Senior IT Risk and Compliance Professional
Veracode
CloudCyber SecurityGo
Job Level
Mid-LevelSenior
Tech Stack
Cloud
About the role
- Lead customer due diligence efforts by managing security questionnaires, RFPs, and other compliance-related inquiries.
- Map and track contractual security requirements across our diverse customer base, ensuring seamless compliance.
- Refine and enhance enterprise contracts, particularly in the security and compliance sections, to align with customer needs.
- Collaborate with engineers to document and analyze how data flows through our platform, ensuring transparency and security.
- Respond to technical diligence inquiries from customer IT and InfoSec teams, addressing topics like AI strategy and data isolation.
- Maintain and evolve public-facing trust materials, including security documentation, to reinforce customer confidence.
- Support SOC 2 audits and future certifications (e.g., ISO 27001), ensuring we stay ahead of industry standards.
- Design scalable internal processes to track and manage compliance obligations efficiently.
- Report to the Security Engineering Lead and help define how GRC operates at a fast-moving AI company.
Requirements
- Deep understanding of modern cloud platforms and how they are architected and secured.
- Curiosity and technical expertise, with a willingness to explore systems and data flows in detail.
- Proven experience with SOC 2, ISO 27001, or similar audits, either as a leader or key contributor.
- Exceptional organizational skills, with a detail-oriented approach to managing contractual requirements.
- Strong communication skills, enabling you to work seamlessly across legal, sales, and engineering teams.
- Hands-on experience with tools like Vanta or Drata (Bonus Points).
- Familiarity with regulatory frameworks such as GDPR, CCPA, or others (Bonus Points).
- Thrive in fast-paced environments; startup experience and high-intensity workstyle.
- Ambitious, curious, autonomous, collaborative, organized, and thoughtful (Who You Are).
