Program Manager, Security & Compliance
FluidStack
full-time
Posted on:
Location: New York • 🇺🇸 United States
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
Cloud
About the role
- Scale and enhance Fluidstack’s compliance program, aligning it with business goals and regulatory frameworks.
- Develop compliance roadmaps, policies, and procedures tailored to startup speed, remote workforces, and datacenter environments.
- Implement automated systems for evidence collection and tracking to ensure Fluidstack is always audit-ready.
- Lead compliance initiatives focused on SOC 2, ISO 27001, and NIST subsets, while preparing for future frameworks like FedRAMP and Rand.
- Manage audits and certifications end-to-end, serving as the main point of contact for auditors, regulators, consultants, and customers.
- Scope compliance requirements to balance short-term certifications with long-term program growth.
- Build and maintain a control framework across applicable standards; monitor and test controls regularly to validate readiness.
- Use GRC platforms (Vanta, Drata, Tugboat Logic, Archer, SecureFrame, or equivalent) and Atlassian tools (Jira, Confluence) to streamline compliance management.
- Provide compliance training and reminders to staff involved in audits.
- Deliver dashboards and reports on compliance status, program maturity, and audit outcomes for leadership and stakeholders.
- Support customer and partner assurance by responding to compliance inquiries.
- Collaborate with customers, datacenter owners, consultants, and partners to align compliance requirements across shared projects.
Requirements
- 5+ years in compliance or IT audit, with experience scaling programs in high-growth startups.
- Hands-on experience with SOC 2, ISO 27001, and some NIST subsets.
- Exposure to datacenter compliance and physical security assessments.
- Experience scoping compliance requirements across frameworks and customer needs.
- Familiarity with GRC tools (Vanta, Drata, Tugboat Logic, Archer, SecureFrame, or equivalent) and Atlassian (Jira, Confluence).
- Strong project management and communication skills.
- Relevant certifications (e.g., CISA, CRISC, ISO 27001 Lead Auditor) (preferred).
- Experience scaling compliance programs in high-growth startups with hybrid (cloud + datacenter) infrastructure (preferred).
- Familiarity with frameworks such as FedRAMP and Rand (preferred).
- Experience with customer assurance processes, security questionnaires, RFPs, and communicating compliance posture to customers, auditors, and regulators (preferred).