CompanyCam

Security & Compliance Lead

CompanyCam

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $175,000 - $205,000 per year

Job Level

Senior

About the role

  • Own day-to-day operations of our SOC 2 Type II compliance program (powered by Vanta), including evidence collection, control monitoring, and audit readiness
  • Serve as the security & compliance subject matter expert for engineering and product teams, maintaining internal documentation and consulting during product design and delivery
  • Coordinate annual third-party penetration testing: schedule tests, triage findings, track remediation, and schedule retests
  • Manage and maintain our customer-facing Trust Center, ensuring disclosures on security, privacy, and compliance are current
  • Review procurement and vendor contracts for security-related requirements and risks
  • Respond to security questionnaires and due diligence requests from prospective customers and partners
  • Collaborate with Legal to translate regulatory and contractual requirements into clear engineering specifications and support subpoena responses
  • Maintain and improve security policies, conduct risk assessments, and support remediation efforts across teams
  • Promote a strong security culture through awareness training and supporting secure-by-default engineering practices
  • Stay informed about emerging threats and evolving compliance obligations
  • Be the cornerstone of CompanyCam’s security and compliance, directly influencing customer trust and satisfaction
  • Enable engineering and product teams to build and ship with confidence by embedding security and compliance best practices early in development
  • Drive continuous improvement in our security posture, helping scale governance sustainably as we grow
  • Strengthen CompanyCam’s market position by maintaining a robust Trust Center and ensuring compliance with evolving regulations
  • Collaborate cross-functionally to shape security culture and practices, empowering teams and reducing organizational risk
  • Must-haves: 4+ years experience in security compliance, GRC, or a related function, ideally in a B2B SaaS environment
  • Must-haves: Hands-on experience with SOC 2, ISO 27001, GDPR, CCPA/CPRA, or similar compliance frameworks
  • Must-haves: Experience supporting or administering a GRC platform like Vanta, Drata, or Tugboat Logic
  • Must-haves: Skilled in managing security questionnaires, audit evidence collection, and vendor risk assessments
  • Must-haves: Strong written communication skills, able to translate complex compliance requirements into clear, actionable guidance
  • Must-haves: Comfortable working cross-functionally with engineering, legal, external auditors, and customers
  • Must-haves: Track record of maintaining or building Trust Centers and compliance documentation
  • Must-haves: You live and work permanently in the U.S. (We’re not set up to hire outside the U.S.)

Requirements

  • 4+ years experience in security compliance, GRC, or a related function, ideally in a B2B SaaS environment
  • Hands-on experience with SOC 2, ISO 27001, GDPR, CCPA/CPRA, or similar compliance frameworks
  • Experience supporting or administering a GRC platform like Vanta, Drata, or Tugboat Logic
  • Skilled in managing security questionnaires, audit evidence collection, and vendor risk assessments
  • Strong written communication skills, able to translate complex compliance requirements into clear, actionable guidance
  • Comfortable working cross-functionally with engineering, legal, external auditors, and customers
  • Track record of maintaining or building Trust Centers and compliance documentation
  • You live and work permanently in the U.S. (We’re not set up to hire outside the U.S.)