confluence, GRC platforms, and MS Project. 

• Conduct and coordinate internal audits and risk assessments to ensure adherence to DoD compliance standards, including NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF (IL5 and IL6), and CMMC Level 3. 

• Support audit readiness activities including pre-assessment preparation, evidence collection, POA&M management, and post-audit remediation planning. 

• Develop, implement, and mature information security and enterprise risk policies, standards, and guidelines based on industry best practices. 

• Serve as a primary point of contact for internal stakeholders, executive leadership, and external assessors, certification bodies, and government partners. 

Third-Party Vendor Risk Management 

• Build and lead a formalized Third-Party Vendor Risk Management program, establishing vendor classification tiers, risk assessment methodologies, and ongoing monitoring cadences. 

• Define and operationalize vendor onboarding risk assessments, including security questionnaires, compliance validations, and contractual risk controls (e.g., SLAs, right-to-audit clauses, data handling requirements). 

• Maintain a vendor risk inventory and lifecycle management process covering initial due diligence through offboarding, ensuring continuous visibility into third-party risk exposure. 

• Collaborate with legal, procurement, and supply chain teams to embed risk criteria into vendor selection, contract negotiation, and renewal processes. 

• Monitor third-party vendors for changes in risk posture, including cybersecurity incidents, financial instability, regulatory actions, and ITAR/export control concerns. 

• Develop vendor risk reporting and executive-level dashboards to provide ongoing transparency into third-party exposure across critical suppliers and technology partners. 

• Ensure TPVRM program alignment with applicable regulatory requirements including CMMC supply chain requirements, DFARS clauses, and DoD IL environment authorization boundaries. 

Cross-Functional Leadership 

• Build, mentor, and provide technical guidance to junior risk team members and project contributors across both lines of effort. 

• Drive alignment across engineering, security operations, product compliance, IT operations, legal, and business operations teams on risk priorities and remediation timelines. 

• Track program milestones, identify dependencies and blockers, and drive timely course corrections with a bias toward action. 

• Continuously improve program workflows, reporting processes, and team coordination for scalable, repeatable, and consistent risk program execution. 

• Proactively track emerging regulatory, threat, and supply chain risk requirements and update program posture accordingly. 

Qualifications 

• 10+ years of experience in enterprise risk management, GRC, cybersecurity risk, or related disciplines, with demonstrated ownership of risk programs at a senior level. 

• Proven track record in startup or high-growth technology environments, with demonstrated ability to build risk programs from the ground up under resource and time constraints. 

• Experience applying FAIR for risk quantification and OCTAVE or similar frameworks for threat and asset-centric risk assessments. 

• Direct experience with U.S. government or defense sector programs, including working knowledge of DoD RMF (IL5 and IL6), NIST SP 800-53, NIST SP 800-171, and CMMC. 

• Hands-on experience leading or significantly contributing to Third-Party/Vendor Risk Management programs, including vendor tiering, due diligence workflows, and ongoing monitoring. 

• Strong proficiency in risk management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart. 

• Excellent communication and stakeholder management skills, with a strong ability to translate technical risk into business language for executives and board-level audiences. 

• Active or ability to obtain SECRET, TS/SCI security clearance. 

• Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). 

Preferred Qualifications 

• Background in aerospace, defense technology, or SaaS companies operating in regulated government markets; experience with both commercial and government customer bases strongly preferred. 

• Proficient with creating risk programs in a startup environment, scaling, and adapting to changing organizational structure 

• Experience managing certification or authorization initiatives across one or more of: FedRAMP, SOC 2, DoDIN APL, ISO 27001, CMMC as it pertains to risk. 

• Industry certifications such as:  

• Certified in Risk and Information Systems Control (CRISC) 

• Certified Information Systems Auditor (CISA) 

• Certified Information Systems Security Professional (CISSP) 

• Certified in the Governance of Enterprise IT (CGEIT) 

• Certified ScrumMaster (CSM) or Agile PM certification 

• Experience with cloud environments, particularly Azure Government and/or AWS GovCloud, and understanding of authorization boundary design. 

• Working knowledge of ITAR, EAR, and export control considerations as they apply to vendor and supply chain risk. 

• Familiarity with Agile/Scrum and hybrid project delivery models. 

• Experience with DFARS, FAR, and government contracting compliance requirements. 

Compensation 

• Base Salary: Denver - $160,000 to $220,000, Long Beach - $165,000 to $230,000, Washington DC - $165,000 to $230,000 

• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave 

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. 

Additional Requirements 

• Work Location: This role will be onsite at one of our facilities in Centennial, CO, Long Beach, California, or Washington, D.C. #LI-Onsite 

• Work Environment: Standard office setting, working at a desk or in a production factory environment  

• Physical Demands: May include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20 lbs. 

This position will be open until it is successfully filled. 

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. 

We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. 

Your Mission 

We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making. 

This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain. 

Responsibilities:

Enterprise Risk Management 

• Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager. 

• Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations. 

• Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership. 

• Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking. 

• Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project. 

• Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking. 

• Support POA&M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager. 

• Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3. 

• Coordinate and track internal audit schedules, findings, and corrective action plans across business units. 

Third-Party Vendor Risk Management 

• Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring. 

• Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule. 

• Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager. 

• Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language. 

• Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers. 

• Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure. 

Cross-Functional Collaboration 

• Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams. 

• Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager. 

• Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution. 

• Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews. 

Qualifications 

• 5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline. 

• Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks. 

• Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification. 

• Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking. 

• Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart. 

• Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences. 

• Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment. 

• Active or ability to obtain SECRET, TS/SCI security clearance. 

• Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)). 

Preferred Qualifications 

• Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets. 

• Industry certifications such as:  

• Certified in Risk and Information Systems Control (CRISC) 

• Certified Information Systems Auditor (CISA) 

• Open FAIR Certification (The Open Group) 

• CompTIA Security+ or equivalent 

• Certified ScrumMaster (CSM) or similar Agile certification 

• Experience with cloud environments, particularly Azure Government and/or AWS GovCloud. 

• Familiarity with POA&M management, SSP documentation, and audit evidence collection in DoD authorization contexts. 

• Working knowledge of ITAR, EAR, DFARS, and export control considerations as they relate to vendor and supply chain risk. 

• Familiarity with Agile/Scrum and hybrid project delivery models. 

Compensation 

• Base Salary: Denver - $115,000 to $155,000, Long Beach - $120,000 to $165,000, Washington, DC - $120,000 to $165,000 

• Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave 

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience. 

Additional Requirements 

• Work Location: This role will be onsite at one of our office locations: Centennial, CO, Long Beach, CA, or Washington, DC  #LI-Onsite 

• Work Environment: Standard office setting, working at a desk or in a production factory environment 

• Physical Demands: May include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20 lbs. 

This position will be open until it is successfully filled. 

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. 

We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know. 

We are seeking a strategic operator to serve as the force multiplier for our CTO and Engineering Leadership Team. Our 800-person SaaS organization has reached a pivotal scale, product-market fit is strong, velocity is high, and our next stage of growth depends on maturing our internal engine. This role sits at the intersection of strategy, data, delivery, and culture, ensuring that Engineering operates with clarity, efficiency, and alignment.

The Director of Engineering Operations will architect the operational rhythm of the Engineering organization, elevate decision quality through data, drive cross-functional initiatives, and build the systems that enable predictable, high-quality delivery at scale. This is a highly visible, career-accelerating role for a leader who thrives at the point where people, process, and technology meet.

Key Responsibilities

Operational Mechanics & Rhythm of Business (RoB)

· Architect and own the Engineering operating cadence, including QBRs, Monthly Business Reviews, strategic planning sessions, and org-wide communications.

· Drive fiscal and resource governance, partnering with Finance and HR on budgeting, headcount planning, workforce strategy, and cloud cost optimization (FinOps).

· Act as the communication conduit for the CTO—drafting strategic memos, board-facing narratives, and alignment messages for 400+ engineers.

Engineering Intelligence, Metrics & Insights

· Define Engineering “success” metrics, moving beyond vanity KPIs to track velocity, quality, efficiency, and people health (e.g, capital allocation, retention, eNPS).

· Own the Engineering Performance Dashboard, synthesizing complex data sets into clear, actionable insights for senior leadership.

· Lead data-driven interventions, proactively identifying bottlenecks, risks, or delivery challenges and recommending solutions.

Delivery Assurance & Portfolio Management

· Maintain a portfolio-level view of all major engineering initiatives, serving as the CTO’s early warning system for slippage, dependency risks, and scope creep.

· Standardize delivery frameworks—create lightweight yet high-compliance definitions of "Ready" and "Done" to drive consistent execution across teams.

· Oversee major cross-functional programs, ensuring alignment on scope, priorities, and timelines.

Tools, Systems & Workflow Optimization

· Optimize engineering tooling, workflows, and automation, driving adoption of systems (Jira, Confluence, GitHub, CI/CD) that increase velocity and output quality.

· Partner with Engineering and Product to evaluate and implement AI-driven tools and practices that improve productivity, automation, and decision-making.

· Establish training, communication, and safe-use guidelines for responsible and effective AI integration.

Horizontal Initiatives & Cross-Functional Leadership

· Serve as the cross-functional glue between Engineering, Product, Design, QA, Customer Success, and other partners.

· Lead complex, horizontal initiatives such as GRC framework implementations, cloud migrations, or GenAI adoption programs.

· Act as a change agent, driving organizational adoption of new processes, structures, and operating models.

Engineering Business Operations

· Manage operational budgets, vendor relationships, and resource planning.

· Partner with Finance, Talent Acquisition, and HR on hiring priorities, onboarding, and retention efforts.

· Prepare operational dashboards and reporting for executive leadership and the Board.

Leadership & Culture

· Mentor and develop Engineering Operations and Program Management staff.

· Foster a culture of accountability, continuous improvement, operational rigor, and data-driven decision making.

· Strengthen clarity, communication, and alignment across the Engineering org.

· Demonstrate diplomatic authority, the ability to influence without formal power, hold senior leaders (including VPs of Engineering) accountable to commitments, and preserve strong, trust-based    relationship.

Required Experience/Skills

· 8–10+ years in Engineering Operations, Technical Program Management, Strategy/Business Operations, or Software Engineering leadership within a high-growth SaaS environment.

· Strong understanding of SDLC, agile methodologies, CI/CD, DevOps, and microservices architecture.

· Advanced analytical skills with expertise in Excel, Looker, Tableau, or similar tools—able to convert data into executive-ready narratives.

· Demonstrated experience driving AI-related innovation across engineering teams, including evaluating AI opportunities, implementing tools, and influencing change at scale.

· Exceptional communication and stakeholder management skills; ability to influence without authority and build trust across all levels.

· Demonstrated success improving engineering processes, delivery predictability, and cross-functional alignment at scale.

· Experience defining operational frameworks, delivery standards, and KPI systems within a Global Organization.

· Preferred: experience with OKR frameworks, people leadership, or certifications (PMP, Agile, Lean).

This is a rare opportunity to operate at the right hand of the CTO and influence how a large-scale technology organization is steered. You'll gain exposure to executive decision-making, board-level communication, and enterprise-wide strategic architecture.

Position Overview:  

We’re thrilled to announce an exciting new opportunity as we expand our presence in US, Canada and Caribbean. This is a market-defining role for a high-performing individual contributor who thrives on strategic, high-impact selling, with a strong focus on expansion within existing accounts as well as new business development.

As an Account Director, you will act as the CEO of your own portfolio, driving revenue growth across enterprise accounts ($1B+), managing the full account lifecycle, and leveraging internal teams to deliver exceptional results. This is a highly visible, strategic role for someone who enjoys solving complex business challenges and taking ownership of outcomes.  

This role is ideal for a sales professional with a proven track record of success, a strong outbound and expansion mindset, and the confidence to manage strategic discussions independently. You will have the autonomy to grow accounts like a business while benefiting from the expertise and support of a specialist team.

Key Responsibilities   

• Drive revenue growth: Own the full sales cycle for new and existing accounts, including complex enterprise deals with long sales cycles. 
• Be the CEO of your accounts: Manage resources, orchestrate stakeholders, and strategically leverage internal teams to deliver results. 
• Strategic account management: Lead and execute account plans, expand customer relationships, and identify opportunities to grow within accounts. 
• Innovative selling: Adopt a solutions-selling mindset, proactively sourcing new business opportunities and creatively solving hiring challenges. 
• Coach and influence: Guide internal teams and stakeholders to adopt best practices, ensuring consistency in account execution. 
• Insights-driven execution: Provide detailed reporting, insights, and analysis of your accounts and pipeline to inform business decisions. 
• Market expertise: Stay ahead of industry trends, understand the competitive landscape, and use insights to drive strategic advantage. 

What does Success Look Like? 

• Deliver measurable growth across a portfolio of enterprise accounts. 
• Independently manage strategic discussions and influence senior decision-makers. 
• Provide actionable reporting and clear insights to managers and internal teams. 
• Innovate and execute strategies to identify and convert opportunities across the Saudi market. 
• Demonstrate reliability, credibility, and ownership in every aspect of the role. 

Required Experience/Skills: 

• Experience: 10+ years in enterprise sales/account management, ideally in technology, GRC, or related sectors. 
• Strategic thinker: Able to align solutions to business objectives and navigate complex sales cycles independently. 
• Influencer and relationship builder: Able to engage senior leaders and stakeholders across all levels. 
• Self-starter: Comfortable managing your own portfolio, making decisions, and driving results without constant oversight. 
• Analytical and data-driven: Able to deliver detailed insights and strategic recommendations. 
• Outbound expertise: Strong expectation for proactive sourcing, creative outreach, and pipeline generation. 
• Team collaborator: Leverages cross-functional support while confidently running your own accounts. 

The work
The Senior ISSO will provide security governance and compliance oversight for critical systems, ensuring adherence to federal security requirements and maintaining continuous authorization. This role leads the development, review, and maintenance of key security artifacts including System Security Plans (SSPs), Security Assessment Reports (SARs), and POA&Ms. The ISSO navigates frameworks such as NIST 800-series, FedRAMP, FISMA, and RMF to guide system owners through security compliance activities and ATO preparation.

Key responsibilities:
• Create and maintain FISMA-required documentation, including SSPs and SARs
• Develop and manage POA&Ms, providing guidance on mitigation strategies
• Prepare and submit ATO packages in alignment with NIST, FedRAMP, FISMA, and RMF requirements
• Conduct ongoing review and analysis of network and application vulnerability and compliance scans
• Lead vulnerability review meetings and provide actionable insights to leadership
• Ensure systems align with security policies and comply with federal standards
• Collaborate with OCIO, system owners, and administrators to resolve findings and maintain security posture

Here’s what you need:
• Bachelor’s degree (required)
• Minimum 8 years of cybersecurity or ISSO experience
• Experience with a GRC tool (XACTA or JCAM preferred)
• Experience with vulnerability management, log review, and security control assessment
• Strong knowledge of RMF, FISMA compliance, and federal security documentation

Nice to have:

• Certifications such as CISSP, CISM, Security+, CAP
• Experience with cloud environments (on-prem, AWS, Azure)
• Experience supporting security audits in a federal agency environment
• Familiarity with SIEM and EDR platforms
• Experience developing and delivering security awareness training

Eligibility requirements:

• US Citizen (no dual citizenship)
• Active TS clearance with SCI eligibility (TS/SCI)
• Ability to work on-site as required

Here’s a summary of the role 

In this role, you will turn complex, multi-product capabilities into clear, persona-led stories that show senior decision-makers exactly how Diligent helps them manage governance, risk and compliance with AI-driven insight. You’ll own solution-level messaging and narratives for key personas, then translate them into campaigns, sales plays and launch programs that drive pipeline, win rates and cross-sell across our portfolio. You’ll work directly with Product, Product Marketing, Sales and Content to make Diligent the AI company in GRC and a growth engine for your business unit. 

Here’s a breakdown of what you’ll do (not all of it, just the important stuff) 

• Develop persona-specific, solution-level messaging grounded in market trends, buyer challenges, our products and the business outcomes your personas care about most. 

• Serve as the central point of contact for your assigned business unit, aligning with Product Management and Product Marketing from roadmap through to go-to-market execution. 

• Partner with Content and Demand Generation to define persona-led campaigns, including campaign briefs, core narratives and landing-page messaging that drive engagement and conversion. 

• Lead and support product and solution launches by applying proven launch frameworks and ensuring clear, differentiated solution-level positioning. 

• Activate analyst research and market insights into compelling stories, content and sales enablement that improve confidence, consistency and win rates. 

• Collaborate closely with Sales and Enablement to deliver persona-specific narratives, use-case stories and repeatable sales plays that help teams open, progress and close opportunities – including cross-sell into our existing customer base. 

These are the essentials you’ll need to get an interview 

• 7+ years of experience in enterprise B2B SaaS marketing, with a strong background in Product Marketing and/or Solutions Marketing. 

• Proven track record developing persona-based messaging and positioning, ideally at both product and solution / portfolio levels. 

• Experience launching products, programs or major campaigns end to end, collaborating across Product, Sales and Marketing. 

• Demonstrated ability to translate complex technology into clear, outcome-oriented stories for senior personas (e.g., legal, compliance, audit, risk, CIO). 

• Strong storytelling and communication skills – you’re comfortable building narratives, slides and briefs, and presenting them to senior stakeholders and cross-functional partners. 

• High comfort level working in a fast-moving, evolving environment, with the confidence to prioritize, push back constructively and define process where needed. 

• Experience messaging about AI and using AI tools in your work (for research, content, analysis or experimentation). 

It would be great if you had these too, but we’ll support you if you don’t 

• Experience in governance, risk and compliance (GRC) or adjacent risk/compliance markets. 

• Background marketing to Boards of Directors, General Counsel or other senior legal and risk leaders. 

• Familiarity with product marketing frameworks (e.g., SiriusDecisions, Pragmatic / Practical Marketing) and analyst relations or working with industry reports. 

• Experience building integrated campaigns in partnership with Demand Generation, Field Marketing and Sales. 

• Comfort presenting to customers, at events and in virtual / in-person sessions, including tailoring your narrative for different audiences. 

Here’s a summary of the role 

In this role, you will turn complex, multi-product capabilities into clear, persona-led stories that show senior decision-makers exactly how Diligent helps them manage governance, risk and compliance with AI-driven insight. You’ll own solution-level messaging and narratives for key personas, then translate them into campaigns, sales plays and launch programs that drive pipeline, win rates and cross-sell across our portfolio. You’ll work directly with Product, Product Marketing, Sales and Content to make Diligent the AI company in GRC and a growth engine for your business unit. 

Here’s a breakdown of what you’ll do (not all of it, just the important stuff) 

• Develop persona-specific, solution-level messaging grounded in market trends, buyer challenges, our products and the business outcomes your personas care about most. 

• Serve as the central point of contact for your assigned business unit, aligning with Product Management and Product Marketing from roadmap through to go-to-market execution. 

• Partner with Content and Demand Generation to define persona-led campaigns, including campaign briefs, core narratives and landing-page messaging that drive engagement and conversion. 

• Lead and support product and solution launches by applying proven launch frameworks and ensuring clear, differentiated solution-level positioning. 

• Activate analyst research and market insights into compelling stories, content and sales enablement that improve confidence, consistency and win rates. 

• Collaborate closely with Sales and Enablement to deliver persona-specific narratives, use-case stories and repeatable sales plays that help teams open, progress and close opportunities – including cross-sell into our existing customer base. 

These are the essentials you’ll need to get an interview 

• 7+ years of experience in enterprise B2B SaaS marketing, with a strong background in Product Marketing and/or Solutions Marketing. 

• Proven track record developing persona-based messaging and positioning, ideally at both product and solution / portfolio levels. 

• Experience launching products, programs or major campaigns end to end, collaborating across Product, Sales and Marketing. 

• Demonstrated ability to translate complex technology into clear, outcome-oriented stories for senior personas (e.g., legal, compliance, audit, risk, CIO). 

• Strong storytelling and communication skills – you’re comfortable building narratives, slides and briefs, and presenting them to senior stakeholders and cross-functional partners. 

• High comfort level working in a fast-moving, evolving environment, with the confidence to prioritize, push back constructively and define process where needed. 

• Experience messaging about AI and using AI tools in your work (for research, content, analysis or experimentation). 

It would be great if you had these too, but we’ll support you if you don’t 

• Experience in governance, risk and compliance (GRC) or adjacent risk/compliance markets. 

• Background marketing to Boards of Directors, General Counsel or other senior legal and risk leaders. 

• Familiarity with product marketing frameworks (e.g., SiriusDecisions, Pragmatic / Practical Marketing) and analyst relations or working with industry reports. 

• Experience building integrated campaigns in partnership with Demand Generation, Field Marketing and Sales. 

• Comfort presenting to customers, at events and in virtual / in-person sessions, including tailoring your narrative for different audiences. 

Engineering at Brex

Engineering at Brex is about building systems that scale with speed and intention. Our teams span Software, Data, Security, and IT, and operate with high autonomy and deep collaboration. We tackle hard technical problems, own our outcomes, and push for excellence at every level — from architecture to deployment. It’s an environment where engineering is a craft, and builders become leaders.

What you’ll do

As a Security Operations Engineer at Brex, you will focus on preventing, detecting and responding to security threats across Brex's corporate and cloud environments. You will use existing systems and develop tools to improve our security capabilities. Our team is responsible for functions across corporate security, detection & response and infrastructure security domains; and we perform systems engineering and automation to support those functions. 

Security Operations is part of our wider Trust & IT organization which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC and IT and to improve security configurations, drive positive employee behaviors and generally work to prevent events from becoming incidents. You will also help build and maintain our team’s open source project Substation and have the opportunity to contribute to the Brex Tech Blog. You’ll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We’re looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

Where you’ll work

This role will be based in our Seattle office. We are a hybrid environment that combines the energy and connections of being in the office with the benefits and flexibility of working from home. We currently require a minimum of three coordinated days in the office per week, Monday, Wednesday and Thursday. As a perk, we also have up to four weeks per year of fully remote work!

Responsibilities

• Work on a highly cross-functional team to prevent, detect and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping and building features, participate in designing, and maintaining tools and systems which support the team’s domains – corporate security, detection & response and infrastructure security 
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams’ respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach and an empathetic mindset when working with others

Requirements

• Bachelor’s degree in Computer Science, Engineering or related field OR equivalent training / fellowship OR 5+ years work experienceExperience working in a corporate security, detection & response or infrastructure security role with responsibilities for security alert triage and security incident response 
• Familiarity with CI/CD systems and DevOps workflows (e.g. Buildkite, Flux, Git, Terraform) in cloud environments (e.g. AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g. - SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds. We currently have around 30 nationalities represented with more than ½ the company working in a country different from the one they grew up in.

Bonus points

• Proficiency with Go and other programming languages 
• Experience with securing distributed systems in AWS, cloud and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc)

Compensation

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

Brex LLC is a wholly owned subsidiary of Capital One, N.A.

An A&A Specialist will apply appropriate information security controls in accordance with system categorization, review and update security authorization documentation/artifacts in accordance with federal mandates and client policies and procedures, develop test plans and assessment reports in support of system authorization assessments, analyze vulnerability & compliance scan results to interpret risks to the client technology landscape, and track Plan of Actions and Milestones to closure. Specialist will specifically work on A&A activities support DoD Oracle Cloud Infrastructure (OCI) migration effort.

An A&A Specialist will be able to work independently on projects & tasks.

Basic Qualifications:

• Interim or Active Secret clearance required
• Bachelor’s Degree or equivalent experience
• 5+ years of working knowledge and experience with one or more of the following Federal security frameworks (FedRAMP, FISMA, Zero Trust Maturity Model, RMF, and NIST SP 800 series and NIST SP 800-53)
• GRC tools experience (e.g. XACTA, ArchAngel, eMASS, CSAM)
• Experience with ACAS scans and mitigation and management of vulnerabilities
• Ability to identify potential threats, and create action plans using best practice
• Experience with NIST RMF and security controls

Preferred:

• Experience with DOD accreditation process
• Experience with eMASS tool
• Local to DC metro area

The work

The SAP Application Security Configurator is responsible for performing all User Management (UM) functions such as user role creations, changes, assignments, and activities including User Access Review, UM audit requests, and Segregation of Duties (SOD) Risk Assessment.

Key responsibilities:

• Lead and participate in User Access Management design, implementation, enhancement and maintenance
• Analyze, design, develop, and test Governance, Risk, and Compliance (GRC) security components
• Provide user provisioning and role design/development/testing in accordance with SoD protocol and Security Management controls

Here’s what you need:

• 4+ years of experience with SAP Application Security configuration
• Proficiency in SAP GRC Access Control and SAP Roles & Authorizations

Nice to have:

• Relevant SAP certifications
• Bachelor's degree in a related field

An ISSO will apply appropriate information security controls in accordance with system categorization, review and update security authorization documentation/artifacts in accordance with federal mandates and client policies and procedures, develop test plans and assessment reports in support of system authorization assessments, analyze vulnerability & compliance scan results to interpret risks to the client technology landscape, and track Plan of Actions and Milestones to closure. Specialist will specifically work on A&A activities support DoD Oracle Cloud Infrastructure (OCI) migration effort.

ISSO will be able to work independently on projects & tasks.

Basic Qualifications:

• 3+ years of working knowledge and experience with one or more of the following Federal security frameworks (FedRAMP, FISMA, Zero Trust Maturity Model, RMF, and NIST SP 800 series and NIST SP 800-53)
• GRC tools experience (e.g. XACTA, ArchAngel, eMASS, CSAM). 
• Experience with ACAS scans and mitigation and management of vulnerabilities
• Ability to identify potential threats, and create action plans using best practice
• Experience with NIST RMF and security controls

Preferred:

• Experience with DOD accreditation process
• Experience with eMASS tool
• Local to DC metro area
• Interim or Active Secret clearance required
• Bachelor’s Degree or equivalent experience

The work

The Senior Information System Security Officer (ISSO) ensures the security, compliance, and continuous monitoring of enterprise information systems. This role supports federal security frameworks, risk management activities, and audit readiness efforts while safeguarding sensitive organizational data. The ISSO will collaborate with technical teams, leadership, and auditors to assess vulnerabilities, maintain authorization documentation, and strengthen governance and compliance processes across the environment.

Key responsibilities:

• Support risk management and continuous monitoring activities to identify and mitigate security vulnerabilities
• Administer and maintain GRC tools to support audit logging, compliance reporting, and security control monitoring
• Prepare documentation and evidence to support federal audits (NIST 800‑53, FISMA, SOC 1/SOC 2, DATA Act, etc.)
• Maintain and update Security Authorization Package artifacts such as SSPs, Risk Assessments, and Security Control Assessments
• Support remediation activities and track audit inquiries and corrective actions
• Assist with project management functions including milestone tracking, compliance forecasting, and deliverable oversight
• Produce regular security posture reports and executive‑level dashboards
• Ensure enforcement of security policies, procedures, and RMF requirements
• Work cross‑functionally with administrators, developers, and stakeholders to integrate security best practices
• Translate complex technical vulnerabilities into clear, actionable insights for leadership and auditors

Here’s what you need:

• 7–9 years of experience in cybersecurity, compliance, or audit
• Strong knowledge of GRC, RMF, NIST 800‑53, FISMA, SOC 1/SOC 2, and federal cybersecurity guidelines
• Experience supporting security compliance within enterprise or ERP environments
• Proficiency with GRC tools and audit logging platforms
• Strong analytical and problem‑solving skills to assess root causes and recommend mitigations
• Ability to manage multiple tasks in a fast‑paced, audit‑driven environment
• Excellent written and verbal communication skills, with the ability to simplify complex topics for non‑technical audiences
• Demonstrated collaboration skills across functional and technical teams

Nice to have:

• CISSP, CISM, CAP, Security+, or similar certifications
• Experience supporting federal agency audits
• Familiarity with SIEM platforms (e.g., Splunk) or endpoint detection and response tools
• Experience developing and delivering security awareness training

Eligibility requirements:

• Must hold an active TS clearance
• US Citizen (no dual citizenship)

The work

The Subject Matter Expert (SME) for SAP Governance Risk and Compliance (GRC) Process Controls (PC) will provide expert guidance throughout the S/4HANA implementation project. This person will be responsible for SAP GRC-PC, SAP Process Controls, and SAP Security to ensure robust internal controls are enabled within the new S/4HANA environment.

Key responsibilities:

• Collaborate with project teams to define, document, and validate control requirements and governance inputs for solution design
• Support the implementation and deployment of SAP GRC Process Controls in alignment with SAP best practices and standards
• Work closely with stakeholders to ensure timely access to financial data, improved process efficiencies, and enhanced user experience through effective controls enablement
• Participate in solution validation activities to ensure compliance with internal and external governance requirements
• Advise on risk mitigation strategies and support the development of control frameworks for the S/4HANA solution
• Provide ongoing support and subject matter expertise during the migration from SAP ECC to S/4HANA

Here’s what you need:

• 3+ years of experience with SAP Governance Risk and Compliance (GRC) Process Controls
• Experience with SAP S/4 HANA full cycle implementations
• Experience with SAP GRC-PC, SAP Process Controls, and SAP Security

Nice to have:

• Bachelor's degree in a related field
• Relevant SAP certifications

Eligibility Requirement:

• US Citizenship

Position Overview:  

The Services team has deep, cross‑sector expertise in corporate governance, audit, risk, compliance, and regulatory environments, and the scale to deliver significant change smoothly with global, flexible, and reliable outcomes. Their vision is to partner as trusted advisors, working in joint teams that complement client strengths with the right mix of talent.  

An Advisory Specialist delivers governance, and within an entity management system solutions and typically owns defined work streams from discovery through go‑live. They lead discovery, translate requirements into technical design documents, configure and iterate Diligent One prototypes, and drive UAT and client enablement through training and issue management. Operating within standard project methodology, they communicate timelines and risks across teams and are measured on utilization, SLA/turnaround, CSAT/quality, and on‑time administrative hygiene. 

Key Responsibilities  

• Deliver end-to-end Professional Services across the customer journey and product enablement, ensuring quality and timely outcomes. 
• Partner across the customer lifecycle with PS management, Customer Success, and stakeholders (e.g., Sales, PM, PMM, Marketing) to align on goals and execution. 
• Leverage and continually deepen Domain/Industry/Product expertise to advise best practices for solution rollout and project execution. 
• Lead implementation independently by understanding client program goals and data processes, configuring with Diligent methodology, and enabling users. 
• Provide prescriptive guidance and training on product usage to drive adoption and outcomes, ensuring an excellent customer experience. 
• Collaborate with Delivery Managers to triage and route new service requests appropriately while maintaining scope, schedule, and quality. 

Required Experience/Skills  

• 1–3 years of experience in internal or external client-facing or consulting roles. 
• Embody a Customer First mindset, operating with urgency, excellence, and accountability to customer outcomes and experiences. 
• Maintain high quality and process discipline, with strong attention to detail and accuracy while following procedures with stakeholders and customers. 
• Manage time effectively and multitask in fast-paced environments, collaborating as part of a team to deliver under tight timeframes and adapt to change. 
• Proactively solve problems and embrace new challenges, communicating effectively through presentations and workshops and engaging customer personnel to resolve GRC requirements and goals. 
• Passionate about GRC and have relevant professional accreditations planned, in progress, or obtained (e.g., CIA, CISA, CRISC, CISSP, CPA). 

Preferred Experience/Skills  

• GRI Sustainability Reporting, ISB, or other relevant certifications. 
• Undergraduate degree in a related field (e.g., Business Administration, Compliance Management, Legal & Ethics, Supply Chain, Engineering, Information Security, MIS). 
• Experience with GRC and/or analytics tools is a plus; background with platform-based products/solutions. 

Position Overview:  

You are passionate about technology, creatively and commercially driven and are fully committed to a beautiful customer experience. You lead customer adoption project teams to drive adoption of Diligent’s GRC solutions, and support business development activities.  

Key Responsibilities  

• Act as a trusted advisor and leverage your deep domain and practical GRC skills, knowledge and experience to help your customers realize their risk and compliance program vision, goals, and objectives. 
• Advise clients on the best approach based on this experience and engage in successful expectations management. 
• Manage projects to ensure project risks are proactively identified, communicated, and mitigated. 
• Mobilize proper team resources to ensure projects are delivered successfully, delays and overruns are minimized, and project efficiencies and budgets are managed and proactively communicated. 
• Provide oversight and monitoring of services during the entire implementation lifecycle with a focus on: 
  • Capturing high quality business requirements. 
  • Creating design & walk-through documents and solution workflow diagrams. 
  • Designing/Architecting product implementation. 
  • Enabling customers to adopt and use our platform. 
  • Maintaining balance between customer expectations and project team satisfaction.
• Partner with Product Managers acting as a conduit between customer expectations and product development, identifying trends and recommending system improvements and new features. 
• Partner with Sales and/or Solution Consultants in pre-sales activities such as solutions development; product demonstrations; RFP responses; implementation scope, effort & price estimates; and contracting (Statements of Work etc.) 
• Collaborate with Client Partners in identifying barriers to adoption of Diligent’s products and in developing strategies and approaches to remove these barriers and increase adoption. 
• Identify expansion opportunities by exposing existing customers to the breath of Diligent solutions that can help enhance their GRC journey.  
• Develop and execute on a suitable training plan that helps you grow as a professional and remain relevant to Diligent’s customer base 
• Maintain quality service by enforcing quality and customer service standards; analysing and resolving quality and customer service problems  
• Provide coaching and mentoring of Senior Specialists and Specialist team members on project management customer enablement and domain. 

Required Experience/Skills  

• 7 plus years' experience as practitioner with domain knowledge in one or more of these areas: Audit, Internal and Regulatory Compliance, and/or Risk Management (Enterprise, IT, Regulatory and/or Third Party).  
• FedRAMP experience required.
• Experience with CMMC and NIST frameworks.
• 2-4 years’ experience running Risk or Compliance Programs.
• 2-4 managing implementations of large-scale technology products across industries. 
• Demonstrated experience delivering projects under formal governance frameworks (PMI, PMP, PRINCE2, or federal program standards).
• Experience in client management and business development within those clients. 
• Effective skills in persuasion and influence, as well as an ability to enthuse and inspire. 
• Drive and determination to succeed in a dynamic company and growing team. 
• Track record of successful project delivery management in an enterprise or to enterprise customers with a dynamic and complex technical / regulatory environment.  
• Exceptional communication and presentation skills including great public speaking skills and workshop facilitation. 
• Exceptional knowledge of business processes and the ability to solve business problems using a combination of technology and process changes.

Preferred Experience/Skills  

• Ability to lead or follow as the situation mandates.
• CPA/CA, CIA, CISA, CISSP, CMA, RICS APC, PMP or other relevant certification desired. 
• Ability to travel up to 20%. 

Position Overview

The Field Marketing Manager, Americas will own and scale the field marketing engine for a high-impact business unit, directly influencing pipeline growth, accelerating revenue, and shaping how we go to market across the region.

This is a highly visible role that blends strategy and execution. You’ll design and orchestrate integrated campaigns, events, webinars, and ABM programs; working side-by-side with Sales and cross-functional Marketing teams to turn ideas into measurable business outcomes.

If you’re equal parts strategist, operator, and innovator; and excited to leverage AI to unlock smarter, faster marketing - this role is for you.

Key Responsibilities

• Lead the development and execution of pod-level field marketing plans aligned to regional and business unit goals. 

• Partner closely with Sales to identify and activate priority plays that progress opportunities through the funnel and into bookings. 

• Build scalable field marketing programs and infrastructure, leveraging AI to improve efficiency, targeting and insights. 

• Shape team-wide processes and workflows and provide day-to-day guidance and coaching to Field Marketing Specialists and Senior Specialists, exerting influence without formal authority. 
• Strategy and Planning
  • Own the field marketing strategy and annual plan for an assigned Americas pod or business unit, aligned to shared MQL, pipeline and bookings targets. 
  • Translate GTM plays and regional priorities into integrated field programs that pull the right marketing levers at the right time across the customer journey. 
  • Use data, insights and AI tools to seize opportunities, refine targeting, and continuously optimize program mix and investment. 
• Campaigns, Events & ABM
  • Design and execute multi-channel field campaigns, including events, webinars, ABM motions and localized programs that support both new logo and expansion goals. 
  • Own end-to-end delivery of field marketing activities — brief development, project management, enablement, execution and debriefs — with extreme attention to detail and operational rigor. 
  • Partner with Demand Generation, Product Marketing, Brand, and Corporate Events to ensure Americas field programs are on-brand, on-message and coordinated across channels. 
• Sales & Cross-Functional Partnership 
  • Build strong, trust-based relationships with Sales leaders and AEs in the assigned pod/region; act as the primary marketing counterpart for planning and performance reviews. 
  • Align on coverage models, territories, key accounts and follow-up expectations with BDR/SDR teams; ensure smooth handoffs from MQL to opportunity and into bookings. 
  • Collaborate with other Field Marketing Managers across Americas to share best practices, standardize processes and identify opportunities to scale what works. 
• AI-Enabled Execution & Innovation 
  • Champion the use of AI across field marketing workflows — from audience and target account list refinement to content creation, testing and reporting — to increase throughput and impact. 
  • Pilot new AI-driven tactics in partnership with Brand, Content and Demand Generation, and document learnings to inform broader adoption. 
• Measurement, Reporting & Optimization 
  • Own pod-level field targets and KPIs; track and report on MQLs, opportunities, pipeline and bookings influenced by field programs, as well as marketing ROI. 
  • Build regular performance readouts for Sales and Marketing leadership, surfacing insights, risks and recommended optimizations. 
  • Use data to identify gaps in the funnel, propose corrective actions, and test alternative approaches to unlock growth. 

Required Experience/Skills

• 5+ years of B2B SaaS field marketing or closely related experience (e.g., growth, revenue, campaign marketing), with a track record of driving pipeline and bookings with Sales. 
• Deep experience building and executing integrated field programs across tactics such as events, webinars, ABM and partner campaigns. 
• Demonstrable capability with AI tools, with real use cases that improve operational excellence, visibility and speed-to-impact in marketing programs. 
• Motivated self-starter with a “get stuff done” mindset and the ability to set priorities, manage multiple projects and hit deadlines with limited oversight. 
• Strong interpersonal and communication skills (written and verbal), including comfort presenting to and influencing senior Marketing and Sales leaders. 
• Proven ability to partner and develop strong relationships across all levels of a complex, matrixed commercial organization. 
• Highly organized, process-driven operator with strong project management skills and extreme attention to detail. 
• Commercial, strategic and data-driven mindset; uses data and reporting to make decisions, optimize plans and demonstrate impact against regional growth goals. 
• Proficiency with core marketing and productivity tools (e.g., Salesforce, Marketo, Wrike, Microsoft Office Suite) and comfort adopting new AI-powered technologies. 
• Familiarity with the GRC space and experience working in a complex matrixed organization are strong pluses. 

Position Overview

The Customer Success Manager (CSM) II, Public Sector manages a portfolio of accounts and ensures an outstanding customer experience, as measured by NPS, net revenue retention, referrals, and product usage.

The CSM II performs hands-on account management activities and collaborates with cross-functional teams to coordinate successful onboarding, training, adoption, and ongoing customer relationships that drive long-term satisfaction and accelerated net retention growth. The CSM II is the primary day-to-day contact for the customer relationship across Diligent products and specifically engages with Public Sector agencies, accounts, and partners.

Key Responsibilities

• Renew and grow a portfolio of customer accounts by proactively anticipating needs, recommending additional products and services, and providing an excellent customer experience as measured by revenue retention and product usage.
• Increase overall client satisfaction with Diligent, as measured through Net Promoter Score and other feedback mechanisms.
• Provide a seamless, best-in-class customer experience through all phases of the customer lifecycle, including onboarding, training, adoption, and renewal.
• Successfully manage multiple clients and products in an organized and meticulous manner, always keeping projects and tasks moving forward.
• Build and maintain strong direct relationships with key client stakeholders, including senior administrators, C-Suite, and Directors, ensuring consistent engagement and value realization.
• Collaborate internally as the voice of the customer across other departments, including sales, expansion, services, marketing, finance, customer transactions, and operations teams.
• Partner with the Expansion Sales team to spot, qualify, and pass on expansion opportunities.
• Facilitate, alongside the Implementation team, the rollout of the core Boards product and modules with senior client stakeholders, including C-Suite and Directors.
• Seek out client advocacy initiatives, such as references, case studies, testimonials, participation in events, and peer-to-peer networking.

Required Experience/Skills

• 2–5 years of Customer Success, Account Management, or post-sales experience required.
• Public Sector experience required, preferably working with agencies, councils, or other public bodies.
• Experience in SaaS enterprise-level account management.
• Experience in sales CRM applications such as Salesforce.
• Proven ability to build and maintain strong client relationships with multiple stakeholders, including senior decision-makers.
• Excellent communication and presentation skills, with the ability to manage and influence multiple stakeholders.
• Strong problem-solving ability and a natural curiosity about the client’s business needs and objectives.
• High level of resilience and a positive attitude when faced with adversity.
• Passionate about technology with a solution-centric mindset.