Replit: Cloud-based platform for building and hosting software applications.
8+ YOE8+ years in GRC or information security; deep cloud (GCP/AWS) and security architecture; strong regulatory experience; automation mindset with GRC tools.
GCP, AWS, Vanta, Drata, SOC 2, ISO 27001, PCI, HIPAA
ButterflyMX: Smart video intercom and building access control systems.
3+ YOE3+ years in GRC or risk/compliance; SOC 2 audit experience; Vanta experience; familiarity with NIST/ISO frameworks; strong writing and organizational skills; proven use of AI tooling to automate GRC workflows.
Charlie Health: Providing virtual intensive outpatient programs for mental health and recovery.
5+ YOE5+ years in GRC/security engineering; hands-on experience building automated controls, continuous control monitoring, audit evidence pipelines; familiarity with HIPAA, SOC 2, NIST, ISO 27001 and enterprise systems.
Charlie Health: Provides virtual intensive outpatient programs and mental health therapy services.
5+ YOE5+ years in GRC/security engineering or related technical discipline; hands-on experience translating compliance into automated controls; familiarity with HIPAA, SOC 2, NIST, ISO 27001; scripting and API automation experience; strong cross-functional communication.
Life360NASDAQ: LIF: Mobile app and hardware for family safety and location tracking.
5+ YOE5+ years in GRC or security engineering; AI tool usage; Python coding; evidence collection from cloud APIs; experience with SOC 2, ISO 27001, SOX ITGC, and NIST AI RMF; Bachelor's degree or equivalent.
Python, APIs, Git, Cloud platforms, GRC platforms, AI tools
Postman: Platform for building, testing, and managing software APIs.
6+ YOE6+ years GRC experience in tech, SOC2/ISO27001/HIPAA/GDPR/CCPA/FedRAMP knowledge, proficiency in Python or JavaScript, experience integrating GRC tooling, and strong communication.
NinjaTrader: Provides futures brokerage services and a trading software platform.
3+ YOE3–5 years in GRC/IT audit/security compliance; hands-on SOC 2/ISO 27001/SOX audits; scripting/automation with Python and REST APIs; familiarity with major cloud platforms and CI/CD; strong documentation and stakeholder skills.
Workstreet: AI-powered cybersecurity and compliance services for high-growth startups.
3+ YOE3+ Mgmt3+ years GRC experience with SOC 2/ISO 27001/NIST CSF, 3+ years people leadership, client relationship management, project management, policy development, strong written and verbal English.
Berlin or Iași or London or New York City or São Paulo
HybridFull Time
Taktile: Platform for automated financial risk and credit decisioning.
4+ YOE4+ years GRC or security compliance at a SaaS company; owned SOC 2 program; Vanta/Drata/Secureframe experience; hands-on scripting against AWS for automated evidence; strong written communication.
ezCater: Online marketplace for business catering and food for work
8+ YOE8+ years in security GRC or compliance for SaaS/cloud; deep knowledge of ISO-27001, NIST CSF, SOC 2, ITGC, PCI; experience automating control testing and evidence collection; familiarity with Policy-as-Code (Terraform), AWS, GitHub; strong communication.
CloudflareNYSE: NET: Provides security and performance services for internet properties.
5+ YOE5+ years in security/compliance/automation; strong automation and IaC/Policy-as-Code experience (Terraform, Pulumi, OPA/Rego); proficiency with Python/Go, JS/TypeScript, React, REST APIs; AI governance experience.
NintendoTokyo Stock Exchange: 7974: Develops and publishes video games and gaming hardware worldwide.
4+ YOE4+ years in security development and risk-based compliance; architecture of network/app security; scripting; experience with standards/regulatory frameworks.
ZBD: Financial infrastructure and payment platform for the gaming economy.
3+ YOE3+ years in security governance, cloud and application security, risk management, and third-party risk; experience with Infrastructure as Code (Terraform/OpenTofu), Linux, Git/GitLab and CI/CD; strong security and compliance skills.
fal: Generative media infrastructure and high-performance AI inference platform.
Experience designing and running governance, risk, and compliance programs (SOC 2, ISO 27001, GDPR), conducting risk and vendor assessments, supporting audits and customer security reviews, and validating security controls in cloud/AI infrastructure.
Blue Origin: Develops reusable rockets and systems for human spaceflight.
10+ YOE10+ years in information security risk management; experience with NIST, ISO 27001/28000, SOC, CMMC; cloud-native, IT and OT security experience; ability to automate compliance and build GRC dashboards.
Temporal: Platform for building and running reliable distributed applications.
8+ YOE8+ years in GRC or information security compliance; hands-on with SOC2/ISO27001/HIPAA or similar; experienced managing SIG/CAIQ questionnaires; scripting/automation with Python or Bash; strong customer-facing and risk assessment skills.