Own and drive WRITER's security compliance program end-to-end including managing SOC 2 Type II audits, ISO Triad (27001/27701/42001) certification, and expanding our compliance coverage to meet emerging customer requirements in regulated industries like financial services and healthcare
Lead customer assurance efforts by responding to security questionnaires, DDQs, and RFPs from enterprise customers, maintaining our trust portal with up-to-date security documentation, and partnering with Sales to remove security blockers that could delay major deals
Build and maintain WRITER's security governance framework including creating and updating security policies, access control standards, vendor risk procedures, incident response plans, and AI-specific governance documentation that addresses model training, data handling, and responsible AI deployment
Conduct continuous control monitoring and evidence collection by implementing automated compliance workflows, tracking remediation activities across teams, performing control testing, and ensuring we maintain audit-ready documentation throughout the year instead of scrambling before audits
Drive risk assessments and third-party vendor security reviews by evaluating supplier controls, identifying and quantifying security risks across our AI platform and infrastructure, and working cross-functionally to prioritize and track remediation efforts
Partner with Engineering and Product teams to embed compliance into the development lifecycle by reviewing architecture decisions for security and privacy implications, ensuring secure-by-design principles are followed for new AI features, and translating regulatory requirements into technical controls that developers can actually implement
Serve as the primary point of contact for external auditors and assessors, coordinating evidence collection, scheduling interviews, addressing findings, and ensuring audit processes run smoothly while minimizing disruption to the broader team

Requirements

2+ years of hands-on experience in GRC, security compliance, or audit roles within fast-paced tech companies or startups—you understand how to build compliance programs that enable growth rather than slow it down
Deep working knowledge of security frameworks and certifications including SOC 2 Type II, ISO 27001, GDPR, CCPA, and familiarity with emerging AI governance requirements—you've led audits from planning through certification and can speak confidently about control requirements
Strong technical literacy that allows you to evaluate cloud security architectures, understand API security, review access control implementations, and have credible conversations with engineers about security controls—you don't need to write code but you need to understand how systems work
Excellent project management abilities with the skill to juggle multiple audits, customer questionnaires, policy updates, and remediation initiatives simultaneously while keeping stakeholders informed and projects moving forward without constant oversight
Outstanding communication skills that enable you to explain complex compliance requirements in clear, actionable language to technical and non-technical audiences alike—you can craft policies that engineers will actually follow and present risk scenarios that executives will understand
Natural curiosity about AI governance and emerging regulatory landscape including AI-specific frameworks, model risk management, data privacy implications of AI training, and responsible AI principles—you're excited to help define best practices in an evolving space
Alignment with WRITER's values of Connect (building trusted relationships with customers, auditors, and cross-functional teams), Challenge (pushing beyond checkbox compliance to create governance that truly reduces risk), and Own (taking full accountability for WRITER's security posture and customer trust)

Benefits

Generous PTO, plus company holidays
Medical, dental, and vision coverage for you and your family
Paid parental leave for all parents (12 weeks)
Fertility and family planning support
Early-detection cancer testing through Galleri
Flexible spending account and dependent FSA options
Health savings account for eligible plans with company contribution
Annual work-life stipends for:
Wellness stipend for gym, massage/chiropractor, personal training, etc.
Learning and development stipend
Company-wide off-sites and team off-sites
Competitive compensation, company stock options and 401k

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GRCsecurity complianceauditSOC 2 Type IIISO 27001GDPRCCPAcloud security architectureAPI securityaccess control

Soft Skills

project managementcommunicationstakeholder managementcuriosityrelationship buildingaccountabilityproblem-solvingadaptabilitycollaborationcritical thinking

Certifications

SOC 2 Type IIISO 27001ISO 27701ISO 42001