Job Description:
• Partner directly with the Senior Manager of GRC to lead our commercial audit programs
• Own the question of what "good evidence" looks like across SOC 2 Type II, ISO 27001/27017/27018, and ISO 27701
• Help build the AI-assisted workflows and automation that make our audit programs more efficient
• Directly lead technical audit walkthroughs
• Define and maintain the evidence library
• Execute deep-dive control testing and gap analysis
Requirements:
• 5+ years of experience in GRC, compliance, or audit, with a meaningful portion spent as an auditor
• Deep hands-on experience with SOC 2 Type II; strong working knowledge of ISO 27001 and related standards (27017, 27018, 27701)
• Demonstrated experience leading technical audit walkthroughs with external auditors
• The ability to define what "good evidence" looks like for each control domain
• Proven ability to design and execute control testing
• Ability to work cross-functionally with Engineering, IT, Security, and People teams
• Strong written and verbal communication skills
• Experience with compliance automation platforms (Drata, Vanta, Secureframe, or equivalent)
• A builder's instinct
Benefits:
• health, dental, 401k and many others
• generous paid time off
• equity grant
• participation in our incentive programs