FluidStack

Program Manager, Security & Compliance

FluidStack

full-time

Posted on:

Origin:  • 🇺🇸 United States • New York

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

Cloud

About the role

  • Scale and enhance Fluidstack’s compliance program, aligning it with business goals and regulatory frameworks.
  • Develop compliance roadmaps, policies, and procedures tailored to startup speed, remote workforces, and datacenter environments.
  • Implement automated systems for evidence collection and tracking to ensure Fluidstack is always audit-ready.
  • Lead compliance initiatives focused on SOC 2, ISO 27001, and NIST subsets, while preparing for future frameworks like FedRAMP and Rand.
  • Manage audits and certifications end-to-end, serving as the main point of contact for auditors, regulators, consultants, and customers.
  • Scope compliance requirements to balance short-term certifications with long-term program growth.
  • Build and maintain a control framework across applicable standards; monitor and test controls regularly to validate readiness.
  • Use GRC platforms (Vanta, Drata, Tugboat Logic, Archer, SecureFrame, or equivalent) and Atlassian tools (Jira, Confluence) to streamline compliance management.
  • Provide compliance training and reminders to staff involved in audits.
  • Deliver dashboards and reports on compliance status, program maturity, and audit outcomes for leadership and stakeholders.
  • Support customer and partner assurance by responding to compliance inquiries.
  • Collaborate with customers, datacenter owners, consultants, and partners to align compliance requirements across shared projects.

Requirements

  • 5+ years in compliance or IT audit, with experience scaling programs in high-growth startups.
  • Hands-on experience with SOC 2, ISO 27001, and some NIST subsets.
  • Exposure to datacenter compliance and physical security assessments.
  • Experience scoping compliance requirements across frameworks and customer needs.
  • Familiarity with GRC tools (Vanta, Drata, Tugboat Logic, Archer, SecureFrame, or equivalent) and Atlassian (Jira, Confluence).
  • Strong project management and communication skills.
  • Relevant certifications (e.g., CISA, CRISC, ISO 27001 Lead Auditor) (preferred).
  • Experience scaling compliance programs in high-growth startups with hybrid (cloud + datacenter) infrastructure (preferred).
  • Familiarity with frameworks such as FedRAMP and Rand (preferred).
  • Experience with customer assurance processes, security questionnaires, RFPs, and communicating compliance posture to customers, auditors, and regulators (preferred).