diff --git a/.eleventy.js b/.eleventy.js index ce53c1e..edb9f92 100644 --- a/.eleventy.js +++ b/.eleventy.js @@ -1,9 +1,60 @@ +function toValidDate(value) { + if (!value) return null; + const date = new Date(value); + return Number.isNaN(date.getTime()) ? null : date; +} + +function sortByRecent(a, b) { + const aDate = toValidDate(a.data.posted_date) || toValidDate(a.date) || new Date(0); + const bDate = toValidDate(b.data.posted_date) || toValidDate(b.date) || new Date(0); + return bDate - aDate; +} + +function isLiveJob(data) { + const status = String(data.status || "published").toLowerCase(); + if (["draft", "expired", "filled", "archived"].includes(status)) return false; + + const expires = toValidDate(data.expires_date); + if (!expires) return true; + + const today = new Date(); + today.setHours(0, 0, 0, 0); + return expires >= today; +} + +function asArray(value) { + if (Array.isArray(value)) return value; + if (value === undefined || value === null || value === "") return []; + return [value]; +} + +function normalizedSet(values) { + return new Set(asArray(values).map((item) => String(item).toLowerCase())); +} + +function overlapScore(sourceSet, values, weight) { + return asArray(values).reduce((score, value) => { + return score + (sourceSet.has(String(value).toLowerCase()) ? weight : 0); + }, 0); +} + module.exports = function (eleventyConfig) { eleventyConfig.ignores.add("README.md"); + eleventyConfig.ignores.add("AGENTS.md"); + eleventyConfig.ignores.add("CLAUDE.md"); eleventyConfig.ignores.add("CONTRIBUTING.md"); eleventyConfig.ignores.add("CODE_OF_CONDUCT.md"); + eleventyConfig.ignores.add("snapshot-nav.md"); + eleventyConfig.ignores.add(".impeccable.md"); eleventyConfig.ignores.add(".github/**"); + eleventyConfig.ignores.add(".agent/**"); + eleventyConfig.ignores.add(".agents/**"); + eleventyConfig.ignores.add(".claude/**"); + eleventyConfig.ignores.add(".crush/**"); + eleventyConfig.ignores.add(".kiro/**"); eleventyConfig.ignores.add("engineers/_template.md"); + eleventyConfig.ignores.add("jobs/_template.md"); + eleventyConfig.ignores.add("jobs/**/_template.md"); eleventyConfig.addCollection("engineers", function (api) { return api @@ -11,21 +62,33 @@ module.exports = function (eleventyConfig) { .filter((item) => item.page.fileSlug !== "_template"); }); + eleventyConfig.addCollection("allJobs", function (api) { + return api + .getFilteredByGlob("jobs/**/*.md") + .filter((item) => !String(item.page.fileSlug || "").startsWith("_")) + .sort(sortByRecent); + }); + + eleventyConfig.addCollection("jobs", function (api) { + return api + .getFilteredByGlob("jobs/**/*.md") + .filter((item) => !String(item.page.fileSlug || "").startsWith("_")) + .filter((item) => isLiveJob(item.data)) + .sort(sortByRecent); + }); + eleventyConfig.addPassthroughCopy("site/assets"); eleventyConfig.addPassthroughCopy({ "site/CNAME": "CNAME" }); eleventyConfig.addFilter("uniqueValues", function (collection, field) { const seen = new Map(); collection.forEach((item) => { - const arr = item.data[field]; - if (Array.isArray(arr)) { - arr.forEach((v) => { - if (v) { - const key = v.toLowerCase(); - if (!seen.has(key)) seen.set(key, v); - } - }); - } + asArray(item.data[field]).forEach((v) => { + if (v) { + const key = String(v).toLowerCase(); + if (!seen.has(key)) seen.set(key, v); + } + }); }); return [...seen.values()].sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()) @@ -36,16 +99,13 @@ module.exports = function (eleventyConfig) { const counts = {}; const canonical = {}; collection.forEach((item) => { - const arr = item.data[field]; - if (Array.isArray(arr)) { - arr.forEach((v) => { - if (v) { - const key = v.toLowerCase(); - if (!canonical[key]) canonical[key] = v; - counts[key] = (counts[key] || 0) + 1; - } - }); - } + asArray(item.data[field]).forEach((v) => { + if (v) { + const key = String(v).toLowerCase(); + if (!canonical[key]) canonical[key] = v; + counts[key] = (counts[key] || 0) + 1; + } + }); }); return Object.entries(counts) .sort((a, b) => b[1] - a[1]) @@ -70,6 +130,39 @@ module.exports = function (eleventyConfig) { return social.urlPrefix ? social.urlPrefix + value : value; }); + eleventyConfig.addFilter("readableDate", function (value) { + const date = toValidDate(value); + if (!date) return value; + return new Intl.DateTimeFormat("en-US", { + month: "short", + day: "numeric", + year: "numeric" + }).format(date); + }); + + eleventyConfig.addFilter("relatedEngineers", function (engineers, specializations, frameworks, languages, limit) { + const specSet = normalizedSet(specializations); + const frameworkSet = normalizedSet(frameworks); + const languageSet = normalizedSet(languages); + + return (engineers || []) + .map((engineer) => { + const score = + overlapScore(specSet, engineer.data.specializations, 4) + + overlapScore(frameworkSet, engineer.data.frameworks, 2) + + overlapScore(languageSet, engineer.data.languages, 1); + + return { engineer, score }; + }) + .filter((item) => item.score > 0) + .sort((a, b) => { + if (b.score !== a.score) return b.score - a.score; + return a.engineer.data.name.localeCompare(b.engineer.data.name); + }) + .slice(0, limit || 3) + .map((item) => item.engineer); + }); + return { dir: { input: ".", diff --git a/.github/workflows/deploy-site.yml b/.github/workflows/deploy-site.yml index db77ac8..99d9e43 100644 --- a/.github/workflows/deploy-site.yml +++ b/.github/workflows/deploy-site.yml @@ -4,7 +4,9 @@ on: branches: [main] paths: - 'engineers/*.md' + - 'jobs/**' - 'site/**' + - 'scripts/**' - '.eleventy.js' - 'package.json' - 'package-lock.json' diff --git a/.github/workflows/import-jobs.yml b/.github/workflows/import-jobs.yml new file mode 100644 index 0000000..c55e1cf --- /dev/null +++ b/.github/workflows/import-jobs.yml @@ -0,0 +1,46 @@ +name: Import Jobs + +on: + schedule: + - cron: '17 11 * * *' + workflow_dispatch: + +jobs: + import-jobs: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 20 + cache: npm + + - name: Install dependencies + run: npm ci + + - name: Import jobs + env: + GREENHOUSE_BOARDS: ${{ secrets.GREENHOUSE_BOARDS }} + ASHBY_JOB_BOARDS: ${{ secrets.ASHBY_JOB_BOARDS }} + run: npm run import:jobs + + - name: Commit and push changes + run: | + git config --local user.email "github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + git add jobs + git diff --staged --quiet || git commit -m "docs: refresh imported jobs" + git pull --rebase origin main + git push + + - name: Notify Slack of new jobs + if: success() + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + run: node scripts/notify-slack.js diff --git a/.github/workflows/process-submission.yml b/.github/workflows/process-submission.yml index 3b6a0f8..da8a254 100644 --- a/.github/workflows/process-submission.yml +++ b/.github/workflows/process-submission.yml @@ -21,14 +21,55 @@ jobs: const issue = context.payload.issue; const body = issue.body || ''; - // --- Extract markdown from code fence --- - const match = body.match(/\s*```yaml\n([\s\S]*?)```/); - if (!match) { + function parseSubmissionBody(issueBody) { + const encodedMatch = issueBody.match( + /\s*([A-Za-z0-9+/=\s]+?)\s*/ + ); + + if (encodedMatch) { + const encoded = encodedMatch[1].replace(/\s+/g, ''); + const decoded = Buffer.from(encoded, 'base64').toString('utf8'); + const payload = JSON.parse(decoded); + if (!payload || typeof payload.markdown !== 'string' || !payload.markdown.trim()) { + throw new Error('Submission payload did not contain markdown.'); + } + return payload.markdown; + } + + const legacyMatch = issueBody.match(/\s*```yaml\n([\s\S]*?)```/); + if (legacyMatch) { + return legacyMatch[1]; + } + + return null; + } + + let content; + try { + content = parseSubmissionBody(body); + } catch (error) { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: issue.number, + body: '❌ We could not decode the submission payload in this issue. Please return to the [submission form](https://directory.grcengclub.com/submit/), copy a fresh payload, and submit a new issue.' + }); + await github.rest.issues.update({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: issue.number, + state: 'closed', + state_reason: 'not_planned' + }); + return; + } + + if (!content) { await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: issue.number, - body: '❌ Could not parse profile content from this issue. Please use the [submission form](https://directory.grcengclub.com/submit/) to resubmit.' + body: '❌ Could not find a valid submission payload in this issue. Please return to the [submission form](https://directory.grcengclub.com/submit/), paste the copied payload into the issue body, and submit a new issue.' }); await github.rest.issues.update({ owner: context.repo.owner, @@ -39,7 +80,6 @@ jobs: }); return; } - const content = match[1]; // --- Parse required fields from YAML frontmatter --- const ghMatch = content.match(/^github:\s*"([^"]+)"/m); @@ -59,7 +99,8 @@ jobs: }); return; } - const username = ghMatch[1]; + const username = ghMatch[1].trim(); + const normalizedUsername = username.toLowerCase(); const nameMatch = content.match(/^name:\s*"([^"]+)"/m); const profileName = nameMatch ? nameMatch[1] : username; @@ -87,7 +128,7 @@ jobs: return; } - const filename = `engineers/${username}.md`; + const filename = `engineers/${normalizedUsername}.md`; // --- Label the issue for bookkeeping --- try { @@ -101,19 +142,45 @@ jobs: // Label may not exist yet — not critical } - // --- Check if profile already exists --- - try { - await github.rest.repos.getContent({ + async function findExistingProfileByGithub() { + const entries = await github.rest.repos.getContent({ owner: context.repo.owner, repo: context.repo.repo, - path: filename, + path: 'engineers', ref: 'main' }); + + for (const entry of entries.data) { + if (entry.type !== 'file' || !entry.name.endsWith('.md') || entry.name === '_template.md') { + continue; + } + + const file = await github.rest.repos.getContent({ + owner: context.repo.owner, + repo: context.repo.repo, + path: entry.path, + ref: 'main' + }); + + const fileContent = Buffer.from(file.data.content, 'base64').toString('utf8'); + const fileGithubMatch = fileContent.match(/^github:\s*"?(.*?)"?$/m); + if (!fileGithubMatch) continue; + + if (fileGithubMatch[1].trim().toLowerCase() === normalizedUsername) { + return entry.path; + } + } + + return null; + } + + const existingProfilePath = await findExistingProfileByGithub(); + if (existingProfilePath) { await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: issue.number, - body: `⚠️ A profile for **@${username}** already exists. If you'd like to update it, please open a pull request editing \`${filename}\` directly.` + body: `⚠️ A profile for **@${username}** already exists at \`${existingProfilePath}\`. If you'd like to update it, please open a pull request editing that file directly.` }); await github.rest.issues.update({ owner: context.repo.owner, @@ -123,9 +190,6 @@ jobs: state_reason: 'completed' }); return; - } catch (e) { - if (e.status !== 404) throw e; - // File doesn't exist — proceed } // --- Create branch --- @@ -135,7 +199,7 @@ jobs: ref: 'heads/main' }); - const branchName = `profile/${username}`; + const branchName = `profile/${normalizedUsername}`; try { await github.rest.git.createRef({ owner: context.repo.owner, diff --git a/.gitignore b/.gitignore index 9650b89..6fa4a88 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,20 @@ _site/ node_modules/ .playwright-mcp/ -*.png +.firecrawl/ +/*.png + +# Local AI / agent tooling state +.agent/ +.agents/ +.claude/ +.crush/ +.kiro/ +CLAUDE.md +skills-lock.json + +# Local design and session notes +.impeccable.md + +# OS clutter +.DS_Store diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..bdfa60d --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,19 @@ +# Repository Guidelines + +## Project Structure & Module Organization +This repository is an Eleventy-powered static site for the GRC Engineer Directory. Content lives in `engineers/*.md`; each file is one profile page and must follow the schema in `engineers/_template.md`. Site templates and page sources live under `site/`, especially `site/_includes/layouts/`, `site/_includes/partials/`, and `site/_data/`. Frontend assets are in `site/assets/css/` and `site/assets/js/`. Build output is generated into `_site/` and should not be committed by hand. Automation and validation rules live in `.github/workflows/`. + +## Build, Test, and Development Commands +Install dependencies once with `npm install`. Use `npm run serve` to start Eleventy with live reload at `http://localhost:8080`. Use `npm run build` to generate the production site in `_site/`. There is no separate unit test suite; the main local verification step is a clean build plus checking the rendered pages in the dev server. + +## Coding Style & Naming Conventions +Follow the existing style: 2-space indentation in JavaScript, JSON, Nunjucks, and YAML frontmatter; semicolons in JS; and straightforward ES5-style browser code unless a file already uses newer syntax. Keep template and asset filenames kebab-case, such as `engineer-card.njk` and `filter-bar.njk`. Engineer profile filenames must match the `github` frontmatter value exactly: `engineers/.md`. + +## Testing & Validation Guidelines +Before opening a PR, run `npm run build` and confirm the relevant page renders correctly. For profile submissions, verify required frontmatter fields (`name`, `github`, `specializations`) and keep links well-formed. The `validate-submission.yml` workflow rejects mismatched filenames, invalid GitHub usernames, empty specializations, and dangerous HTML in markdown bodies. + +## Commit & Pull Request Guidelines +Recent history uses short imperative prefixes like `fix:`, `docs:`, `improve:`, and `redesign:`. Keep commit subjects brief and descriptive, for example `fix: tighten homepage filter spacing`. For PRs, follow `.github/PULL_REQUEST_TEMPLATE/engineer-submission.md`, keep changes scoped, and explain any content or layout impact. For profile additions, include the profile summary and checklist; for UI changes, add screenshots when the rendered result changes. + +## Content & Automation Notes +Do not hand-edit generated README table entries between `BEGIN_ENGINEER_LIST` markers; the update workflow rewrites that section. Avoid inline scripts or embedded HTML in profile bodies, and prefer standard Markdown plus frontmatter-driven data. diff --git a/README.md b/README.md index 472ce24..359c14f 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ A community-driven directory of Governance, Risk, and Compliance (GRC) engineers | **[Jessica Barnwell](engineers/Gorg-jess32.md)** | Audit & Assurance, Cloud Security, Compliance Automation, Identity & Access Management, Incident Response, Risk Management, Security Operations | HIPAA, HITRUST, ISO 27001, NIST 800-53, NIST 800-171 | [GitHub](https://github.com/Gorg-jess32), [LinkedIn](https://www.linkedin.com/in/jessicabarnwell/) | | **[John Bommeraveni Joseph](engineers/Johnbjoseph-cybersec.md)** | Audit & Assurance, Compliance Automation, Identity & Access Management, Privacy, Risk Management, Security Governance, Third-Party Risk, Vulnerability Management, AI Governance, Cloud Governance | GDPR, HIPAA, ISO 27001, ISO 42001, NIST AI RMF, NIST CSF, NIST RMF, PCI-DSS, SOC 2 | [GitHub](https://github.com/Johnbjoseph-cybersec), [LinkedIn](https://www.linkedin.com/in/john-bj/) | | **[Sharaden Cole](engineers/Lokage7.md)** | Audit & Assurance, Cloud Security, Compliance Automation, Identity & Access Management, Privacy, Risk Management, Security Architecture, Security Governance, Third-Party Risk | FedRAMP, HIPAA, HITRUST, ISO 27001, NIST 800-53, NIST 800-171, NIST CSF, NIST RMF, PCI-DSS, SOC 2 | [GitHub](https://github.com/Lokage7), [LinkedIn](https://www.linkedin.com/in/sharadencole) | +| **[Mamta Sakuja](engineers/Mamt74.md)** | Audit & Assurance, Cloud Security, Security Governance, AI Governance, Cloud Governance | FedRAMP, GovRAMP, HIPAA, HITRUST, ISO 27001, ISO 27017, ISO 27018, NIST 800-53, NIST 800-171, NIST CSF, NIST RMF, PCI-DSS, SOC 2, StateRAMP | [GitHub](https://github.com/Mamt74), [LinkedIn](https://www.linkedin.com/in/mamta-s-16ab287) | | **[MaryAnna Moore](engineers/MaryAnnaMoore07.md)** | Identity & Access Management, Incident Response, Security Operations, Vulnerability Management | GDPR, HIPAA, NIST 800-53, NIST 800-171, NIST RMF, PCI-DSS, SOC 2 | [GitHub](https://github.com/MaryAnnaMoore07), [LinkedIn](https://www.linkedin.com/in/maryanna-moore/) | | **[Orlando Pizarro](engineers/Orlando-GRCengineer.md)** | Audit & Assurance, Compliance Automation, Risk Management, Security Governance, AI Governance, Cloud Governance | CMMC, FedRAMP, NIST 800-53, NIST 800-171, NIST AI RMF, NIST CSF, NIST RMF | [GitHub](https://github.com/Orlando-GRCengineer), [LinkedIn](https://www.linkedin.com/in/orlando-pizarro-851b12357/) | | **[Steven Smith](engineers/SmittyStuff.md)** | Privacy, Risk Management, Security Architecture, Security Governance, Data Protection, Encryption & Masking | CMMC, HIPAA, HITRUST, ISO 27001, NIST 800-53, NIST 800-171, NIST CSF, NIST RMF, PCI-DSS, SOC 2 | [GitHub](https://github.com/SmittyStuff), [LinkedIn](https://www.linkedin.com/in/steven-smith-itnet/) | @@ -35,6 +36,7 @@ A community-driven directory of Governance, Risk, and Compliance (GRC) engineers | **[Ethan Troy](engineers/ethanolivertroy.md)** | Compliance Automation, Cloud Security, Security Architecture, Offensive Security | FedRAMP, NIST 800-53, NIST CSF, SOC 2, CMMC | [GitHub](https://github.com/ethanolivertroy), [LinkedIn](https://www.linkedin.com/in/ethantroy/) | | **[Garima Kakkar](engineers/garimakakkar.md)** | Audit & Assurance, Compliance Automation, Privacy, Risk Management, Security Governance, Third-Party Risk, AI Governance, Cloud Governance | CCPA, EU AI Act, GDPR, ISO 27001, ISO 42001, NIST 800-53, NIST AI RMF, SOC 2 | [GitHub](https://github.com/garimakakkar), [LinkedIn](https://www.linkedin.com/in/garima-kakkar-54456b60/) | | **[Gregory Wilson](engineers/gregorywilsonjr.md)** | Audit & Assurance, Cloud Security, Compliance Automation, Identity & Access Management, Security Architecture, Security Operations, Vulnerability Management, DevSecOps, Zero-Touch Compliance | CSA STAR, ISO 27001, NIST 800-53, PCI-DSS | [GitHub](https://github.com/gregorywilsonjr), [LinkedIn](https://www.linkedin.com/in/gregorywilsonjr) | +| **[Pradeep Reddy](engineers/iampradeeprs.md)** | Audit & Assurance, Compliance Automation, Risk Management, Security Governance, Third-Party Risk, AI Governance, Cloud Governance | FedRAMP, GDPR, HIPAA, HITRUST, ISO 27001, ISO 42001, NIST 800-53, NIST 800-171, NIST AI RMF, NIST CSF, NIST RMF, PCI-DSS, SOC 2, StateRAMP | [GitHub](https://github.com/iampradeeprs), [LinkedIn](https://www.linkedin.com/in/infosecpradeep/) | | **[Jonathan Steward](engineers/jonathansteward.md)** | Audit & Assurance, Compliance Automation, Risk Management, Third-Party Risk, AI Governance | ISO 27001, NIST CSF, NIST RMF, SOC 2 | [GitHub](https://github.com/jonathansteward), [LinkedIn](https://www.linkedin.com/in/jonathansteward97) | | **[Kyle Cain](engineers/kfcain.md)** | Cloud Security, Compliance Automation, Identity & Access Management, Risk Management, Security Architecture, Security Governance, Security Operations, Third-Party Risk, Vulnerability Management | CMMC, FedRAMP, GovRAMP, ISO 27001, ISO 42001, NIST 800-53, NIST 800-171 | [GitHub](https://github.com/kfcain), [LinkedIn](https://www.linkedin.com/in/kylecain) | | **[Fola Falusi](engineers/kraneduper.md)** | Audit & Assurance, Cloud Security, Compliance Automation, Offensive Security, Risk Management, Security Architecture, Security Governance, Security Operations, Vulnerability Management | ISO 27001, NIST 800-53, NIST CSF, NIST RMF, PCI-DSS | [GitHub](https://github.com/kraneduper), [LinkedIn](https://www.linkedin.com/in/folajimi-falusi/) | diff --git a/engineers/0xBahalaNa.md b/engineers/0xBahalaNa.md index bde2a3b..b62743a 100644 --- a/engineers/0xBahalaNa.md +++ b/engineers/0xBahalaNa.md @@ -13,6 +13,7 @@ title: GRC Engineer location: California linkedin: https://linkedin.com/in/luigi-carpio +website: https://luigicarpio.dev blog: https://medium.com/@0xBahalaNa credly: https://www.credly.com/users/luigi-carpio/badges diff --git a/jobs/_template.md b/jobs/_template.md new file mode 100644 index 0000000..47f6de3 --- /dev/null +++ b/jobs/_template.md @@ -0,0 +1,44 @@ +--- +title: "Senior GRC Engineer" +company: "Example Security" +slug: "example-security-senior-grc-engineer" +status: "published" +source: "Manual" +sources: + - "Manual" +source_url: "https://example.com/careers" +role_url: "https://example.com/careers/senior-grc-engineer" +apply_url: "https://example.com/careers/senior-grc-engineer" +posted_date: "2026-04-06" +expires_date: "2026-05-06" +location: "Remote — United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" +frameworks: + - "FedRAMP" + - "SOC 2" +languages: + - "Python" + - "Terraform" +compensation: "$170k - $210k" +summary: "Lead automation and control engineering across a growing GRC platform." +--- + +## Role overview + +Describe the role, team, and mission in plain language. + +## What you'll work on + +- Major responsibility +- Major responsibility +- Major responsibility + +## Why this role fits the directory + +Explain the frameworks, specializations, and tools the job actually uses so engineer matching works well. diff --git a/jobs/imported/.gitkeep b/jobs/imported/.gitkeep new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/jobs/imported/.gitkeep @@ -0,0 +1 @@ + diff --git a/jobs/imported/ashby/ashby-1password-8880085e-5005-4dcd-b186-58f42e6a1766.md b/jobs/imported/ashby/ashby-1password-8880085e-5005-4dcd-b186-58f42e6a1766.md new file mode 100644 index 0000000..7d0db13 --- /dev/null +++ b/jobs/imported/ashby/ashby-1password-8880085e-5005-4dcd-b186-58f42e6a1766.md @@ -0,0 +1,151 @@ +--- +title: "Senior Security Engineer, GRC Automation" +company: "1password" +slug: "ashby-1password-8880085e-5005-4dcd-b186-58f42e6a1766" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/1password?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/1password/8880085e-5005-4dcd-b186-58f42e6a1766" +apply_url: "https://jobs.ashbyhq.com/1password/8880085e-5005-4dcd-b186-58f42e6a1766/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "Remote (United States | Canada)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" +languages: + - "Python" + - "JavaScript" + - "Rust" +compensation: "$156,000 - $210,000" +summary: "1Password is growing faster than ever. We’ve surpassed $400M in ARR and we’re continuing to accelerate, earning a spot on the Forbes Cloud 100 for four years in a row and teaming..." +--- + +1Password is growing faster than ever. We’ve surpassed $400M in ARR and we’re continuing to accelerate, earning a spot on the Forbes Cloud 100 for four years in a row and teaming up with iconic partners like Oracle Red Bull Racing and the Utah Mammoth. + +About 1Password + +At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work. + +If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future. + +Trust is earned — and we’re building the systems to earn it at scale. 1Password is looking for a Senior Security Engineer – GRC to design and implement automation, dashboards, and integrations that power our Governance, Risk, and Compliance (GRC) operations. + +You’ll partner directly with the Senior Manager of GRC to build automation that scales our security and privacy commitments — from audit readiness and policy enforcement to customer trust workflows. A key focus for this role will be operationalizing our newly selected GRC platform , integrating it with our internal systems, and ensuring it supports automated, scalable assurance processes across the organization. + +This is a hands-on technical role for someone who’s passionate about making GRC repeatable, visible, and built into how the company works. It sits at the intersection of security engineering, compliance, and platform operations — ideal for someone with a solutions engineering or DevSecOps background who thrives in high-context, high-impact environments. + +This is a remote opportunity within the US or Canada. + +What we're looking for: + +- 5+ years of experience in security engineering, DevSecOps, solutions engineering, or GRC automation roles. +- Proven experience working with GRC, compliance, or audit teams to build automation that supports evidence collection, control testing, or security monitoring. +- Direct experience implementing and integrating GRC platforms (e.g., Drata, Vanta, Tines, JupiterOne) into production environments. +- Strong scripting and integration skills using Python, JavaScript, APIs, webhooks, or workflow automation tools. +- Ability to work cross-functionally with Security, Compliance, Legal, and Infrastructure teams to translate policies into scalable technical systems. +- Familiarity with compliance frameworks such as SOC 2, ISO 27001, or NIST 800-53, and how they map to real-world infrastructure and operations. +- Experience applying automation or AI tools to improve GRC, audit, or assurance workflows, with an understanding of validation, accuracy, and trust tradeoffs. +- Familiarity with AI governance, privacy, and security considerations for LLMs and agentic systems (e.g., sensitive data exposure, prompt injection, system misuse). +- Ability to evaluate where AI-driven approaches are appropriate in GRC workflows versus where deterministic controls and human review are required. +- Builder mindset with modern tools (including AI), with the ability to experiment, evaluate, and operationalize solutions rather than only consume them. + +Bonus points if you have: + +- Hands-on experience with event-driven automation platforms like Tines and their use in control validation and alerting. +- Expertise in building evidence pipelines, tagging telemetry, or creating GRC dashboards (e.g., Looker, Metabase). +- Strong understanding of cloud-native security architecture and its relationship to compliance controls (e.g., AWS IAM, encryption, logging). +- Experience working in customer trust, privacy engineering, or supporting sales/GTM teams with compliance assurance content. +- Experience supporting AI governance, AI risk assessments, or privacy-by-design reviews for AI-enabled systems. +- Experience applying AI to audit, compliance, or third-party risk workflows in a way that improves scale while preserving trust, traceability, and human oversight. + +What you can expect: + +- Lead the implementation and integration of our GRC platform, ensuring it is fully operationalized across key systems and workflows. +- Build automated workflows for control testing, evidence collection, and audit readiness. +- Develop and maintain integrations between the GRC platform and systems of record (e.g., ticketing systems, IAM, asset inventories, configuration management). +- Design dashboards and reporting to track control health, trust signals, and audit performance. +- Collaborate with teams across Security, GRC, and Engineering to embed compliance into operational processes such as onboarding, change management, and incident response. +- Shape the roadmap for automated, resilient internal assurance infrastructure that grows alongside the business. +- Help define and operationalize scalable assurance approaches for internal AI usage and AI-enabled product capabilities. +- Build automated workflows that support AI governance activities such as control mapping, policy enforcement, and audit readiness. +- Partner with Security, Privacy, Legal, Product, and Engineering to translate AI-related trust and compliance requirements into practical, measurable systems and controls. +- Evaluate and improve how GRC processes account for non-deterministic systems, connected AI agents, and AI-powered third-party vendors. + +USA-based roles only: The annual base salary for this role is between $156,000 USD and $210,000 USD, plus immediate participation in 1Password's benefits program (health, dental, 401k and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs. + +Canada-based roles only: The annual base salary for this role is between $143,000 CAD and $193,000 CAD, plus immediate participation in 1Password’s generous benefits program (health, dental, RRSP and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs. + +At 1Password, we approach each individual's compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set. + +This posting is for an existing vacancy. + +Our culture + +At 1Password, we prioritize collaboration, clear and transparent communication, receptiveness to feedback, and alignment with our core values: keep it simple, lead with honesty, and put people first. + +You’ll be part of a team that challenges the status quo, and is excited to experiment and iterate in search of the best solution. That said, 1Password is not for everyone (https://blog.1password.com/inside-the-culture-powering-1passwords-next-chapter/). Our work is demanding, we strive for excellence, and the pace is fast. We need people who are keen to take on challenging problems, who seek feedback to grow, and who are driven to make an impact. If you're looking for a place where you can settle into a comfortable routine, this might not be the right fit for you. We’re looking for individuals who are proven experts in their fields, as well as those who are highly adaptable, can thrive in ambiguity and through change, are curious, and above all deliver results. + +How we work with AI + +We are committed to leveraging cutting-edge technology—including AI—to achieve our mission. We also understand that thinking critically about AI in its current forms will help us create better solutions for our customers and ourselves with its future forms, which will help us continue to close the gap between security and privacy and achieve our mission. We want team members at all levels to take the approach of actively learning AI best practices, identifying opportunities to apply AI in meaningful ways, and driving innovative solutions in their daily work. Embracing the future of AI isn't just encouraged—it's an essential part of how we will be successful at 1Password. + +This approach extends to our hiring process—candidates are welcome to use AI tools responsibly and thoughtfully during the application process. + +Our approach to remote work + +We believe in the power of remote work, but recognize that in-person connection is important to help us achieve our mission. While we are a remote-first company, travel for in-person engagement is a part of almost all roles, and we require our employees to be ready and willing to take part. Frequency will depend on role and responsibilities, and may include, but is not limited to: annual department-wide offsites, team meetings, and customer/industry events. + +What we offer + +We believe in working hard, and rewarding that hard work through our benefits. While not an exhaustive list, here is a glance at what we currently offer: + +Health and wellbeing + +👶 Maternity and parental leave top-up programs + +🩺 Competitive health benefits + +🏝 Generous PTO policy + +Growth and future + +📈 RSU program for most employees + +💸 Retirement matching program + +🔑 Free 1Password account + +Community + +🤝 Paid volunteer days + +🏆 Peer-to-peer recognition through Bonusly + +🌎 Remote-first work environment + +*Some roles in our GTM team are currently being hired for in-person hybrid work in Toronto and Austin. These roles will specify on the posting. + +You belong here. + +1Password is proud to be an equal opportunity employer. We are committed to fostering an inclusive, diverse and equitable workplace that is built on trust, support and respect. We welcome all individuals and do not discriminate on the basis of gender identity and expression, race, ethnicity, disability, sexual orientation, colour, religion, creed, gender, national origin, age, marital status, pregnancy, sex, citizenship, education, languages spoken or veteran status. Be yourself, find your people and share the things you love. + +Accommodation is available upon request at any point during our recruitment process. If you require an accommodation, please speak to your talent acquisition partner or email us at nextbit@agilebits.com and we’ll work to meet your needs. + +Remote work is a part of our DNA. Given that our company was founded remotely in 2005, we can safely say we're experts at building remote culture. That said, remote work at 1Password does mean working from your home country. If you've got questions or concerns about this, your talent partner would be happy to address them with you. + +Successful applicants will be required to complete a background check that may consist of prior employment verification, reference checks, education confirmation, criminal background, publicly available social media, credit history, or other information, as permitted by local law. + +1Password uses artificial intelligence (AI) and machine learning (ML) technologies, including natural language processing and predictive analytics, to assist in the initial screening of employment applications and improve our recruitment process. See here (https://www.ashbyhq.com/downloadables/ashby-bias-audit-08-2024.pdf) for the latest third party bias audit information. If you prefer not to have your application assessed using AI/ML features, you may opt out by completing this form (https://jobs.ashbyhq.com/1password/automation-notice) . For additional information see our Candidate Privacy Notice (https://1password.com/files/candidate-privacy-notice.pdf) . diff --git a/jobs/imported/ashby/ashby-atlan-7120f73f-e653-4316-9d1a-590aa3cb2911.md b/jobs/imported/ashby/ashby-atlan-7120f73f-e653-4316-9d1a-590aa3cb2911.md new file mode 100644 index 0000000..7955459 --- /dev/null +++ b/jobs/imported/ashby/ashby-atlan-7120f73f-e653-4316-9d1a-590aa3cb2911.md @@ -0,0 +1,118 @@ +--- +title: "Senior GRC Engineer" +company: "Atlan" +slug: "ashby-atlan-7120f73f-e653-4316-9d1a-590aa3cb2911" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/atlan?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/atlan/7120f73f-e653-4316-9d1a-590aa3cb2911" +apply_url: "https://jobs.ashbyhq.com/atlan/7120f73f-e653-4316-9d1a-590aa3cb2911/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "India" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "ISO 42001" + - "HIPAA" +languages: + - "Rust" +compensation: "" +summary: "Who We Are Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm. Today, 95% of AI pilots fail because AI systems don’t..." +--- + +## Who We Are + +Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm. Today, 95% of AI pilots fail because AI systems don’t understand the context behind data: what it means, how it’s governed, and how it should be used. + +Atlan connects to every part of the modern data and AI stack to unify this context into a single, shared layer that both humans and AI agents can rely on. With Atlan, teams can discover, understand, and trust their data; build and collaborate on a shared body of knowledge; and activate that context across analytics, operations, and AI workflows.Trusted by global enterprises like Mastercard, Workday, General Motors, Unilever, Ralph Lauren, FOX, Nasdaq, and Medtronic , we’re backed by world-class investors including GIC, Insight Partners, Meritech, Peak XV, and Salesforce Ventures + +Why this Role Matters? + +At Atlan, compliance isn't overhead — it's a competitive advantage that closes deals. We serve 450+ enterprise customers across healthcare, finance, and other regulated industries where security posture directly influences buying decisions. + +You'll own and mature our compliance program across SOC 2, ISO 27001, ISO 42001, GDPR, and HIPAA — while building toward next-generation certifications like FedRAMP. But this isn't a maintenance role. You're joining as the technical architect of our Continuous GRC Maturity Program: a 12-month, executive-sponsored initiative to transform compliance from manual firefighting into automated, scalable infrastructure. + +This role sits on our GRC & Platform Security team and operates with significant autonomy. If you've ever thought "there has to be a better way to do compliance," this is your chance to build it. + +What you'll own + +- Compliance program maturity — Lead end-to-end audit execution across SOC 2, ISO 27001, ISO 42001, ISO 27701, HIPAA, and GDPR. Own auditor relationships, coordinate cross-functional evidence collection, and maintain year-round audit readiness. +- Next-generation framework adoption — Drive FedRAMP readiness: assess platform gaps, build roadmaps, and turn new certifications into planned projects rather than fire drills. +- Enterprise risk management — Build and mature Atlan's risk management program. Identify, assess, and track risks across security, operational, compliance, and third-party domains. Turn abstract risk conversations into measurable metrics with clear ownership and quarterly leadership reviews. +- Third-party risk management — Own Atlan's vendor security assessment program end-to-end: tiered vendor reviews, security questionnaires, risk scoring, and ongoing monitoring. Balance vendor risk against business need at scale. +- Compliance automation infrastructure — Integrate our GRC platform with cloud infrastructure, CI/CD pipelines, HR systems, and product engineering tooling to automate evidence collection and continuous control testing. Reduce manual audit prep effort significantly. +- Controls that prove themselves — Partner with engineering and product teams to design technical controls that automatically generate auditable evidence. Implement continuous testing that catches gaps before auditors do. +- Continuous controls monitoring — Design and operate real-time visibility into control effectiveness: automated dashboards, live control status, and alerting that surfaces gaps before audit cycles begin — not during them. +- Organizational compliance capability — Build awareness programs, run training for engineering and cross-functional teams, and create self-service dashboards that make compliance easy. Make secure-by-default the path of least resistance. + +What makes you a strong match + +Compliance depth + +- 5+ years owning SOC 2 Type II and/or ISO 27001 audits end-to-end — you've been the point person coordinating auditors, collecting evidence, and managing findings +- Hands-on experience across multiple frameworks: SOC 2, ISO 27001, ISO 42001, and at least two of GDPR, HIPAA, ISO 27701, FedRAMP, or CCPA +- Regulatory intelligence mindset — you track emerging requirements and build readiness roadmaps before compliance becomes urgent + +Technical automation + +- Experience with modern GRC platforms (Vanta, Drata, Secureframe, or similar) extended via API — not just out-of-box configuration +- Comfortable with REST APIs, JSON, OAuth, and CI/CD integrations + +Program and stakeholder maturity + +- Built or maintained risk registers, facilitated leadership risk reviews, and turned risk conversations into concrete action plans +- Customer-facing experience: security questionnaires, trust portals, or supporting enterprise sales cycles with compliance documentation +- Able to influence engineering, product, HR, legal, and IT without formal authority — you're an enabler, not a gatekeeper + +AI-augmented GRC + +- You actively use AI tools to accelerate compliance work: drafting control narratives, triaging risk findings, generating evidence summaries, and building AI-assisted workflows for continuous monitoring. +- You understand enough about AI systems to assess their risk implications — not just use them as productivity tools. + +High agency + +- You drive toward outcomes without waiting for perfect requirements. +- You identify problems and build solutions. +- You thrive in ambiguity. + +Nice to have + +- CISA, CRISC, CISM, or CGRC certification +- FedRAMP or NIST framework hands-on implementation experience +- Prior security engineering background before moving into GRC +- Vanta Trust Center or similar trust portal experience +- Hands-on experience applying AI/LLMs to GRC workflows — automated questionnaire responses, AI-assisted risk triage, policy generation, or compliance gap analysis + +## Why Atlan? + +Joining Atlan means being part of a global movement to help data teams do their life’s best work. Here’s what you can expect: + +- Competitive Compensation: We benchmark at the top of the market and keep compensation simple: strong base salary, performance‑based variable pay, and impact‑driven equity (for most roles), so your total rewards grow in step with the value you create over time. +- AI Native Culture: Atlan is where AI-native builders come to build the systems the future of work will run on. AI isn’t an add-on, it’s woven into how we build, think, and work every day, empowering every Atlanian to move faster and create a bigger impact. +- Health & Wellness : From Day‑1 health, dental, vision, and mental health to flexible health stipends, we design benefits offerings that lead in each country we're in. +- Flexible Time Off & Leave Policies: We trust you to own your energy: flexible time off and modern leave so you can unplug properly, support yourself and your loved ones, and come back ready to drive an impact. +- Accelerated Growth & Learning: Develop at an uncommon velocity through cutting-edge tech, complex implementations, and an experienced team that values mastery. +- Global, Remote-First, High-Trust: Work from anywhere with a diverse team across 15+ countries, in a trust-first, async environment that gives you true flexibility and ownership over how you work. + +## More About Us + +Atlan is building the shared context layer that enterprises need so AI can operate on trusted, governed context. The conversation has moved from data leaders asking: “Can we trust the data in our stack?” to businesses asking: “Can we trust AI inside the business?” + +We are the missing infrastructure for businesses becoming AI-forward - the connective tissue between their data stack, operational systems, and AI agents. Recognized as an industry-leading metadata, catalog, and data governance platform , we’ve been named a Leader by both Gartner and Forrester across enterprise data catalogs, metadata management, and governance. To learn more, visit www.atlan.com (http://www.atlan.com) and follow us on LinkedIn (https://www.linkedin.com/company/atlan-hq/posts/?feedView=all) + +Equal Opportunity Employer + +Atlan is committed to building an inclusive, diverse, and authentic workplace. We do not discriminate based on race, color, religion, national origin, age, disability, sex, gender identity or expression, sexual orientation, marital status, military or veteran status, or any other legally protected characteristic. diff --git a/jobs/imported/ashby/ashby-crusoe-8d491b45-092a-40c9-809c-1751f1c7a56f.md b/jobs/imported/ashby/ashby-crusoe-8d491b45-092a-40c9-809c-1751f1c7a56f.md new file mode 100644 index 0000000..f32518b --- /dev/null +++ b/jobs/imported/ashby/ashby-crusoe-8d491b45-092a-40c9-809c-1751f1c7a56f.md @@ -0,0 +1,103 @@ +--- +title: "Staff GRC Engineer" +company: "Crusoe" +slug: "ashby-crusoe-8d491b45-092a-40c9-809c-1751f1c7a56f" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/Crusoe?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/Crusoe/8d491b45-092a-40c9-809c-1751f1c7a56f" +apply_url: "https://jobs.ashbyhq.com/Crusoe/8d491b45-092a-40c9-809c-1751f1c7a56f/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "San Francisco, CA - US" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "HIPAA" + - "GDPR" +languages: + - "Python" + - "Terraform" + - "JavaScript" +compensation: "$190,000 - $215,000" +summary: "Crusoe is on a mission to accelerate the abundance of energy and intelligence . As the only vertically integrated AI infrastructure company built from the ground up, we own and..." +--- + +Crusoe is on a mission to accelerate the abundance of energy and intelligence . As the only vertically integrated AI infrastructure company built from the ground up, we own and operate each layer of the stack — from electrons to tokens — to power the world's most ambitious AI workloads. When you join Crusoe, you join a team that is building the future, faster. + +We're in the midst of the greatest industrial revolution of our time. The demand for AI compute is boundless, and power is a bottleneck. We're solving that — with an energy-first approach that makes AI infrastructure better for the world and faster for the people innovating with AI. + +We're looking for problem-solving, opportunity-finding teammates with a sense of urgency, who believe in the scale of our ambition and thrive on a path not fully paved — people who want to grow their careers alongside a team of experts across energy, manufacturing, data center construction, and cloud services. + +If you want to do the most meaningful work of your career, help our customers and partners advance their AI strategies, and be part of a high-performing team that believes in each other, come build with us at Crusoe. + +About This Role + +We’re seeking a Sr. GRC Engineer to design, build, and operate the automation and tooling that powers our Governance, Risk, and Compliance program. Reporting to the Head of GRC, this is an engineer-first role focused on replacing manual compliance workflows with scalable, code-driven systems. + +You’ll build automation across evidence collection, control monitoring, and risk reporting; embedding compliance directly into engineering and infrastructure pipelines so it becomes continuous, not periodic. Deep regulatory expertise isn’t required, but you should understand how compliance requirements translate into automatable controls and repeatable workflows. + +What You’ll Be Working On + +- Designing and maintaining automation workflows that replace manual compliance processes (evidence collection, control testing, policy monitoring, audit reporting) +- Writing production-grade scripts, services, and integrations (Python, JavaScript, YAML, etc.) that connect GRC platforms to internal systems and CI/CD pipelines +- Implementing and customizing GRC platforms (e.g., Vanta, AuditBoard, Drata) through APIs, configuration, and custom automation +- Building dashboards and reporting systems that provide real-time visibility into control health and risk posture +- Embedding compliance checks into engineering workflows so evidence collection and monitoring happen continuously +- Applying AI and LLM-based tools to streamline GRC workflows such as evidence review, control mapping, and risk analysis +- Partnering with Security, IT, and Engineering teams to ensure GRC tooling integrates cleanly into existing environments +- Supporting audits through automated data collection and evidence generation +- Providing technical guidance and training to teams on GRC automation best practices + +What You’ll Bring to the Team + +- 5+ years in a technical role with strong experience in automation, scripting, and systems integration +- Strong programming skills in Python, JavaScript, or similar languages with experience shipping automation to production +- Experience with infrastructure-as-code and automation tools (e.g., Terraform, Ansible, Jenkins) +- Hands-on API integration experience across cloud platforms, SaaS tools, identity systems, and security tooling +- Familiarity with GRC platforms and the ability to extend them through code and automation +- Working knowledge of cloud environments (GCP preferred; AWS/Azure exposure helpful) +- Practical understanding of compliance and risk frameworks (SOC 2, ISO 27001, NIST, HIPAA, GDPR) and how they translate into controls +- Experience applying AI tools to automate workflows and scale operational processes +- Strong communication skills with the ability to bridge engineering and compliance teams + +Bonus Points + +- Certifications such as CISSP, CISA, or CRISC +- Experience embedding compliance controls directly into CI/CD (DevSecOps practices) +- Background in security or infrastructure engineering +- Familiarity with quantitative risk frameworks (FAIR, COSO, ISO 31000) +- Experience building continuous monitoring or continuous compliance systems + +Benfits + +- Competitive compensation +- Restricted Stock Units +- Paid time off & paid holidays +- Comprehensive health, dental & vision insurance +- Employer contributions to HSA account +- Paid parental leave +- Paid life insurance, short-term and long-term disability +- Professional development & tuition reimbursement +- Mental health & wellness support +- Commuter benefits (parking & transit) +- Cell phone stipend +- 401(k) Retirement plan with company match up to 4% of salary +- Volunteer time off + +Compensation Range + +Compensation will be paid in the range of up to $190,000 - $215,000 + Bonus. Restricted Stock Units are included in all offers. Compensation to be determined by the applicants knowledge, education, and abilities, as well as internal equity and alignment with market data. + +Crusoe is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, disability, genetic information, pregnancy, citizenship, marital status, sex/gender, sexual preference/ orientation, gender identity, age, veteran status, national origin, or any other status protected by law or regulation. diff --git a/jobs/imported/ashby/ashby-elevenlabs-03cefd49-972f-45b2-b6c7-9a42d133af0c.md b/jobs/imported/ashby/ashby-elevenlabs-03cefd49-972f-45b2-b6c7-9a42d133af0c.md new file mode 100644 index 0000000..a8bcb78 --- /dev/null +++ b/jobs/imported/ashby/ashby-elevenlabs-03cefd49-972f-45b2-b6c7-9a42d133af0c.md @@ -0,0 +1,82 @@ +--- +title: "Compliance Engineer - APAC" +company: "Elevenlabs" +slug: "ashby-elevenlabs-03cefd49-972f-45b2-b6c7-9a42d133af0c" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/elevenlabs?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/elevenlabs/03cefd49-972f-45b2-b6c7-9a42d133af0c" +apply_url: "https://jobs.ashbyhq.com/elevenlabs/03cefd49-972f-45b2-b6c7-9a42d133af0c/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "Tokyo" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "ISO 27001" +languages: [] +compensation: "" +summary: "About ElevenLabs ElevenLabs is an AI research and product company transforming how we interact with technology. We launched in January 2023 with the first human-like AI voice..." +--- + +## About ElevenLabs + +ElevenLabs is an AI research and product company transforming how we interact with technology. + +We launched in January 2023 with the first human-like AI voice model. Today, we serve millions of users and thousands of businesses - from fast-growing startups to large enterprises like Deutsche Telekom and Meta. Our investors are some of the world's most prominent, including Andreessen Horowitz, ICONIQ Growth and Sequoia. We've raised $781M in funding and our last valuation was $11B - multiples of 11, always. We have expanded from voice into three main platforms: + +- ElevenAgents enables businesses to deliver seamless and intelligent customer experiences, with the integrations, testing, monitoring, and reliability necessary to deploy voice and chat agents at scale. +- ElevenCreative empowers creators and marketers to generate and edit speech, music, image, and video across 70+ languages. +- ElevenAPI gives developers access to our leading AI audio foundational models. + +Everything we do is the result of the creativity and commitment of our team - builders doing the best work of their lives. We are researchers, engineers, and operators. IOI medalists and ex-founders. If you want to work hard and create lasting positive impact, we want to hear from you. + +## How we work + +- High-velocity: Rapid experimentation, lean autonomous teams, and minimal bureaucracy. +- Impact not job titles: We don’t have job titles. Instead, it’s about the impact you have. No task is above or beneath you. +- AI first: We use AI to move faster with higher-quality results. We do this across the whole company—from engineering to growth to operations. +- Excellence everywhere: Everything we do should match the quality of our AI models. +- Global team: We prioritize your talent, not your location. + +## What we offer + +- Innovative culture: You’ll be part of a generational opportunity to define the trajectory of AI, surrounded by a team pushing the boundaries of what’s possible. +- Growth paths: Joining ElevenLabs means joining a dynamic team with countless opportunities to drive impact - beyond your immediate role and responsibilities. +- Learning & development : ElevenLabs proactively supports professional development through an annual discretionary stipend. +- Social travel : We also provide an annual discretionary stipend to meet up with colleagues each year, however you choose. +- Annual company offsite: Each year, we bring the entire team together in a new location - past offsites have included Croatia and Italy. +- Co-working : If you’re not located near one of our main hubs, we offer a monthly co-working stipend. + +## About the Role + +- Collaborating across teams to maintain compliance certifications and frameworks relevant to the APAC region, such as ISO 27001 and regional data protection acts like the Australian Privacy Principles (APP) or Singapore's PDPA. +- Helping to shape ElevenLabs’ Enterprise offering towards regulated industries in the APAC region, such as Finance, Telecommunications, and Government sectors, particularly focusing on opportunities in Australia, New Zealand, and Singapore. +- Building technical documentation to demonstrate our compliance to our customers throughout the stack. +- Assisting the sales team by responding to client security requests and managing compliance-related queries. +- Conduct risk assessments based on CIS or ISO 27000 series frameworks, document findings, and help teams achieve compliance efficiently. +- Enhance compliance as code tooling to automate monitoring, reporting, and reduce friction for other teams to remain compliant. + +### + +## What you bring + +- Experience in completing vendor security assessments and client security questionnaires in regulated industries across the APAC region, such as Government, Defense, and Finance, with an emphasis on Australia, New Zealand, or Singapore. +- Strong technical expertise in managing and executing compliance, with hands-on experience using compliance management tools (e.g. Vanta). +- Proven ability to maintain and acquire certifications while managing audit readiness and documentation. +- Experience collaborating with cross-functional teams (sales, engineering, legal) to effectively communicate compliance requirements and ensure smooth operations. +- Experience with public cloud compliance (AWS, GCP, Azure) and automating compliance in cloud environments. +- Familiarity with integrating compliance tools into CI/CD pipelines to automate monitoring and reporting. + +## Location + +This role is remote-first, so it can be executed from anywhere in APAC, with the ability to operate in GMT+8 to GMT+12 timezones preferred. If you prefer, you can work from our office in Tokyo. diff --git a/jobs/imported/ashby/ashby-elevenlabs-f80d0420-b6e6-4110-940c-293f64b9761e.md b/jobs/imported/ashby/ashby-elevenlabs-f80d0420-b6e6-4110-940c-293f64b9761e.md new file mode 100644 index 0000000..ea3013f --- /dev/null +++ b/jobs/imported/ashby/ashby-elevenlabs-f80d0420-b6e6-4110-940c-293f64b9761e.md @@ -0,0 +1,82 @@ +--- +title: "Compliance Engineer - US" +company: "Elevenlabs" +slug: "ashby-elevenlabs-f80d0420-b6e6-4110-940c-293f64b9761e" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/elevenlabs?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/elevenlabs/f80d0420-b6e6-4110-940c-293f64b9761e" +apply_url: "https://jobs.ashbyhq.com/elevenlabs/f80d0420-b6e6-4110-940c-293f64b9761e/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "New York" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "CMMC" + - "CJIS" +languages: [] +compensation: "" +summary: "About ElevenLabs ElevenLabs is an AI research and product company transforming how we interact with technology. We launched in January 2023 with the first human-like AI voice..." +--- + +## About ElevenLabs + +ElevenLabs is an AI research and product company transforming how we interact with technology. + +We launched in January 2023 with the first human-like AI voice model. Today, we serve millions of users and thousands of businesses - from fast-growing startups to large enterprises like Deutsche Telekom and Meta. Our investors are some of the world's most prominent, including Andreessen Horowitz, ICONIQ Growth and Sequoia. We've raised $781M in funding and our last valuation was $11B - multiples of 11, always. We have expanded from voice into three main platforms: + +- ElevenAgents enables businesses to deliver seamless and intelligent customer experiences, with the integrations, testing, monitoring, and reliability necessary to deploy voice and chat agents at scale. +- ElevenCreative empowers creators and marketers to generate and edit speech, music, image, and video across 70+ languages. +- ElevenAPI gives developers access to our leading AI audio foundational models. + +Everything we do is the result of the creativity and commitment of our team - builders doing the best work of their lives. We are researchers, engineers, and operators. IOI medalists and ex-founders. If you want to work hard and create lasting positive impact, we want to hear from you. + +## How we work + +- High-velocity: Rapid experimentation, lean autonomous teams, and minimal bureaucracy. +- Impact not job titles: We don’t have job titles. Instead, it’s about the impact you have. No task is above or beneath you. +- AI first: We use AI to move faster with higher-quality results. We do this across the whole company—from engineering to growth to operations. +- Excellence everywhere: Everything we do should match the quality of our AI models. +- Global team: We prioritize your talent, not your location. + +## What we offer + +- Innovative culture: You’ll be part of a generational opportunity to define the trajectory of AI, surrounded by a team pushing the boundaries of what’s possible. +- Growth paths: Joining ElevenLabs means joining a dynamic team with countless opportunities to drive impact - beyond your immediate role and responsibilities. +- Learning & development : ElevenLabs proactively supports professional development through an annual discretionary stipend. +- Social travel : We also provide an annual discretionary stipend to meet up with colleagues each year, however you choose. +- Annual company offsite: Each year, we bring the entire team together in a new location - past offsites have included Croatia and Italy. +- Co-working : If you’re not located near one of our main hubs, we offer a monthly co-working stipend. + +## About the Role + +- Collaborating across teams to maintain US Government compliance certifications and frameworks such as GovRAMP, FedRAMP, CJIS and CMMC. +- Helping to shape ElevenLabs’ Enterprise offering towards regulated industries such as Local and State Government, Defense and Finance. +- Building technical documentation to demonstrate our compliance to our customers throughout the stack. +- Assisting the sales team by responding to client security requests and managing compliance-related queries. +- Conduct risk assessments based on CIS or NIST frameworks, document findings, and help teams achieve compliance efficiently. +- Enhance compliance as code tooling to automate monitoring, reporting, and reduce friction for other teams to remain compliant. + +## Requirements + +- Experience in completing vendor security assessments and client security questionnaires in highly regulated industries, such as Government and Defense in the US. +- Strong technical expertise in managing and executing compliance, with hands-on experience using compliance management tools (e.g. Vanta). +- Proven ability to maintain and acquire certifications while managing audit readiness and documentation. +- Experience collaborating with cross-functional teams (sales, engineering, legal) to effectively communicate compliance requirements and ensure smooth operations. +- Experience with public cloud compliance (AWS, GCP, Azure) and automating compliance in cloud environments. +- Familiarity with integrating compliance tools into CI/CD pipelines to automate monitoring and reporting. + +## Location + +This role is remote-first, so it can be executed from anywhere in the United States, with the ability to operate in GMT-5 timezone required. If you prefer, you can work from our offices in New York or San Francisco. diff --git a/jobs/imported/ashby/ashby-hims-and-hers-5526c955-fb96-4277-a93a-f66e322bcfab.md b/jobs/imported/ashby/ashby-hims-and-hers-5526c955-fb96-4277-a93a-f66e322bcfab.md new file mode 100644 index 0000000..67fdff3 --- /dev/null +++ b/jobs/imported/ashby/ashby-hims-and-hers-5526c955-fb96-4277-a93a-f66e322bcfab.md @@ -0,0 +1,118 @@ +--- +title: "Security Compliance Analyst, GRC" +company: "Hims And Hers" +slug: "ashby-hims-and-hers-5526c955-fb96-4277-a93a-f66e322bcfab" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/hims-and-hers?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/hims-and-hers/5526c955-fb96-4277-a93a-f66e322bcfab" +apply_url: "https://jobs.ashbyhq.com/hims-and-hers/5526c955-fb96-4277-a93a-f66e322bcfab/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "US Remote" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "ISO 42001" + - "NIST CSF" + - "NIST AI RMF" +languages: [] +compensation: "" +summary: "Hims & Hers is the leading health and wellness platform, on a mission to help the world feel great through the power of better health. We are redefining healthcare by putting the..." +--- + +Hims & Hers is the leading health and wellness platform, on a mission to help the world feel great through the power of better health. We are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal, from diagnosis to treatment to delivery. No two people are the same, so we provide access to personalized care designed for results. By normalizing health & wellness challenges and innovating on their solutions, we’re making better health outcomes easier to achieve. + +Hims & Hers is a public company, traded on the NYSE under the ticker symbol “HIMS.” To learn more about the brand and offerings, you can visit hims.com/about (http://hims.com/about) and hims.com/how-it-works (http://hims.com/how-it-works) . For information on the company’s outstanding benefits, culture, and its talent-first flexible/remote work approach, see below and visit www.hims.com/careers-professionals (http://www.hims.com/careers-professionals). + +## About the Role: + +We are seeking a Security GRC Analyst to support and mature our governance, risk, and compliance program within a fast-paced healthcare technology environment. This role will partner closely with Security, Engineering, Legal, Privacy, Finance, and AI/ML teams to ensure our systems and processes meet regulatory, privacy, and security standards across domestic and international operations. + +You will help drive risk management initiatives, maintain compliance with globally recognized frameworks, and support audits while enabling the business to scale securely and responsibly, particularly in environments leveraging AI and automated decision-making systems. + +## You Will: + +- Support and maintain security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA +- Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks) +- Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures +- Coordinate and support internal and external audits (e.g., SOX, PCI DSS, SOC 2, ISO, HIPAA) +- Track and manage remediation efforts for identified risks, control gaps, and audit findings +- Support third-party risk management processes, including vendor assessments for AI/ML and data processing providers +- Partner with engineering, data, and AI/ML teams to ensure secure and compliant system and model lifecycle practices +- Maintain and improve GRC tooling (e.g., AuditBoard, Vanta, or similar platforms) +- Monitor regulatory and framework changes (U.S. and international), including emerging AI governance requirements +- Develop and maintain risk registers, control matrices, and compliance documentation +- Conduct risk assessments, including technology, security, privacy, and AI/ML model risk evaluations +- Assist with security, privacy, and responsible AI awareness and training initiatives +- Provide reporting and metrics on risk posture, compliance status, and AI governance maturity + +## You Have: + +- Bachelor’s degree in Cybersecurity, Information Security, Information Technology/Systems, or related field +- 3–5 years of experience in GRC, security compliance, risk management, audit, or related field +- Experience supporting audits and compliance assessments +- Experience with third-party/vendor risk management +- Familiarity with data governance principles (classification, retention, lineage) +- Thorough understanding of risk management methodologies and control frameworks +- Strong communication, documentation, organizational, and analytical skills +- Ability to communicate security, privacy, and AI risk concepts to technical and non-technical stakeholders +- Working knowledge of core frameworks: NIST CSF, PCI DSS, HIPAA, ISO 27001/27002, and global privacy regulations (GDPR, CCPA) +- Foundational understanding of AI/ML systems and associated governance, risk, and compliance considerations (NIST AI RMF, ISO 42001) +- Familiarity with cloud environments (AWS primary, Google Workspace/MS Azure preferred) and modern SaaS architectures +- Experience with GRC tools (AuditBoard, Vanta, Drata, Archer, ServiceNow GRC, or similar) and ticketing/workflow/documentation tools (Jira, Freshservice, Confluence, GitHub, etc.) + +## Preferred Qualifications + +- Professional certifications such as CISA, CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor +- Experience with compliance automation and continuous monitoring +- Experience supporting or implementing ISO 27001 and/or ISO 42001 programs +- Experience operationalizing privacy programs aligned to GDPR and global privacy standards +- Understanding of AI governance frameworks and emerging standards (e.g., NIST AI RMF, ISO 42001) +- Experience working with AI/ML systems lifecycle governance +- Exposure to incident response, particularly involving data privacy or AI-related risks +- Experience in healthcare or other highly regulated industries + +## What We’re Looking For + +- Strong understanding of security, privacy, and AI governance principles +- Ability to balance regulatory requirements with business agility +- Collaborative and cross-functional mindset +- Proactive problem-solver +- Strong communicator + +## Additional Information + +- Remote-friendly position +- Operates in a fast-paced, regulated healthcare environment +- Focus on secure, compliant, and responsible AI-driven growth + +## Our Benefits (there are more but here are some highlights): + +- Competitive salary & equity compensation for full-time roles +- Unlimited PTO, company holidays, and quarterly mental health days +- Comprehensive health benefits including medical, dental & vision, and parental leave +- Employee Stock Purchase Program (ESPP) +- 401k benefits with employer matching contribution +- Offsite team retreats + +We are committed to building a workforce that reflects diverse perspectives and prioritizes ethics, wellness, and a strong sense of belonging. If you're excited about this role, we encourage you to apply—even if you're not sure if your background or experience is a perfect match. + +Hims considers all qualified applicants for employment, including applicants with arrest or conviction records, in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance, the California Fair Chance Act, and any similar state or local fair chance laws. + +It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. + +Hims & Hers is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please contact us at accommodations@forhims.com (mailto:accommodations@forhims.com) and describe the needed accommodation. Your privacy is important to us, and any information you share will only be used for the legitimate purpose of considering your request for accommodation. Hims & Hers gives consideration to all qualified applicants without regard to any protected status, including disability. Please do not send resumes to this email address. + +To learn more about how we collect, use, retain, and disclose Personal Information, please visit our Global Candidate Privacy Statement (https://www.hims.com/global-candidate-privacy-statement). diff --git a/jobs/imported/ashby/ashby-junipersquare-3f47391b-d305-43e0-b84c-7877e09fc633.md b/jobs/imported/ashby/ashby-junipersquare-3f47391b-d305-43e0-b84c-7877e09fc633.md new file mode 100644 index 0000000..055f475 --- /dev/null +++ b/jobs/imported/ashby/ashby-junipersquare-3f47391b-d305-43e0-b84c-7877e09fc633.md @@ -0,0 +1,86 @@ +--- +title: "Head of Fund Administration GRC - India" +company: "Junipersquare" +slug: "ashby-junipersquare-3f47391b-d305-43e0-b84c-7877e09fc633" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/junipersquare?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/junipersquare/3f47391b-d305-43e0-b84c-7877e09fc633" +apply_url: "https://jobs.ashbyhq.com/junipersquare/3f47391b-d305-43e0-b84c-7877e09fc633/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "India" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST RMF" + - "GDPR" + - "CCPA" +languages: [] +compensation: "" +summary: "About Juniper Square Our mission is to unlock the full potential of private markets. Privately owned assets like commercial real estate, private equity, and venture capital make..." +--- + +## About Juniper Square + +Our mission is to unlock the full potential of private markets. Privately owned assets like commercial real estate, private equity, and venture capital make up half of our financial ecosystem yet remain inaccessible to most people. We are digitizing these markets, and as a result, bringing efficiency, transparency, and access to one of the most productive corners of our financial ecosystem. If you care about making the world a better place by making markets work better through technology – all while contributing as a member of a values-driven organization – we want to hear from you. + +Juniper Square offers employees a variety of ways to work, ranging from a fully remote experience to working full-time in one of our physical offices. We invest heavily in digital-first (https://blog.junipersquare.com/juniper-square-ponders-future-of-office-with-digital-first-hybrid-workplace-strategy/) operations, allowing our teams to collaborate effectively across 27 U.S. states, 2 Canadian Provinces, India, Luxembourg, and England. We also have physical offices in San Francisco, New York City, Mumbai and Bangalore for employees who prefer to work in an office some or all of the time. + +# About your Role + +The Head of Fund Administration GRC will be a key contributor to the company's governance, risk and compliance program. This role is responsible for day to day execution and maintenance of the program, ensuring the organization manages the risk effectively and maintain compliance with all relevant laws, regulations and internal policies. This role will help drive a culture of compliance and risk awareness across Fund Administration. + +# What you’ll do + +1. Governance + +- Assist in the development and execution of the GRC strategy aligned with Fund Administration business objectives. +- Help maintain the governance framework, including managing policies, standards, and procedures for risk management and compliance. +- Coordinate with cross-functional teams (e.g., Legal, Fund Administration, IT, Engineering, People Teams, and Internal Audit) to ensure the GRC program is effective. + +2. Risk Management Execution + +- Support the implementation of the enterprise-wide risk management framework. +- Perform risk assessments, monitor, and report on key Compliance and Security risks. +- Execute risk mitigation strategies and track the remediation of identified risks. +- Coordinate other security reviews and assist with vendor risk management. + +3. Compliance Activities + +- Ensure organizational adherence to applicable laws, regulations, and industry standards (e.g., GDPR, CCPA, SOC2, SOC1, ISO 27001, others). +- Support the management of external audits and assessments related to compliance and security. +- Assist in the design and delivery of mandatory GRC training and awareness programs for employees. + +4. Policy and Control Management + +- Help manage the lifecycle of GRC policies, ensuring they are relevant, effective, current, accessible, and enforced. +- Execute the operational effectiveness testing of internal controls. +- Utilize GRC tools and technologies to automate and streamline processes + +# Qualifications + +- Bachelor’s degree in IT, security, or a related field. +- 10+ years of progressive experience in GRC, Internal Audit, Risk Management, or Compliance. +- Strong knowledge of major regulatory frameworks (e.g., SOC, ISO, etc). + +# Preferred Skills + +- Professional certifications such as CISA or similar. +- Security certification CISSP, CCSP, CISM or similar. +- Relevant experience in the Financial Services or technology industry. +- Strong knowledge of NIST, CSA, OWASP, and MITRE ATT&CK. +- Experience in implementing and optimizing GRC technology solutions (e.g., GRC platforms). + +At Juniper Square, we believe building a diverse workforce and an inclusive culture makes us a better company. If you think this job sounds like a fit, we encourage you to apply even if you don’t meet all the qualifications. diff --git a/jobs/imported/ashby/ashby-junipersquare-b66e4c7c-ef37-42fc-939e-6ece4e99b57b.md b/jobs/imported/ashby/ashby-junipersquare-b66e4c7c-ef37-42fc-939e-6ece4e99b57b.md new file mode 100644 index 0000000..666c7ab --- /dev/null +++ b/jobs/imported/ashby/ashby-junipersquare-b66e4c7c-ef37-42fc-939e-6ece4e99b57b.md @@ -0,0 +1,118 @@ +--- +title: "Senior GRC Analyst" +company: "Junipersquare" +slug: "ashby-junipersquare-b66e4c7c-ef37-42fc-939e-6ece4e99b57b" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/junipersquare?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/junipersquare/b66e4c7c-ef37-42fc-939e-6ece4e99b57b" +apply_url: "https://jobs.ashbyhq.com/junipersquare/b66e4c7c-ef37-42fc-939e-6ece4e99b57b/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "USA" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" +languages: + - "Rust" +compensation: "$135,000 - $190,000" +summary: "About Juniper Square Our mission is to unlock the full potential of private markets. Privately owned assets like commercial real estate, private equity, and venture capital make..." +--- + +## About Juniper Square + +Our mission is to unlock the full potential of private markets. Privately owned assets like commercial real estate, private equity, and venture capital make up half of our financial ecosystem yet remain inaccessible to most people. We are digitizing these markets, and as a result, bringing efficiency, transparency, and access to one of the most productive corners of our financial ecosystem. If you care about making the world a better place by making markets work better through technology – all while contributing as a member of a values-driven organization – we want to hear from you. + +Juniper Square offers employees a variety of ways to work, ranging from a fully remote experience to working full-time in one of our physical offices. We invest heavily in digital-first (https://blog.junipersquare.com/juniper-square-ponders-future-of-office-with-digital-first-hybrid-workplace-strategy/) operations, allowing our teams to collaborate effectively across 27 U.S. states, 2 Canadian Provinces, India, Luxembourg, and England. We also have physical offices in San Francisco, New York City, Mumbai and Bangalore for employees who prefer to work in an office some or all of the time. + +## About your role + +As a Senior GRC Analyst, you are responsible for supporting the organization's governance, risk management, and compliance (GRC) program. The ideal candidate will have a strong understanding and experience building scalable, right-sized risk management and compliance processes for a high-growth company. We are looking for someone with strong analytical and problem-solving skills, as well as excellent communication and interpersonal skills. In this role, you will work closely with a broad set of cross-functional stakeholders within the company and should be able to build a rapport and influence towards appropriate risk management outcomes. + +## What you’ll do + +Customer Trust and Assurance + +- Compliance Maintain and onboard existing/new security compliance certifications and frameworks (e.g. SOC2, ISO and others) +- Work with cross-functional teams to procure controls evidence to provide to external auditors timely and issue reports timely. +- Work cross functionally between teams and auditors to ensure a smooth and efficient audit process +- Improve the audit process through automation and controls rationalization year over year +- Monitor and test effectiveness of compliance control health throughout the year; not just during audits +- Serve as a subject matter expert for all things compliance; +- Identify and assess business changes for relevant impacts on compliance posture (e.g. geographical expansion, internal tool replacement, new products) + +- Customer Trust Maintain our trust center by keeping security documents and knowledge base up-to-date +- Support sales teams with open security and privacy questions +- Review incoming security and privacy addendums to customer contracts +- Support customer security and privacy audits +- Work with Sales and Solutions engineering to coach and educate teams on our security and compliance posture + +Governance + +- Policy Management Develop a comprehensive set of security and privacy policies and procedures working with Legal, HR, IT, Engineering. +- Update policies and procedures annually while incorporating stakeholder feedback and obtain approval +- Define and manage incoming policy exceptions on an ongoing basis to manage associated risk + +- Security and Privacy Training and Awareness Develop and implement role and team specific security and privacy training working closely with key business partners. +- Manage the roll-out, escalation and completion of all security and privacy training modules. + +- Phishing Management Manage phishing campaigns on an ongoing basis with appropriate re-training processes baked into the process +- Refine existing phishing reporting processes and integrate this better with our incident management processes + +- GRC Metrics and Reporting Ensure the GRC function meets key performance metrics + +Risk + +- Risk Management Maintain business unit risk registers with existing teams on a monthly basis to appropriately address key risks areas +- Co-develop and coach business units on right-sized and right-scoped risk remediation plans +- Work with cross-functional teams to onboard new business units onto the risk management process + +- Third-Party Risk Management Triage incoming technical security requests for vendor application/system integrations and route to appropriate teams for input. +- Conduct security risk assessments and audits of vendors to evaluate the maturity of their security programs, controls, and documentation. + +## Qualifications + +- Bachelor's degree in information systems, engineering, business, risk management, or a related field +- 5+ years of experience in GRC, security, audit or a related field with past experience in managing a SOC2/ISO 27001 program +- Knowledge of GRC frameworks and regulations +- Experience developing scalable GRC processes +- Ability to work on multiple GRC projects simultaneously +- Ability to partner with stakeholders collaboratively “guardrails” without having a “gated” approach to risk management +- Excellent communication and interpersonal skills + +## Compensation + +Compensation for this position includes a base salary and a variety of benefits. The U.S. base salary range for this role is $135,000 to $190,000. Actual base salaries will be based on candidate-specific factors, including experience, skillset, and location, and local minimum pay requirements as applicable. + +Benefits include: + +- Health, dental, and vision care for you and your family +- Life insurance +- Mental wellness coverage +- Fertility and growing family support +- Flex Time Off in addition to company-paid holidays +- Paid family leave, medical leave, and bereavement leave policies +- Retirement saving plans +- Allowance to customize your work and technology setup at home +- Annual professional development stipend + +Your recruiter can provide additional details about compensation and benefits. + +#experiencedprofessional + +#LI-AM + +#LI-Remote + +#Juniper-US diff --git a/jobs/imported/ashby/ashby-lambda-0ca9bb78-6d6b-4b71-8f77-762f0b16b959.md b/jobs/imported/ashby/ashby-lambda-0ca9bb78-6d6b-4b71-8f77-762f0b16b959.md new file mode 100644 index 0000000..dcd2c21 --- /dev/null +++ b/jobs/imported/ashby/ashby-lambda-0ca9bb78-6d6b-4b71-8f77-762f0b16b959.md @@ -0,0 +1,95 @@ +--- +title: "Senior Security GRC Analyst" +company: "Lambda" +slug: "ashby-lambda-0ca9bb78-6d6b-4b71-8f77-762f0b16b959" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/lambda?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/lambda/0ca9bb78-6d6b-4b71-8f77-762f0b16b959" +apply_url: "https://jobs.ashbyhq.com/lambda/0ca9bb78-6d6b-4b71-8f77-762f0b16b959/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "San Francisco Office" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST CSF" + - "PCI-DSS" + - "CMMC" +languages: + - "Rust" +compensation: "" +summary: "Lambda, The Superintelligence Cloud, is a leader in AI cloud infrastructure serving tens of thousands of customers. Our customers range from AI researchers to enterprises and..." +--- + +Lambda, The Superintelligence Cloud, is a leader in AI cloud infrastructure serving tens of thousands of customers. Our customers range from AI researchers to enterprises and hyperscalers. Lambda's mission is to make compute as ubiquitous as electricity and give everyone the power of superintelligence. One person, one GPU. + +If you'd like to build the world's best AI cloud, join us. + +*Note: This position requires presence in our San Francisco or San Jose office location 4 days per week; Lambda’s designated work from home day is currently Tuesday. + +What You’ll Do + +- Validate and verify the organization's security controls and practices meet the requirements of ISO 27001, 27701, PCI, SOC 2 and other relevant regulatory requirements to ensure alignment to business objectives +- Manage IT Risk Register including risk identification, tracking, and prioritization. +- Assist with and drive remediation of control deficiencies and gaps +- Provide guidance to Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) +- Communicate with technical and non-technical stakeholders and leaders on cybersecurity risk and controls management topics and program-specific reporting +- Assist with the Customer Trust program which may include managing customer assessments, and security questionnaires +- Assist control owners with root cause analysis and track risk management action plan progress. +- Create risk metrics for management regarding information security control maturity, compliance status, risks, performance and findings Assist with the third-party risk management assessment process, ensuring consistent enforcement of information security requirements + +You + +- Have a minimum of 8 years of experience supporting cybersecurity risk or controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001 and 27701, PCI-DSS, SOC, NIST CSF and other regulatory requirements +- Have experience managing and running audits, certification programs and control assessments. This includes but is not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, and mapping issues to risks +- Have experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations +- Possess a strong ability to define, drive and execute a program vision, strategy, approach and milestones in alignment with organization priorities and initiatives + +Nice to Have + +- Experience in the machine learning or computer hardware industry +- Experience with Security by Design and/or Privacy by Design principles +- Experience with standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO 27001 and 27701, and SOX ITGC control frameworks. +- Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems +- Familiarity with using third-party tools such as Audit Board, Whistic, RSA Archer, ServiceNow for third-party risk management +- Certified Information Systems Auditor (CISA) +- Certified Information Security Manager (CISM) +- Certified Information Systems Security Professional (CISSP) +- Certified in Risk and Information Systems Control (CRISC) +- Experience in the AI infrastructure, machine learning and/or computer hardware industry + +Salary Range Information + +The annual salary range for this position has been set based on market data and other factors. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description. + +About Lambda + +- Founded in 2012, with 500+ employees, and growing fast +- Our investors notably include TWG Global, US Innovative Technology Fund (USIT), Andra Capital, SGW, Andrej Karpathy, ARK Invest, Fincadia Advisors, G Squared, In-Q-Tel (IQT), KHK & Partners, NVIDIA, Pegatron, Supermicro, Wistron, Wiwynn, Gradient Ventures, Mercato Partners, SVB, 1517, and Crescent Cove +- We have research papers accepted at top machine learning and graphics conferences, including NeurIPS, ICCV, SIGGRAPH, and TOG +- Our values are publicly available: https://lambda.ai/careers (https://lambda.ai/careers) +- We offer generous cash & equity compensation +- Health, dental, and vision coverage for you and your dependents +- Wellness and commuter stipends for select roles +- 401k Plan with 2% company match (USA employees) +- Flexible paid time off plan that we all actually use + +A Final Note: + +You do not need to match all of the listed expectations to apply for this position. We are committed to building a team with a variety of backgrounds, experiences, and skills. + +Equal Opportunity Employer + +Lambda is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law. diff --git a/jobs/imported/ashby/ashby-monarchmoney-45ce8f3e-1278-4a44-8f92-fed595a6ad1a.md b/jobs/imported/ashby/ashby-monarchmoney-45ce8f3e-1278-4a44-8f92-fed595a6ad1a.md new file mode 100644 index 0000000..f952b15 --- /dev/null +++ b/jobs/imported/ashby/ashby-monarchmoney-45ce8f3e-1278-4a44-8f92-fed595a6ad1a.md @@ -0,0 +1,85 @@ +--- +title: "Security GRC Analyst (Senior/Staff)" +company: "Monarchmoney" +slug: "ashby-monarchmoney-45ce8f3e-1278-4a44-8f92-fed595a6ad1a" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/monarchmoney?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/monarchmoney/45ce8f3e-1278-4a44-8f92-fed595a6ad1a" +apply_url: "https://jobs.ashbyhq.com/monarchmoney/45ce8f3e-1278-4a44-8f92-fed595a6ad1a/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "Remote (US)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "SOC 2" + - "ISO 27001" + - "GDPR" + - "CCPA" +languages: + - "Rust" +compensation: "" +summary: "About Us: Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. Since launching in 2021, we’ve become the..." +--- + +### About Us: + +Monarch is a powerful, all-in-one personal finance platform designed to help make the complexity of finances feel simple again. Since launching in 2021, we’ve become the top-recommended personal finance app by users and experts. Our goal? To take the stress out of finances so our members can focus on what truly matters. + +We are a team of do-ers led by experienced entrepreneurs who are passionate about helping our members reach their financial goals. We are hyper focused on building a product people love and continuing to evolve based on user feedback. + +As a fully remote company (even before COVID!), we welcome applicants from almost anywhere. Our team collaborates synchronously mostly from 9 AM – 2 PM PT and embraces asynchronous work to stay connected across time zones. + +Join us on our mission to transform lives by simplifying money, together. + +The Role: + +Monarch is seeking a Security GRC Analyst (Senior/Staff) to join our Security team during a period of growth. Reporting directly to the Head of Software Infrastructure, you will take point on scaling our compliance program and customer security assurance function; enabling the company to respond to increasing inbound partnership opportunities, onboard vendors safely, and maintain compliance without consuming engineering time. We have a solid foundation (SOC2 Type 2 certified (https://www.reddit.com/r/MonarchMoney/comments/1qj7r1w/monarch_is_officially_soc2_type_2_certified/)), but no dedicated owner within the team. You'll own the day-to-day while building the tooling and workflows to handle increasing volume as we grow. + +What You’ll Do: + +- Scale, automate, and optimize existing GRC, compliance, and customer assurance programs, including security questionnaires, evidence requests, trust center content, and knowledge base. +- Optimize and automate an existing third-party risk program by improving risk signal quality, automating evidence collection, and reducing assessment cycle time. +- Evaluate, implement and maintain GRC tooling (Vanta, Drata, SafeBase, etc.) with a focus on AI-powered automation to minimize operational overhead. +- Mature existing SOC 2 program by strengthening continuous controls monitoring, reducing audit prep effort, and increasing confidence in automated evidence completeness. +- Research, recommend and implement additional frameworks and attestations (ISO 27001, CSA STAR, etc.) to position Monarch as a security leader in personal finance. + +What You’ll Bring: + +- 5+ years operating and scaling mature GRC, compliance, or customer assurance programs in high-growth environments. +- Hands-on experience with customer assurance (security questionnaires, evidence requests, RFPs). +- Hands-on experience with SOC2, CCPA/GDPR compliance and understanding of other frameworks (e.g. ISO 27001). +- Hands-on experience with Continuous Controls Monitoring and compliance automation tools (Vanta, Drata, Oneleet, SafeBase, or similar). +- Strong written communication skills to support internal and external engagements such as customer-facing responses. +- Comfort with ambiguity and building process from scratch. +- Ability to identify process anti-patterns (manual evidence requests, one-off questionnaires, duplicate controls) and replace them with durable, automated solutions. + +Nice to Haves: + +- Fintech or financial services background. +- Familiarity with cloud infrastructure (AWS) and modern SaaS stack. +- Experience in a high-growth startup environment within B2B SaaS. +- Experience leveraging AI tools (Claude, ChatGPT) for GRC workflows. +- Relevant certifications (CISA, CRISC, Security+). +- Experience partnering with IT to implement Corporate Security controls over SaaS, identity and access management (IAM), and endpoint security. + +### Benefits : + +- Work wherever you want! As a fully remote company with no central office, we want you to work wherever you are happiest and most productive. Whether that’s out of your home, a co-working space, or elsewhere. +- Competitive cash and equity compensation in a hyper growth, early stage company 🚀. +- Stipend to set-up your ideal working environment. +- Competitive Benefit Plans for employees based on your location (e.g. in the US we offer: Medical, dental and vision benefits and the ability to contribute to a 401k plan). +- Unlimited PTO. +- 3 day weekend every month! We take off the “First Friday” every month to focus on rest, recuperation, or just having fun! + +We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. diff --git a/jobs/imported/ashby/ashby-notion-d1623131-b5bf-4679-bcc5-49e2df569fd7.md b/jobs/imported/ashby/ashby-notion-d1623131-b5bf-4679-bcc5-49e2df569fd7.md new file mode 100644 index 0000000..8b48600 --- /dev/null +++ b/jobs/imported/ashby/ashby-notion-d1623131-b5bf-4679-bcc5-49e2df569fd7.md @@ -0,0 +1,67 @@ +--- +title: "GRC Senior Analyst" +company: "Notion" +slug: "ashby-notion-d1623131-b5bf-4679-bcc5-49e2df569fd7" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/Notion?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/Notion/d1623131-b5bf-4679-bcc5-49e2df569fd7" +apply_url: "https://jobs.ashbyhq.com/Notion/d1623131-b5bf-4679-bcc5-49e2df569fd7/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "San Francisco, California" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "HIPAA" +languages: + - "Rust" +compensation: "$180,000 - $210,000" +summary: "About Us: Notion helps you build beautiful tools for your life’s work. In today's world of endless apps and tabs, Notion provides one place for teams to get everything done,..." +--- + +# About Us: + +Notion helps you build beautiful tools for your life’s work. In today's world of endless apps and tabs, Notion provides one place for teams to get everything done, seamlessly connecting docs, notes, projects, calendar, and email—with AI built in to find answers and automate work. Millions of users, from individuals to large organizations like Toyota, Figma, and OpenAI, love Notion for its flexibility and choose it because it helps them save time and money. In-person collaboration is essential to Notion's culture. We require all team members to work from our offices on Mondays, Tuesdays, and Thursdays, our designated Anchor Days. Certain teams or positions may require additional in-office workdays. + +# About the Role: + +Millions of people use Notion — and this number is increasing every day. Our users depend on us to deliver a secure, consistent and trustworthy experience, and we value this more than anything. We want to keep building on that trust, while also continuing to amaze our users with the tools they can build in Notion. This is where you come in — partnering with teams across the organization to envision, plan and build Notion's Information Security posture through governance, risk and compliance. + +# What You'll Achieve: + +- Coordinate evidence collection, manage timelines with internal partners, support external auditors for compliance frameworks such as SOX ITGCs, SOC 2 Type II, ISO, HIPAA, and BSI C5. +- Help improve and maintain information security policies, controls, procedures, and standards, for processes, applications, and infrastructure. +- Use and help build custom AI agents and automation to scale and mature our Security GRC programs. For example, automate evidence collection, control monitoring workflows, and reporting. +- Contribute to the development of dashboards and metrics for compliance and audit reporting. +- Implement and expand our continuous control monitoring efforts using our compliance automation tool. +- Identify gaps in our security controls and work with teams across the organization to strengthen them. + +# Skills You'll Need to Bring: + +- Bachelor’s or master’s degree in Computer Science, Information Technology, Management Information Systems, or Cybersecurity, or equivalent practical experience. +- Strong understanding of the governance, risk, and compliance domain and why it matters for organizational security and privacy. +- Familiarity with compliance automation tools (e.g., Anecdotes, Vanta). +- Familiarity with cloud technologies (e.g., AWS, Wiz) and their relationship to risk and compliance. +- Ability to communicate complex ideas clearly to stakeholders. +- A collaborative mindset—you enjoy working cross-functionally to accomplish shared goals and care about learning, growing, and helping others do the same. +- You don’t need to be an AI expert, but you’re curious and willing to adopt AI tools to work smarter and deliver better results. + +# Nice to Haves: + +- Experience (typically 4-5+ years) in the GRC, risk, compliance, or audit domain. +- Working knowledge of Notion and how AI agents can be used to enhance GRC programs. + +We hire talented and passionate people from a variety of backgrounds because we want our global employee base to represent the wide diversity of our customers. If you’re excited about a role but your past experience doesn’t align perfectly with every bullet point listed in the job description, we still encourage you to apply. If you’re a builder at heart, share our company values, and enthusiastic about making software toolmaking ubiquitous, we want to hear from you. Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Notion considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Notion is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please let your recruiter know. Notion is committed to providing highly competitive cash compensation, equity, and benefits. The compensation offered for this role will be based on multiple factors such as location, the role’s scope and complexity, and the candidate’s experience and expertise, and may vary from the range provided below. For roles based in San Francisco or New York City, the estimated base salary range for this role is $180,000 - $210,000 per year. By clicking “Submit Application”, I understand and agree that Notion and its affiliates and subsidiaries will collect and process my information in accordance with Notion’s Global Recruiting Privacy Policy (https://notion.notion.site/Notion-Global-Recruiting-Privacy-Policy-fc3eb4e829354a26a2bb6fd5e289b550?pvs=74) and NYLL 144 (https://notion.notion.site/Ashby-AI-Bias-Audit-2b0efdeead05803bbbfae159ec86c528). + +#LI-Onsite diff --git a/jobs/imported/ashby/ashby-replit-3475841f-c994-4443-b83d-4b8a5b1dd8f2.md b/jobs/imported/ashby/ashby-replit-3475841f-c994-4443-b83d-4b8a5b1dd8f2.md new file mode 100644 index 0000000..7d43809 --- /dev/null +++ b/jobs/imported/ashby/ashby-replit-3475841f-c994-4443-b83d-4b8a5b1dd8f2.md @@ -0,0 +1,128 @@ +--- +title: "GRC Lead (Governance, Risk, and Compliance)" +company: "Replit" +slug: "ashby-replit-3475841f-c994-4443-b83d-4b8a5b1dd8f2" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/replit?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/replit/3475841f-c994-4443-b83d-4b8a5b1dd8f2" +apply_url: "https://jobs.ashbyhq.com/replit/3475841f-c994-4443-b83d-4b8a5b1dd8f2/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "Foster City, CA (Hybrid) In office M,W,F" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "PCI-DSS" + - "HIPAA" +languages: + - "Rust" +compensation: "" +summary: "Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing..." +--- + +Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. + +## About the role + +We are looking for a GRC Lead to serve as the Technical Lead for our compliance and risk management ecosystem. You will architect the systems and processes that automate trust, guiding a team of GRC specialists while partnering deeply across the organization. We need a pragmatic operator who understands that GRC exists to enable the business—balancing rigorous standards with the velocity of a high-growth startup. + +## What You'll Do + +Technical Leadership & Mentorship + +- Team Leadership: Act as the technical anchor for the GRC team. You will mentor GRC analysts and engineers, setting the standard for quality, technical depth, and operational efficiency. +- Program Architecture: Own the technical vision for Replit’s GRC program, moving the team from manual workflows toward "Compliance-as-Code" and automated evidence collection. +- Thought Leadership: Champion a culture of security and privacy across the company, educating teams on why controls exist rather than just enforcing them. + +Cross-Functional Collaboration + +- Engineering & Architecture: Partner with Architects and Engineering Leads to "bake in" compliance requirements early in the design phase. You will translate complex technical implementations into narratives that satisfy frameworks without slowing down development. +- Legal & Privacy: Work closely with Legal Counsel to interpret and implement requirements for Privacy (GDPR, CCPA) and emerging AI-specific regulations (e.g., EU AI Act). +- Sales & GTM: Enable the Sales team by managing the Customer Trust Center and handling complex security questionnaires. You will serve as a subject matter expert in customer calls to build confidence with enterprise prospects. +- Auditor Relationships: Own and cultivate the primary relationship with external auditors. You will serve as the bridge between auditors and internal teams, ensuring requests are reasonable, clear, and relevant to our tech stack. + +Risk Management & Strategic Compliance + +- Risk Register Owner: You will own the Cybersecurity Risk Register . You will be responsible for identifying, quantifying, and tracking risks, distinguishing between theoretical compliance gaps and meaningful business risks. +- Framework Evolution: Manage and evolve our compliance posture across SOC 2, ISO 27001 , and prepare the organization for future certifications in regulated markets (e.g., FedRAMP, ITAR, PCI, HIPAA ). +- Pragmatic Governance: Apply judgment to operate in "gray areas" when appropriate. You will prioritize issues that represent real security or business risk over "compliance theater." + +Automation & Efficiency + +- Control Automation: Drive the shift from manual evidence collection to continuous monitoring. You will identify opportunities to automate audit work, ensuring GRC scales with the business. +- Third-Party Risk: Architect a scalable framework for assessing third-party vendors and AI model providers, ensuring our supply chain remains secure without creating administrative bottlenecks. + +## Required Skills & Experience + +- 8+ years of experience in GRC or Information Security +- Leadership Experience: Proven experience mentoring other GRC professionals or leading complex cross-functional projects. +- Technical Fluency: Ability to speak the language of engineering, cloud (GCP/AWS), and security architecture. You can anticipate how architectural decisions impact risk and compliance. +- Regulatory Breadth: Deep experience with SOC 2, ISO 27001, PCI, HIPPA, and Privacy laws. +- Collaborative Communication: Strong ability to explain risk and tradeoffs to technical (Engineers), legal, and commercial (Sales/Execs) stakeholders. +- Automation Mindset: Experience with GRC automation tools (e.g., Vanta, Drata) and a bias toward reducing manual toil. + +## Bonus Qualifications + +- Familiarity with FedRAMP, ITAR, or AI regulation is a strong plus. + +### What We Value + +- Pragmatism: You distinguish between "checking a box" and reducing risk. You focus on outcomes over optics. +- Business Enablement: You understand that your role is to help Replit sell to the enterprise safely, not to say "no" to innovation. +- Solutions-Oriented Leadership: You are collaborative and low-ego. You prefer fixing root causes and empowering teams over enforcing rigid bureaucracy. +- Clarity: You can take a complex regulation and explain exactly what it means for a specific engineering team in plain English. + +This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday. + +Full-Time Employee Benefits Include: + +💰 Competitive Salary & Equity + +💹 401(k) Program with a 4% match + +⚕️ Health, Dental, Vision and Life Insurance + +🩼 Short Term and Long Term Disability + +🚼 Paid Parental, Medical, Caregiver Leave + +🚗 Commuter Benefits + +📱 Monthly Wellness Stipend + +🧑‍💻 Autonomous Work Environment + +🖥 In Office Set-Up Reimbursement + +🏝 Flexible Time Off (FTO) + Holidays + +🚀 Quarterly Team Gatherings + +☕ In Office Amenities + +Want to learn more about what we are up to? + +- Meet the Replit Agent (https://www.youtube.com/watch?v=IYiVPrxY8-Y) +- Replit: Make an app for that (https://www.youtube.com/watch?v=4zd9hzngFwY) +- Replit Blog (https://blog.replit.com/) +- Amjad TED Talk (https://youtu.be/kCudFI4tcpg?si=l4ViCejV_f2RZkDi) + +Interviewing + Culture at Replit + +- Operating Principles (https://blog.replit.com/operating-principles) +- Reasons not to work at Replit (https://blog.replit.com/reasons-not-to-join-replit) + +To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds. diff --git a/jobs/imported/ashby/ashby-socure-b9dc8d7e-9f0e-40e7-876e-82eedcaa6017.md b/jobs/imported/ashby/ashby-socure-b9dc8d7e-9f0e-40e7-876e-82eedcaa6017.md new file mode 100644 index 0000000..dfca0f5 --- /dev/null +++ b/jobs/imported/ashby/ashby-socure-b9dc8d7e-9f0e-40e7-876e-82eedcaa6017.md @@ -0,0 +1,113 @@ +--- +title: "GRC Analyst – Public Sector" +company: "Socure" +slug: "ashby-socure-b9dc8d7e-9f0e-40e7-876e-82eedcaa6017" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/socure?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/socure/b9dc8d7e-9f0e-40e7-876e-82eedcaa6017" +apply_url: "https://jobs.ashbyhq.com/socure/b9dc8d7e-9f0e-40e7-876e-82eedcaa6017/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "Remote - US" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "NIST 800-53" + - "NIST 800-171" + - "GDPR" + - "CCPA" +languages: + - "OSCAL" + - "Rust" +compensation: "" +summary: "Why Socure? Socure is building the identity trust infrastructure for the digital economy — verifying 100% of good identities in real time and stopping fraud before it starts. The..." +--- + +## Why Socure? + +Socure is building the identity trust infrastructure for the digital economy — verifying 100% of good identities in real time and stopping fraud before it starts. The mission is big, the problems are complex, and the impact is felt by businesses, governments, and millions of people every day. + +We hire people who want that level of responsibility. People who move fast, think critically, act like owners, and care deeply about solving customer problems with precision. If you want predictability or narrow scope, this won’t be your place. If you want to help build the future of identity with a team that holds a high bar for itself — keep reading. + +# About the role + +Socure is seeking an Analyst, GRC – Public Sector to execute and enhance the company’s governance, risk, and compliance operations for its public sector business. Reporting to the Director of GRC – Public Sector, this role drives measurable improvements in compliance efficiency and audit readiness by managing vulnerability remediation, continuous monitoring, access oversight, and evidence preparation that allow Socure to meet the rigorous standards of FedRAMP, GovRAMP, and related frameworks. The Analyst collaborates across Security, Engineering, IT, DevOps, Product, Legal, and other teams to operationalize regulatory requirements, automate workflows, and offers the opportunity to shape the GRC strategy for Socure’s fast-growing public sector business. + +# What you'll do + +### Compliance & Certification Management + +- Day-to-day coordination and execution of external Third Party Assessment Organization (3PAO) assessments and responding to auditor requests for evidence and documentation. +- Maintain and update FedRAMP and GovRAMP controls and documentation in alignment with organizational and regulatory requirements, including controls aligned with NIST SP 800-53 rev 5 and other related frameworks. +- Prepare certification and authorization packages and maintain related documentation such as the System Security Plan (SSP) and associated appendices. + +### Continuous Monitoring & Vulnerability Management + +- Lead the day-to-day FedRAMP continuous monitoring process including vulnerability management lifecycle, from identification through remediation and verification, coordinating with Security, Engineering, and DevOps teams to address issues identified with tools such as Wiz, Burp Suite, AWS native services, and other platforms and resolve issues within FedRAMP and GovRAMP timelines. +- Coordinate recurring continuous monitoring compliance activities such as access reviews, incident response exercises, and contingency plan testing. + +### Access Management & Training + +- Oversee access controls for FedRAMP environments, including access requests, least privilege reviews and role-based access control validation and quarterly access certifications. +- Design, implement and deliver FedRAMP training programs to promote compliance awareness +- Create and manage automated workflows to improve efficiency. + +### Audit & Assessment Readiness + +- Maintain compliance evidence repositories. audit preparation materials, and reporting artifacts. +- Conduct internal reviews of logged events and control activities, escalating issues or gaps to the Director of GRC and provide status updates and reports highlighting trends, risks, and remediation progress. + +### Process Improvement & Collaboration + +- Collaborate with the Director of GRC to design and implement AI-enabled compliance workflows, leveraging automation tools to streamline evidence generation, reporting, and audit readiness +- Support the development, rollout, and maintenance of machine-readable compliance documentation (e.g., OSCAL or comparable structured formats) to facilitate interoperability +- Partner with automation and engineering teams to integrate structured compliance data into Socure’s broader risk management and monitoring ecosystem including vulnerability remediation, access requests, and compliance reporting. +- Monitor regulatory and industry trends for potential impacts to compliance strategy. + +### Public Sector Sales & Customer Engagement + +- Serve as a security subject matter expert for public sector sales activities, including prospect briefings, RFP/RFQ responses, contract negotiations, and integration discussions. +- Support development of external communications such as press releases and customer-facing materials related to security certifications and authorizations. + +### Monitor Evolving Requirements + +- Monitor new and evolving requirements and perform gap analyses including Updates to applicable NIST Special Publications and other government standards +- Contract security requirements from new customers +- Updates to the FedRAMP Program requirements and processes as the program evolves + +- Provide input to standards bodies on evolving standards when applicable + +# What you'll bring + +- 5+ years of cybersecurity or identity management experience, including 1+ year in the public sector. +- Direct experience with FedRAMP, GovRAMP, and NIST frameworks (800-53, 800-63, 800-171). +- Proven ability to manage continuous monitoring, vulnerability remediation, and compliance reporting. +- Experience using AI tools (e.g., ChatGPT, Glean, Gemini) and machine-readable formats (e.g., OSCAL) to automate and streamline compliance processes. +- Strong communication, organization, and collaboration skills with the ability to manage multiple priorities. +- Ability to adapt to changing requirements +- Must be a U.S. Person (U.S. Citizens or U.S. Permanent Residents) residing in the United States and be able to obtain a U.S. OPM NACI clearance. + +### Preferred Qualifications + +- Experience in regulated industries (e.g., financial services, healthcare) and knowledge of privacy and compliance frameworks such as GDPR, CCPA, and key NIST standards. +- Professional certifications preferred (CISSP, CISM, CISA, IAPP). +- Proven success leading certification and compliance initiatives (FedRAMP, GovRAMP, NIST 800-63/171) +- Skilled in continuous monitoring, vulnerability management, policy updates, and audit coordination across cross-functional teams. +- Strong understanding of evolving cybersecurity standards and digital identity regulations, with the ability to translate them into practical risk and compliance improvements. + +Socure is an equal opportunity employer that values diversity in all its forms within our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you need an accommodation during any stage of the application or hiring process—including interview or onboarding support—please reach out to your Socure recruiting partner directly. + +Follow Us! + +YouTube (https://www.youtube.com/c/Socure) | LinkedIn (https://www.linkedin.com/company/socure/) | X (Twitter) (https://x.com/socureme) | Facebook (https://www.facebook.com/socure/) diff --git a/jobs/imported/ashby/ashby-writer-2702b1ce-58ce-4884-bc43-b47cc1bc1f23.md b/jobs/imported/ashby/ashby-writer-2702b1ce-58ce-4884-bc43-b47cc1bc1f23.md new file mode 100644 index 0000000..9fa5c72 --- /dev/null +++ b/jobs/imported/ashby/ashby-writer-2702b1ce-58ce-4884-bc43-b47cc1bc1f23.md @@ -0,0 +1,81 @@ +--- +title: "Security specialist, GRC (UK)" +company: "Writer" +slug: "ashby-writer-2702b1ce-58ce-4884-bc43-b47cc1bc1f23" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/writer?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/writer/2702b1ce-58ce-4884-bc43-b47cc1bc1f23" +apply_url: "https://jobs.ashbyhq.com/writer/2702b1ce-58ce-4884-bc43-b47cc1bc1f23/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "London, UK" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "GDPR" + - "CCPA" +languages: + - "Rust" +compensation: "" +summary: "🚀 About WRITER WRITER is where the world's leading enterprises orchestrate AI-powered work. Our vision is to expand human capacity through superintelligence. And we're proving..." +--- + +## 🚀 About WRITER + +WRITER is where the world's leading enterprises orchestrate AI-powered work. Our vision is to expand human capacity through superintelligence. And we're proving it's possible – through powerful, trustworthy AI that unites IT and business teams together to unlock enterprise-wide transformation. With WRITER's end-to-end platform, hundreds of companies like Mars, Marriott, Uber, and Vanguard are building and deploying AI agents that are grounded in their company's data and fueled by WRITER's enterprise-grade LLMs. Valued at $1.9B and backed by industry-leading investors including Premji Invest, Radical Ventures, and ICONIQ Growth, WRITER is rapidly cementing its position as the leader in enterprise generative AI. + +Founded in 2020 with office hubs in San Francisco, New York City, Austin, Chicago, and London, our team thinks big and moves fast, and we're looking for smart, hardworking builders and scalers to join us on our journey to create a better future of work with AI. + +## 📐 About the role + +This is your chance to shape AI governance from the ground up at one of the fastest-growing companies in enterprise AI. As a security specialist, GRC at WRITER, you'll be building the frameworks that ensure our AI platform earns and keeps the trust of the world's most demanding enterprises. You're not just checking boxes—you're creating the compliance infrastructure that enables WRITER to scale safely and securely while moving at the speed of innovation. + +The opportunity here is extraordinary: you'll work at the intersection of AI, security, and business enablement, helping define what governance looks like for enterprise AI systems that didn't exist a few years ago. You'll lead audit engagements for SOC 2, ISO 27001, and other critical certifications, respond to customer security assessments that directly impact major deals, and build the policies and controls that protect both our AI models and the sensitive data flowing through them. You'll translate complex regulatory requirements into practical, business-aligned security controls while partnering with Engineering, Legal, Product, and Sales to ensure WRITER can sell into highly regulated industries without compromising our velocity. + +This role is hybrid from our London office, reporting to the head of security. + +## 🦸🏻‍♀️ What you'll do + +- Own and drive WRITER's security compliance program end-to-end including managing SOC 2 Type II audits, ISO Triad (27001/27701/42001) certification, and expanding our compliance coverage to meet emerging customer requirements in regulated industries like financial services and healthcare +- Lead customer assurance efforts by responding to security questionnaires, DDQs, and RFPs from enterprise customers, maintaining our trust portal with up-to-date security documentation, and partnering with Sales to remove security blockers that could delay major deals +- Build and maintain WRITER's security governance framework including creating and updating security policies, access control standards, vendor risk procedures, incident response plans, and AI-specific governance documentation that addresses model training, data handling, and responsible AI deployment +- Conduct continuous control monitoring and evidence collection by implementing automated compliance workflows, tracking remediation activities across teams, performing control testing, and ensuring we maintain audit-ready documentation throughout the year instead of scrambling before audits +- Drive risk assessments and third-party vendor security reviews by evaluating supplier controls, identifying and quantifying security risks across our AI platform and infrastructure, and working cross-functionally to prioritize and track remediation efforts +- Partner with Engineering and Product teams to embed compliance into the development lifecycle by reviewing architecture decisions for security and privacy implications, ensuring secure-by-design principles are followed for new AI features, and translating regulatory requirements into technical controls that developers can actually implement +- Serve as the primary point of contact for external auditors and assessors, coordinating evidence collection, scheduling interviews, addressing findings, and ensuring audit processes run smoothly while minimizing disruption to the broader team + +## ⭐️ What you need + +- 2+ years of hands-on experience in GRC, security compliance, or audit roles within fast-paced tech companies or startups—you understand how to build compliance programs that enable growth rather than slow it down +- Deep working knowledge of security frameworks and certifications including SOC 2 Type II, ISO 27001, GDPR, CCPA, and familiarity with emerging AI governance requirements—you've led audits from planning through certification and can speak confidently about control requirements +- Strong technical literacy that allows you to evaluate cloud security architectures, understand API security, review access control implementations, and have credible conversations with engineers about security controls—you don't need to write code but you need to understand how systems work +- Excellent project management abilities with the skill to juggle multiple audits, customer questionnaires, policy updates, and remediation initiatives simultaneously while keeping stakeholders informed and projects moving forward without constant oversight +- Outstanding communication skills that enable you to explain complex compliance requirements in clear, actionable language to technical and non-technical audiences alike—you can craft policies that engineers will actually follow and present risk scenarios that executives will understand +- Natural curiosity about AI governance and emerging regulatory landscape including AI-specific frameworks, model risk management, data privacy implications of AI training, and responsible AI principles—you're excited to help define best practices in an evolving space +- Alignment with WRITER's values of Connect (building trusted relationships with customers, auditors, and cross-functional teams), Challenge (pushing beyond checkbox compliance to create governance that truly reduces risk), and Own (taking full accountability for WRITER's security posture and customer trust) + +## 🍩 Benefits & perks (UK full-time employees): + +- Generous PTO, plus company holidays +- Comprehensive medical and dental insurance +- Paid parental leave for all parents (12 weeks) +- Fertility and family planning support +- Early-detection cancer testing through Galleri (https://www.galleri.com/partner/writer) +- Competitive pension scheme and company contribution +- Annual work-life stipends for: Wellness stipend for gym, massage/chiropractor, personal training, etc. +- Learning and development stipend + +- Company-wide off-sites and team off-sites +- Competitive compensation and company stock options diff --git a/jobs/imported/ashby/ashby-writer-5d7cf717-bfdc-4695-b49e-894786850d5d.md b/jobs/imported/ashby/ashby-writer-5d7cf717-bfdc-4695-b49e-894786850d5d.md new file mode 100644 index 0000000..1327258 --- /dev/null +++ b/jobs/imported/ashby/ashby-writer-5d7cf717-bfdc-4695-b49e-894786850d5d.md @@ -0,0 +1,86 @@ +--- +title: "Security specialist, GRC" +company: "Writer" +slug: "ashby-writer-5d7cf717-bfdc-4695-b49e-894786850d5d" +status: "published" +source: "Ashby" +sources: + - "Ashby" +source_url: "https://api.ashbyhq.com/posting-api/job-board/writer?includeCompensation=true" +role_url: "https://jobs.ashbyhq.com/writer/5d7cf717-bfdc-4695-b49e-894786850d5d" +apply_url: "https://jobs.ashbyhq.com/writer/5d7cf717-bfdc-4695-b49e-894786850d5d/application" +posted_date: "2026-04-10" +expires_date: "2026-05-10" +location: "New York City, NY" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "GDPR" + - "CCPA" +languages: + - "Rust" +compensation: "" +summary: "🚀 About WRITER WRITER is where the world's leading enterprises orchestrate AI-powered work. Our vision is to expand human capacity through superintelligence. And we're proving..." +--- + +## 🚀 About WRITER + +WRITER is where the world's leading enterprises orchestrate AI-powered work. Our vision is to expand human capacity through superintelligence. And we're proving it's possible – through powerful, trustworthy AI that unites IT and business teams together to unlock enterprise-wide transformation. With WRITER's end-to-end platform, hundreds of companies like Mars, Marriott, Uber, and Vanguard are building and deploying AI agents that are grounded in their company's data and fueled by WRITER's enterprise-grade LLMs. Valued at $1.9B and backed by industry-leading investors including Premji Invest, Radical Ventures, and ICONIQ Growth, WRITER is rapidly cementing its position as the leader in enterprise generative AI. + +Founded in 2020 with office hubs in San Francisco, New York City, Austin, Chicago, and London, our team thinks big and moves fast, and we're looking for smart, hardworking builders and scalers to join us on our journey to create a better future of work with AI. + +## 📐 About the role + +This is your chance to shape AI governance from the ground up at one of the fastest-growing companies in enterprise AI. As a security specialist, GRC at WRITER, you'll be building the frameworks that ensure our AI platform earns and keeps the trust of the world's most demanding enterprises. You're not just checking boxes—you're creating the compliance infrastructure that enables WRITER to scale safely and securely while moving at the speed of innovation. + +The opportunity here is extraordinary: you'll work at the intersection of AI, security, and business enablement, helping define what governance looks like for enterprise AI systems that didn't exist a few years ago. You'll lead audit engagements for SOC 2, ISO 27001, and other critical certifications, respond to customer security assessments that directly impact major deals, and build the policies and controls that protect both our AI models and the sensitive data flowing through them. You'll translate complex regulatory requirements into practical, business-aligned security controls while partnering with Engineering, Legal, Product, and Sales to ensure WRITER can sell into highly regulated industries without compromising our velocity. + +This role is hybrid from our San Francisco or New York City offices, reporting to the head of security. + +## 🦸🏻‍♀️ What you'll do + +- Own and drive WRITER's security compliance program end-to-end including managing SOC 2 Type II audits, ISO Triad (27001/27701/42001) certification, and expanding our compliance coverage to meet emerging customer requirements in regulated industries like financial services and healthcare +- Lead customer assurance efforts by responding to security questionnaires, DDQs, and RFPs from enterprise customers, maintaining our trust portal with up-to-date security documentation, and partnering with Sales to remove security blockers that could delay major deals +- Build and maintain WRITER's security governance framework including creating and updating security policies, access control standards, vendor risk procedures, incident response plans, and AI-specific governance documentation that addresses model training, data handling, and responsible AI deployment +- Conduct continuous control monitoring and evidence collection by implementing automated compliance workflows, tracking remediation activities across teams, performing control testing, and ensuring we maintain audit-ready documentation throughout the year instead of scrambling before audits +- Drive risk assessments and third-party vendor security reviews by evaluating supplier controls, identifying and quantifying security risks across our AI platform and infrastructure, and working cross-functionally to prioritize and track remediation efforts +- Partner with Engineering and Product teams to embed compliance into the development lifecycle by reviewing architecture decisions for security and privacy implications, ensuring secure-by-design principles are followed for new AI features, and translating regulatory requirements into technical controls that developers can actually implement +- Serve as the primary point of contact for external auditors and assessors, coordinating evidence collection, scheduling interviews, addressing findings, and ensuring audit processes run smoothly while minimizing disruption to the broader team + +## ⭐️ What you need + +- 2+ years of hands-on experience in GRC, security compliance, or audit roles within fast-paced tech companies or startups—you understand how to build compliance programs that enable growth rather than slow it down +- Deep working knowledge of security frameworks and certifications including SOC 2 Type II, ISO 27001, GDPR, CCPA, and familiarity with emerging AI governance requirements—you've led audits from planning through certification and can speak confidently about control requirements +- Strong technical literacy that allows you to evaluate cloud security architectures, understand API security, review access control implementations, and have credible conversations with engineers about security controls—you don't need to write code but you need to understand how systems work +- Excellent project management abilities with the skill to juggle multiple audits, customer questionnaires, policy updates, and remediation initiatives simultaneously while keeping stakeholders informed and projects moving forward without constant oversight +- Outstanding communication skills that enable you to explain complex compliance requirements in clear, actionable language to technical and non-technical audiences alike—you can craft policies that engineers will actually follow and present risk scenarios that executives will understand +- Natural curiosity about AI governance and emerging regulatory landscape including AI-specific frameworks, model risk management, data privacy implications of AI training, and responsible AI principles—you're excited to help define best practices in an evolving space +- Alignment with WRITER's values of Connect (building trusted relationships with customers, auditors, and cross-functional teams), Challenge (pushing beyond checkbox compliance to create governance that truly reduces risk), and Own (taking full accountability for WRITER's security posture and customer trust) + +🍩 Benefits & perks (US Full-time employees) + +- Generous PTO, plus company holidays +- Medical, dental, and vision coverage for you and your family +- Paid parental leave for all parents (12 weeks) +- Fertility and family planning support +- Early-detection cancer testing through Galleri (https://www.galleri.com/partner/writer) +- Flexible spending account and dependent FSA options +- Health savings account for eligible plans with company contribution +- Annual work-life stipends for: Wellness stipend for gym, massage/chiropractor, personal training, etc. +- Learning and development stipend + +- Company-wide off-sites and team off-sites +- Competitive compensation, company stock options and 401k + +WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. + +By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice (https://writer.com/legal/candidate-privacy-notice/). diff --git a/jobs/imported/greenhouse/greenhouse-andurilindustries-5087188007-senior-compliance-engineer.md b/jobs/imported/greenhouse/greenhouse-andurilindustries-5087188007-senior-compliance-engineer.md new file mode 100644 index 0000000..74685ba --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-andurilindustries-5087188007-senior-compliance-engineer.md @@ -0,0 +1,174 @@ +--- +title: "Senior Compliance Engineer" +company: "Andurilindustries" +slug: "greenhouse-andurilindustries-5087188007-senior-compliance-engineer" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/andurilindustries/jobs?content=true" +role_url: "https://boards.greenhouse.io/andurilindustries/jobs/5087188007?gh_jid=5087188007" +apply_url: "https://boards.greenhouse.io/andurilindustries/jobs/5087188007?gh_jid=5087188007" +posted_date: "2026-04-09" +expires_date: "2026-05-09" +location: "Costa Mesa, California, United States" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "NIST 800-53" + - "NIST 800-171" + - "CMMC" +languages: + - "Python" + - "Terraform" + - "Rust" +compensation: "" +summary: "Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise,..." +--- + +

Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century’s most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril’s family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years.

ABOUT THE TEAM

+

The Corporate Assurance Team manages enterprise cybersecurity governance, risk, and compliance (GRC) by implementing and operationalizing global compliance frameworks across Anduril's corporate and product environments. The team serves as the bridge between regulatory requirements and engineering execution, ensuring that Anduril's rapidly evolving technology stack meets the highest standards of security and compliance.

+

ABOUT THE JOB

+

The Compliance Engineer is a technically hands-on role responsible for driving automation, compliance, and security engineering principles into the design, integration, and operation of Anduril's internal systems. This individual will be instrumental in securing Anduril's software development process by translating complex compliance requirements into scalable, automated, and developer-friendly solutions.

+

The ideal candidate brings a strong DevSecOps background with deep expertise in cloud infrastructure security, embedded systems security, and federal compliance frameworks. They are equally comfortable writing Terraform modules as they are interpreting NIST controls, and they thrive at the intersection of security policy and engineering execution.

+

This is not a paperwork-driven compliance role. This is a builder's role. You will architect and automate compliance infrastructure that enables Anduril's engineering teams to deploy secure, compliant applications by default — removing bottlenecks rather than creating them.

+

WHY THIS ROLE MATTERS

+

At Anduril, compliance is not a checkbox — it is an engineering discipline. The Compliance Engineer plays a critical role in ensuring that Anduril can move fast without compromising the security and regulatory posture required to serve national defense missions. By building compliance into the foundation of our infrastructure, you will directly enable engineering teams to focus on what they do best: building transformative technology that protects those who protect us.

+

KEY RESPONSIBILITIES

+

Infrastructure & Automation

+ +

Compliance Engineering & Framework Implementation

+ +

Cross-Functional Collaboration & Enablement

+ +

Strategic & Advisory

+ +

REQUIRED QUALIFICATIONS

+

Education & Experience

+ +

Technical Skills

+ +

Soft Skills & Competencies

+ +

Eligibility

+ +

PREFERRED QUALIFICATIONS

+
US Salary Range
$146,000$194,000 USD

The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package. Additionally, Anduril offers top-tier benefits for full-time employees, including: 

+

Healthcare Benefits 

+ +

Additional Benefits 

+ +

Retirement Savings Plan 

+ +

The recruiter assigned to this role can share more information about the specific compensation and benefit details associated with this role during the hiring process. 

+

 

+
+

Protecting Yourself from Recruitment Scams

+

Anduril is committed to maintaining the integrity of our Talent acquisition process and the security of our candidates. We've observed a rise in sophisticated phishing and fraudulent schemes where individuals impersonate Anduril representatives, luring job seekers with false interviews or job offers. These scammers often attempt to extract payment or sensitive personal information.

+
+
+

To ensure your safety and help you navigate your job search with confidence, please keep the following critical points in mind:

+
    +
  • +

    No Financial Requests: Anduril will never solicit payment or demand personal financial details (such as banking information, credit card numbers, or social security numbers) at any stage of our hiring process. Our legitimate recruitment is entirely free for candidates.

    +
    • +
  • Please always verify communications: +
      +
    • Direct from Anduril: If you receive an email from one of our recruiters, it will only come from an @anduril.com address.
      • +
    • Via Agency Partner: If contacted by a recruiting agency for an Anduril role, their email will clearly identify their agency. If you suspect any suspicious activity, please verify the agency's authenticity by reaching out to contact@anduril.com
      • +
    +
    • +
  • +

    Exercise Caution with Unsolicited Outreach: If you receive any communication that appears suspicious, contains grammatical errors, or makes unusual requests, do not engage. Always confirm the sender's email domain is @anduril.com before providing any personal information or clicking on links.

    +
    • +
  • +

    What to Do If You Suspect Fraud: Should you encounter any questionable or fraudulent outreach claiming to be from Anduril, please report it immediately to contact@anduril.com. Your proactive caution is invaluable in protecting your personal information and upholding the security and trustworthiness of our recruitment efforts.

    +
    • +
+
+

Data Privacy

+

To view Anduril's candidate data privacy policy, please visit https://anduril.com/applicant-privacy-notice/. 

diff --git a/jobs/imported/greenhouse/greenhouse-anthropic-4980335008-grc-automation-engineering-lead.md b/jobs/imported/greenhouse/greenhouse-anthropic-4980335008-grc-automation-engineering-lead.md new file mode 100644 index 0000000..5978587 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-anthropic-4980335008-grc-automation-engineering-lead.md @@ -0,0 +1,84 @@ +--- +title: "GRC Automation Engineering Lead " +company: "Anthropic" +slug: "greenhouse-anthropic-4980335008-grc-automation-engineering-lead" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/anthropic/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/anthropic/jobs/4980335008" +apply_url: "https://job-boards.greenhouse.io/anthropic/jobs/4980335008" +posted_date: "2026-04-01" +expires_date: "2026-05-01" +location: "San Francisco, CA | New York City, NY | Seattle, WA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "HIPAA" +languages: + - "Python" + - "Terraform" + - "Rust" +compensation: "" +summary: "About Anthropic Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole...." +--- + +

About Anthropic

+

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Role

+

We are seeking a GRC Automation Lead to join our GRC organization and build the technical foundation for how we scale our risk and compliance programs. In this role, you will lead the team that designs and implements automated workflows, data pipelines, and integrations that transform manual compliance processes into scalable engineering systems. 

+

This is a greenfield opportunity to establish the team, architecture, and integrations that will define how we approach governance, risk, and compliance at Anthropic. The core challenge is a data problem: compliance information lives across dozens of systems—cloud infrastructure, identity providers, HR platforms, ticketing tools, code repositories—and your job is to design systems that bring it together, normalize it, and make it actionable. Success in this role comes from understanding how systems connect and how data flows between them, not from writing code yourself.

+

At Anthropic, you'll also have a unique advantage: the ability to design AI-powered workflows where Claude acts as an extension of your team, handling tasks that would traditionally require additional headcount or manual effort. You'll need ingenuity to identify where agentic AI can accelerate evidence collection, interpret unstructured data, triage compliance gaps, and augment human judgment in risk assessments. Working closely with Security, IT, and Engineering teams, you'll translate compliance and regulatory requirements into solutions that support audit programs including SOC 2, ISO, HIPAA, and FedRAMP, building systems that combine traditional automation with AI capabilities to achieve scale that wouldn't otherwise be possible.

+

Responsibilities: 

+ +

You may be a good fit if you:

+ +

Strong candidates may have:

+ +

Deadline to apply: None, applications will be received on a rolling basis.

The annual compensation range for this role is listed below. 

+

For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role.

Annual Salary:
$405,000$405,000 USD

Logistics

+

Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience

+

Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience

+

Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position

+

Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

+

Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

+

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed.  Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

+

How we're different

+

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

+

The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.

+

Come work with us!

+

Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

diff --git a/jobs/imported/greenhouse/greenhouse-anthropic-5160757008-security-risk-and-compliance-hipaa.md b/jobs/imported/greenhouse/greenhouse-anthropic-5160757008-security-risk-and-compliance-hipaa.md new file mode 100644 index 0000000..5119a2b --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-anthropic-5160757008-security-risk-and-compliance-hipaa.md @@ -0,0 +1,87 @@ +--- +title: "Security Risk & Compliance, HIPAA" +company: "Anthropic" +slug: "greenhouse-anthropic-5160757008-security-risk-and-compliance-hipaa" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/anthropic/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/anthropic/jobs/5160757008" +apply_url: "https://job-boards.greenhouse.io/anthropic/jobs/5160757008" +posted_date: "2026-04-01" +expires_date: "2026-05-01" +location: "San Francisco, CA | New York City, NY | Seattle, WA; Washington, DC" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "HIPAA" + - "HITRUST" +languages: + - "Rust" +compensation: "" +summary: "About Anthropic Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole...." +--- + +

About Anthropic

+

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About that Role

+

As part of the Anthropic security department, the compliance team owns understanding security and AI safety expectations, as established by regulators, customers, and (nascent) industry norms — which we also seek to influence. The compliance team uses this understanding to provide direction to internal partners on the priorities of security and safety requirements they must meet. The compliance team demonstrates adherence to security expectations through credential attainment, the establishment of assurance and oversight mechanisms, and direct engagement with auditors, customers, and partners.

+

This opportunity is unique. Anthropic is expanding HIPAA coverage across its product portfolio — including Claude Code, the Claude Developer Platform, and Claude Cowork — and we need to build the compliance infrastructure to match that expansion. We are looking for someone to own HIPAA compliance operations end-to-end, not just advise on it.

+

Responsibilities:

+ +

You may be a good fit if you:

+ +

Strong candidates may also:

+ +

Candidates need not have:

+ +

Deadline to Apply: None, applications will be received on a rolling basis.

The annual compensation range for this role is listed below. 

+

For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role.

Annual Salary:
$255,000$270,000 USD

Logistics

+

Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience

+

Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience

+

Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position

+

Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

+

Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

+

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed.  Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

+

How we're different

+

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

+

The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.

+

Come work with us!

+

Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

diff --git a/jobs/imported/greenhouse/greenhouse-appliedintuition-4672836005-risk-and-compliance-lead.md b/jobs/imported/greenhouse/greenhouse-appliedintuition-4672836005-risk-and-compliance-lead.md new file mode 100644 index 0000000..b612766 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-appliedintuition-4672836005-risk-and-compliance-lead.md @@ -0,0 +1,68 @@ +--- +title: "Risk and Compliance Lead " +company: "Appliedintuition" +slug: "greenhouse-appliedintuition-4672836005-risk-and-compliance-lead" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/appliedintuition/jobs?content=true" +role_url: "https://boards.greenhouse.io/appliedintuition/jobs/4672836005?gh_jid=4672836005" +apply_url: "https://boards.greenhouse.io/appliedintuition/jobs/4672836005?gh_jid=4672836005" +posted_date: "2026-04-09" +expires_date: "2026-05-09" +location: "Sunnyvale, California, United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" +languages: + - "Rust" +compensation: "$160,000 - $190,000" +summary: "About Applied Intuition Applied Intuition, Inc. is powering the future of physical AI. Founded in 2017 and now valued at $15 billion, the Silicon Valley company is creating the..." +--- + +

About Applied Intuition

+
Applied Intuition, Inc. is powering the future of physical AI. Founded in 2017 and now valued at $15 billion, the Silicon Valley company is creating the digital infrastructure needed to bring intelligence to every moving machine on the planet. Applied Intuition services the automotive, defense, trucking, construction, mining and agriculture industries in three core areas: tools and infrastructure, operating systems, and autonomy. Eighteen of the top 20 global automakers, as well as the United States military and its allies, trust the company’s solutions to deliver physical intelligence. Applied Intuition is headquartered in Sunnyvale, California, with offices in Washington, D.C.; San Diego; Ft. Walton Beach, Florida; Ann Arbor, Michigan; London; Stuttgart; Munich; Stockholm; Bangalore; Seoul; and Tokyo. Learn more at applied.co.
+

We are an in-office company, and our expectation is that employees primarily work from their Applied Intuition office 5 days a week. However, we also recognize the importance of flexibility and trust our employees to manage their schedules responsibly. This may include occasional remote work, starting the day with morning meetings from home before heading to the office, or leaving earlier when needed to accommodate family commitments.

About the role

+

We are looking for a multifaceted Risk and Compliance Lead to lead our security compliance initiatives across the organization. You will be responsible for ensuring adequate security controls to identify and mitigate risk across the organization. Additionally, you will collaborate with legal, engineering, operations and customers, as necessary, to ensure the state of compliance is well communicated.

+

At Applied Intuition, you will:

+ +

We're looking for someone who has:

+ +

Nice to have:

+ +

Compensation at Applied Intuition for eligible roles includes base salary, equity, and benefits. Base salary is a single component of the total compensation package, which may also include equity in the form of options and/or restricted stock units, comprehensive health, dental, vision, life and disability insurance coverage, 401k retirement benefits with employer match, learning and wellness stipends, and paid time off. Note that benefits are subject to change and may vary based on jurisdiction of employment.

+

Applied Intuition pay ranges reflect the minimum and maximum intended target base salary for new hire salaries for the position. The actual base salary offered to a successful candidate will additionally be influenced by a variety of factors including experience, credentials & certifications, educational attainment, skill level requirements, interview performance, and the level and scope of the position.

+

Please reference the job posting’s subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the location listed is: $160,000 - $190,000 USD annually. 

Don’t meet every single requirement? If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.

+

Applied Intuition is an equal opportunity employer and federal contractor or subcontractor. Consequently, the parties agree that, as applicable, they will abide by the requirements of 41 CFR 60-1.4(a), 41 CFR 60-300.5(a) and 41 CFR 60-741.5(a) and that these laws are incorporated herein by reference. These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity or national origin. These regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability. The parties also agree that, as applicable, they will abide by the requirements of Executive Order 13496 (29 CFR Part 471, Appendix A to Subpart A), relating to the notice of employee rights under federal labor laws.

diff --git a/jobs/imported/greenhouse/greenhouse-cerebrassystems-7643179003-cybersecurity-grc-manager.md b/jobs/imported/greenhouse/greenhouse-cerebrassystems-7643179003-cybersecurity-grc-manager.md new file mode 100644 index 0000000..c74c436 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-cerebrassystems-7643179003-cybersecurity-grc-manager.md @@ -0,0 +1,89 @@ +--- +title: "Cybersecurity GRC Manager" +company: "Cerebrassystems" +slug: "greenhouse-cerebrassystems-7643179003-cybersecurity-grc-manager" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/cerebrassystems/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/cerebrassystems/jobs/7643179003" +apply_url: "https://job-boards.greenhouse.io/cerebrassystems/jobs/7643179003" +posted_date: "2026-04-02" +expires_date: "2026-05-02" +location: "Sunnyvale CA or Toronto Canada" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "HIPAA" + - "GDPR" +languages: [] +compensation: "" +summary: "Cerebras Systems builds the world's largest AI chip, 56 times larger than GPUs. Our novel wafer-scale architecture provides the AI compute power of dozens of GPUs on a single..." +--- + +

Cerebras Systems builds the world's largest AI chip, 56 times larger than GPUs. Our novel wafer-scale architecture provides the AI compute power of dozens of GPUs on a single chip, with the programming simplicity of a single device. This approach allows Cerebras to deliver industry-leading training and inference speeds and empowers machine learning users to effortlessly run large-scale ML applications, without the hassle of managing hundreds of GPUs or TPUs.  

+

Cerebras' current customers include top model labs, global enterprises, and cutting-edge AI-native startups. OpenAI recently announced a multi-year partnership with Cerebras, to deploy 750 megawatts of scale, transforming key workloads with ultra high-speed inference. 

+

Thanks to the groundbreaking wafer-scale architecture, Cerebras Inference offers the fastest Generative AI inference solution in the world, over 10 times faster than GPU-based hyperscale cloud inference services. This order of magnitude increase in speed is transforming the user experience of AI applications, unlocking real-time iteration and increasing intelligence via additional agentic computation.

About The Role

+

The Cybersecurity GRC Manager is accountable for maturing and scaling engineering-driven governance, risk, and compliance programs that support the security, privacy, and regulatory-compliant posture of the organization. The ideal candidate will bring a unique blend of deep technical security acumen and GRC expertise, enabling the creation of GRC workflows that are measurable, automated, and resilient. This is a strategic, cross-functional, and customer-facing role reporting to the Director of Governance, Risk, & Compliance. 

+

A successful candidate will have a comprehensive understanding of cybersecurity and privacy industry frameworks (e.g., NIST, ISO, SOC 2, CCPA, GDPR, HIPAA). They will be responsible for transforming governance, risk, and compliance practices into proactive, testable capabilities using automation, continuous auditing, and AI-driven solutions. 

+

Proficiency with AI tools (LLMs, prompt engineering, generative‑AI workflows) is a core requirement – you’ll use AI to streamline GRC workflow creation and implementation, evidence generation, and security risk mitigation. Experience with designing and implementing autonomous “agentic AI” solutions is preferred. 

+

Responsibilities 

+ +

Skills And Qualifications   

+
Required Experience 
+ +
Technical and Domain Expertise 
+ +
Soft Skills 
+

Why Join Cerebras

+

People who are serious about software make their own hardware. At Cerebras we have built a breakthrough architecture that is unlocking new opportunities for the AI industry. With dozens of model releases and rapid growth, we’ve reached an inflection  point in our business. Members of our team tell us there are five main reasons they joined Cerebras:

+
    +
  1. Build a breakthrough AI platform beyond the constraints of the GPU.
    2. +
  2. Publish and open source their cutting-edge AI research.
    3. +
  3. Work on one of the fastest AI supercomputers in the world.
    4. +
  4. Enjoy job stability with startup vitality.
    5. +
  5. Our simple, non-corporate work culture that respects individual beliefs.
    6. +
+

Read our blog: Five Reasons to Join Cerebras in 2026.

+

Apply today and become part of the forefront of groundbreaking advancements in AI!

+
+

Cerebras Systems is committed to creating an equal and diverse environment and is proud to be an equal opportunity employer. We celebrate different backgrounds, perspectives, and skills. We believe inclusive teams build better products and companies. We try every day to build a work environment that empowers people to do their best work through continuous learning, growth and support of those around them.

+
+

This website or its third-party tools process personal data. For more details, click here to review our CCPA disclosure notice.

diff --git a/jobs/imported/greenhouse/greenhouse-cloudflare-7477769-data-centre-security-compliance-public-sector-specialist.md b/jobs/imported/greenhouse/greenhouse-cloudflare-7477769-data-centre-security-compliance-public-sector-specialist.md new file mode 100644 index 0000000..6dc7d03 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-cloudflare-7477769-data-centre-security-compliance-public-sector-specialist.md @@ -0,0 +1,100 @@ +--- +title: "Data Centre Security Compliance Public Sector Specialist" +company: "Cloudflare" +slug: "greenhouse-cloudflare-7477769-data-centre-security-compliance-public-sector-specialist" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/cloudflare/jobs?content=true" +role_url: "https://boards.greenhouse.io/cloudflare/jobs/7477769?gh_jid=7477769" +apply_url: "https://boards.greenhouse.io/cloudflare/jobs/7477769?gh_jid=7477769" +posted_date: "2026-02-06" +expires_date: "2026-03-08" +location: "Hybrid" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "NIST 800-53" + - "PCI-DSS" +languages: [] +compensation: "" +summary: "About Us At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers millions of websites and other..." +--- + +
About Us
+
+

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures list and ranked among the World’s Most Innovative Companies by Fast Company. 

+

At Cloudflare, we’re not looking for people who wait for a polished roadmap; we’re looking for the builders who see the cracks in the Internet that everyone else has simply learned to live with. We value candidates who have the instinct to spot a "normalized" problem and the AI-native curiosity to create a solution using the latest tools. Our culture is built on iteration, leveraging AI to ship faster today to make it better tomorrow, while ensuring that every improvement, no matter how small, is shared across the team to lift everyone up. If you’re the type of person who values curiosity over bureaucracy, and that AI is a partner in solving tough problems to keep the Internet moving forward, you’ll fit right in.

+

Location: Austin, TX

+

About the Role

+

Cloudflare is looking for a Data Center Security Compliance Public Sector Specialist to assist our global Data Center Security Compliance team. This critical role is part of the Infrastructure Operations organization that is responsible for building, scaling, and running Cloudflare’s data center and network infrastructure around the world.  You will play a key role in ensuring the performance, availability, and security of Cloudflare’s network.  In pursuit of the goal to “help build a better Internet,” Cloudflare operates one of the world’s largest and most important cloud networks. Spanning more than 300 cities across the globe, Cloudflare’s network is a key strategic asset and supports all customers and products.

+

The DCSC Public Sector Specialist sits at the intersection of physical infrastructure, strict government regulation (FedRAMP), and operational security.  We are looking for a driven, detailed, and organized professional that can help us improve operational excellence working with our large, strategic partners. In this role, you will have the opportunity to blend strategic vision with tactical implementation to drive outcomes. The ideal candidate will have experience working with the Data Center Security Compliance Programs with a focus on improving operational excellence to drive growth and scalability. This is your opportunity to join a growing, fast-paced, and market-leading cloud security company that is poised to be one of the iconic brands of the decade. If you are interested in building your career with a company that is experiencing explosive growth, while being given the responsibility and challenge to have a real impact on our company’s success, then this is the opportunity for you.

+

Key Responsibilities

+
    +
  1. Public Sector & Compliance Governance
    2. +
+ +

       2. Audit Lifecycle Management

+ +

        3. Identity & Access Management (IAM) Operations

+ +

       4.  Partner Relations & Reporting

+ +

Requirements

+ +



What Makes Cloudflare Special?

+

We’re not just a highly ambitious, large-scale technology company. We’re a highly ambitious, large-scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.

+

Project Galileo: Since 2014, we've equipped more than 2,400 journalism and civil society organizations in 111 countries with powerful tools to defend themselves against attacks that would otherwise censor their work, technology already used by Cloudflare’s enterprise customers--at no cost.

+

Athenian Project: In 2017, we created the Athenian Project to ensure that state and local governments have the highest level of protection and reliability for free, so that their constituents have access to election information and voter registration. Since the project, we've provided services to more than 425 local government election websites in 33 states.

+

1.1.1.1: We released 1.1.1.1 to help fix the foundation of the Internet by building a faster, more secure and privacy-centric public DNS resolver. This is available publicly for everyone to use - it is the first consumer-focused service Cloudflare has ever released. Here’s the deal - we don’t store client IP addresses never, ever. We will continue to abide by our privacy commitment and ensure that no user data is sold to advertisers or used to target consumers.

+

Sound like something you’d like to be a part of? We’d love to hear from you!

+

This position may require access to information protected under U.S. export control laws, including the U.S. Export Administration Regulations. Please note that any offer of employment may be conditioned on your authorization to receive software or technology controlled under these U.S. export laws without sponsorship for an export license.

+

Cloudflare is proud to be an equal opportunity employer.  We are committed to providing equal employment opportunity for all people and place great value in both diversity and inclusiveness.  All qualified applicants will be considered for employment without regard to their, or any other person's, perceived or actual race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law. We are an AA/Veterans/Disabled Employer.

+

Cloudflare provides reasonable accommodations to qualified individuals with disabilities.  Please tell us if you require a reasonable accommodation to apply for a job. Examples of reasonable accommodations include, but are not limited to, changing the application process, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.  If you require a reasonable accommodation to apply for a job, please contact us via e-mail at hr@cloudflare.com or via mail at 101 Townsend St. San Francisco, CA 94107.

diff --git a/jobs/imported/greenhouse/greenhouse-fireblocks-4618281006-technical-grc-expert.md b/jobs/imported/greenhouse/greenhouse-fireblocks-4618281006-technical-grc-expert.md new file mode 100644 index 0000000..017a136 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-fireblocks-4618281006-technical-grc-expert.md @@ -0,0 +1,68 @@ +--- +title: "Technical GRC Expert" +company: "Fireblocks" +slug: "greenhouse-fireblocks-4618281006-technical-grc-expert" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/fireblocks/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/fireblocks/jobs/4618281006" +apply_url: "https://job-boards.greenhouse.io/fireblocks/jobs/4618281006" +posted_date: "2026-04-07" +expires_date: "2026-05-07" +location: "Tel Aviv-Yafo, Tel Aviv District, Israel" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" +languages: + - "Rust" +compensation: "" +summary: "The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network..." +--- + +

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more. 

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more.

+

About the Role

+

We’re looking for a highly skilled Technical GRC Expert with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology — ensuring that Fireblocks’ GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.

+

As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.

+

Reporting line: GRC Director

+

What you will do

+ +

Qualifications:

+ +

Preferred Qualifications:

+ +

 

Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms. 

+
Please see our candidate privacy policy here.
diff --git a/jobs/imported/greenhouse/greenhouse-fireblocks-4620939006-grc-operations-specialist.md b/jobs/imported/greenhouse/greenhouse-fireblocks-4620939006-grc-operations-specialist.md new file mode 100644 index 0000000..ef7017a --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-fireblocks-4620939006-grc-operations-specialist.md @@ -0,0 +1,57 @@ +--- +title: "GRC Operations Specialist" +company: "Fireblocks" +slug: "greenhouse-fireblocks-4620939006-grc-operations-specialist" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/fireblocks/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/fireblocks/jobs/4620939006" +apply_url: "https://job-boards.greenhouse.io/fireblocks/jobs/4620939006" +posted_date: "2026-04-07" +expires_date: "2026-05-07" +location: "Tel Aviv-Yafo, Tel Aviv District, Israel" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "GDPR" +languages: + - "Rust" +compensation: "" +summary: "The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network..." +--- + +

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more. 

We are looking for a passionate and experienced Governance, Risk, and Compliance (GRC) operations specialist to contribute to our company’s efforts in making Fireblocks the most security and trusted provider of digital asset management solutions. This role is critical in driving our day-to-day GRC programs, ensuring they are well maintained, run according to schedule, and align with our business needs.
As the GRC operations specialist, you will oversee the successful implementation and progress of GRC programs, practices, and projects, while collaborating with multiple cross-functional teams within the security department and outside of it. 



What You Will Do
+ +

What You Will Bring:
+ +


Preferred Qualifications:
+

Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms. 

+
Please see our candidate privacy policy here.
diff --git a/jobs/imported/greenhouse/greenhouse-idme-7661659003-grc-engineer.md b/jobs/imported/greenhouse/greenhouse-idme-7661659003-grc-engineer.md new file mode 100644 index 0000000..2ca7508 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-idme-7661659003-grc-engineer.md @@ -0,0 +1,71 @@ +--- +title: "GRC Engineer" +company: "Idme" +slug: "greenhouse-idme-7661659003-grc-engineer" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/idme/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/idme/jobs/7661659003" +apply_url: "https://job-boards.greenhouse.io/idme/jobs/7661659003" +posted_date: "2026-03-16" +expires_date: "2026-04-15" +location: "McLean, Virginia; Mountain View, California, United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Security Governance" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "CCPA" +languages: + - "Python" + - "OSCAL" +compensation: "" +summary: "Company Overview ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity..." +--- + +

Company Overview

+

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit https://network.id.me/.

Role Overview

+

ID.me is seeking a GRC Engineer to design, build, and operate AI agents that automate the compliance lifecycle across FedRAMP, ISO 27001, SOC 2, and Kantara accreditation programs.

+

This role is a technologist that focuses on solving GRC domain problems with automation and AI.. You will write code and build tooling to scale GRC capabilities and reduce the compliance burden.. You will own engineering AI capabilities while also have the skillset to dive into compliance issues as another set up hands..

+

The primary initial challenge is automated evidence collection. You will develop programmatic methods to extract evidence from source systems, feed it into evaluation agents, and enable continuous monitoring to replace traditional annual snapshots with ongoing automated assurance.

+

This role is based out of our Mountain View, CA or McLean, VA offices and requires full-time in-office attendance

+

Core Responsibilities

+ +

Basic Qualifications

+ +

Preferred Qualifications

+ +

#LI-JS1

ID.me is a full-time, in-office culture. Unless a specific job description explicitly states otherwise, all roles are on-site five days per week at one of our offices in McLean, VA; Mountain View, CA; New York City, NY; or Tampa, FL. Certain roles — such as field-based sales or other remote-by-design positions — may have different work arrangements as noted in their individual postings.

+

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

+

Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.

+

ID.me participates in E-Verify.

diff --git a/jobs/imported/greenhouse/greenhouse-idme-7666086003-grc-technical-program-manager.md b/jobs/imported/greenhouse/greenhouse-idme-7666086003-grc-technical-program-manager.md new file mode 100644 index 0000000..fa10f9e --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-idme-7666086003-grc-technical-program-manager.md @@ -0,0 +1,58 @@ +--- +title: "GRC Technical Program Manager" +company: "Idme" +slug: "greenhouse-idme-7666086003-grc-technical-program-manager" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/idme/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/idme/jobs/7666086003" +apply_url: "https://job-boards.greenhouse.io/idme/jobs/7666086003" +posted_date: "2026-03-16" +expires_date: "2026-04-15" +location: "McLean, Virginia; Mountain View, California, United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Security Governance" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "CCPA" +languages: [] +compensation: "" +summary: "Company Overview ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity..." +--- + +

Company Overview

+

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit https://network.id.me/.

Role Overview

+

ID.me is seeking a Technical Program Manager – Security Assurance to serve as the operational backbone of our external compliance programs. You will co-own the end-to-end lifecycle of controls, policies, and program-specific documentation for FedRAMP, ISO 27001, and SOC 2, with additional contributions to Kantara accreditation.

+

You will drive cross-functional alignment independently, owning outcomes rather than tasks. A unique requirement of this role is high proficiency with AI tools; our team utilizes purpose-built AI agents for evidence validation, control evaluation, and finding management. Fluency in AI-assisted workflows is essential.

+

This role is based out of our Mountain View, CA or McLean, VA offices and requires full-time in-office attendance.

+

Core Responsibilities

+ +

Preferred Qualifications

+ +

#LI-JS1

ID.me is a full-time, in-office culture. Unless a specific job description explicitly states otherwise, all roles are on-site five days per week at one of our offices in McLean, VA; Mountain View, CA; New York City, NY; or Tampa, FL. Certain roles — such as field-based sales or other remote-by-design positions — may have different work arrangements as noted in their individual postings.

+

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

+

Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.

+

ID.me participates in E-Verify.

diff --git a/jobs/imported/greenhouse/greenhouse-ionq-5843579004-principal-technical-program-manager-fedramp.md b/jobs/imported/greenhouse/greenhouse-ionq-5843579004-principal-technical-program-manager-fedramp.md new file mode 100644 index 0000000..8d09c1b --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-ionq-5843579004-principal-technical-program-manager-fedramp.md @@ -0,0 +1,72 @@ +--- +title: "Principal Technical Program Manager, FedRAMP" +company: "Ionq" +slug: "greenhouse-ionq-5843579004-principal-technical-program-manager-fedramp" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/ionq/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/ionq/jobs/5843579004" +apply_url: "https://job-boards.greenhouse.io/ionq/jobs/5843579004" +posted_date: "2026-04-09" +expires_date: "2026-05-09" +location: "Bothell, Washington, United States; College Park, Maryland, United States; Remote, US" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-171" + - "CMMC" +languages: [] +compensation: "$167,808 - $219,704" +summary: "About IonQ: IonQ, Inc . [NYSE: IONQ] is the world’s leading quantum platform and merchant supplier - delivering integrated quantum solutions across computing, networking, sensing,..." +--- + +

About IonQ: 

+

IonQ, Inc. [NYSE: IONQ] is the world’s leading quantum platform and merchant supplier - delivering integrated quantum solutions across computing, networking, sensing, and security. IonQ’s newest generation of quantum computers, the IonQ Tempo, is the latest in a line of cutting-edge systems that have been helping customers and partners including Amazon Web Services, and AstraZeneca achieve 20x performance results and accelerate innovation in drug discovery, materials science, financial modeling, logistics, cybersecurity, and defense. In 2025, the company achieved 99.99% two-qubit gate fidelity, setting a world record in quantum computing performance.

Headquartered in College Park, Maryland, IonQ has operations in California, Colorado, Massachusetts, Tennessee, Washington, Italy, South Korea, Sweden, Switzerland, Canada, and the United Kingdom. Our quantum computing services are available through all major cloud providers, while we also meet the needs of networking and sensing customers across land, sea, air, and space. IonQ is making quantum platforms more accessible and impactful than ever before.  

The Role: 

+

We are seeking a Security Technical Program Manager (TPM) to drive our program. The Security TPM serves as a strategic architect and operational engine of an organization’s security posture. Bridging the gap between high-level risk management and deep technical execution, they orchestrate complex initiatives—ranging from infrastructure hardening to compliance automation—across diverse engineering and product teams. Unlike a traditional project manager, a Security TPM possesses the technical depth to challenge architectural decisions and the business acumen to prioritize security debt against product velocity. Ultimately, they are responsible for transforming abstract security policies into scalable, automated workflows that protect the company’s assets without stifling innovation.

+

Responsibilities:

+ +

Requirements:

+ +

Preferred Qualifications:

+ +

Location: Ideally, this role will work onsite at our office located in Bothell, WA or College Park, MD.  We are open to hybrid and remote options for the right candidate.
Travel: Minimum 10%
Job ID: 1478

+

The approximate base salary range for this position is $167,808 - $219,704. The total compensation package includes base, bonus, equity, and a range of benefit options found on our career site.

Compensation will vary based on individual factors such as education, qualifications, and experience of the final candidate(s), specific office location, and calibration against relevant market data and internal team equity.  Posted base salary figures are subject to change as new market data becomes available. Our benefits include comprehensive medical, dental, and vision plans, matching 401K, unlimited PTO and paid holidays, parental/adoption leave, legal insurance, and a home technology stipend.  Details of participation in these benefit plans will be provided when a candidate receives an offer of employment. 

+

At IonQ, we believe in fair treatment, access, opportunity, and advancement for all while striving to identify and eliminate barriers. We empower employees to thrive by fostering a culture of autonomy, productivity, and respect. We are dedicated to creating an environment where individuals can feel welcomed, respected, supported, and valued.
 
We are committed to equity and justice. We welcome different voices and viewpoints and do not discriminate on the basis of race, religion, ancestry, physical and/or mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, transgender status, age, sexual orientation, military or veteran status, or any other basis protected by law. We are proud to be an Equal Employment Opportunity employer.

+

+

US Technical Jobs. The position you are applying for will require access to technology that is subject to U.S. export control and government contract restrictions.  Employment with IonQ is contingent on either verifying “U.S. Person” (e.g., U.S. citizen, U.S. national, U.S. permanent resident, or lawfully admitted into the U.S. as a refugee or granted asylum) status for export controls and government contracts work, obtaining any necessary license, and/or confirming the availability of a license exception under U.S. export controls.  Please note that in the absence of confirming you are a U.S. Person for export control and government contracts work purposes, IonQ may choose not to apply for a license or decline to use a license exception (if available) for you to access export-controlled technology that may require authorization, and similarly, you may not qualify for government contracts work that requires U.S. Persons, and IonQ may decline to proceed with your application on those bases alone.  Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law.  

+

US Non-Technical Jobs. Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum. Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law.

+

+

If you are interested in being a part of our team and mission, we encourage you to apply! 


+

 

diff --git a/jobs/imported/greenhouse/greenhouse-robinhood-7676724-senior-security-grc-analyst.md b/jobs/imported/greenhouse/greenhouse-robinhood-7676724-senior-security-grc-analyst.md new file mode 100644 index 0000000..2b216f4 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-robinhood-7676724-senior-security-grc-analyst.md @@ -0,0 +1,78 @@ +--- +title: "Senior Security GRC Analyst" +company: "Robinhood" +slug: "greenhouse-robinhood-7676724-senior-security-grc-analyst" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/robinhood/jobs?content=true" +role_url: "https://boards.greenhouse.io/robinhood/jobs/7676724?t=gh_src=&gh_jid=7676724" +apply_url: "https://boards.greenhouse.io/robinhood/jobs/7676724?t=gh_src=&gh_jid=7676724" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "Menlo Park, CA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" +languages: [] +compensation: "" +summary: "Join us in building the future of finance. Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next..." +--- + +

Join us in building the future of finance.

+

Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.

About the team + role

+

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

+

The Security GRC (Governance, Risk, and Compliance) team’s mission is to ensure Robinhood meets its “Safety Always” commitments through disciplined risk management, resilient control environments, and effective governance practices. We work closely with Information Security, Technology, Corporate Engineering, Enterprise Risk, and Compliance teams to maintain strong oversight of risk across the organization. Our team supports global regulatory alignment while enabling the business to build compliant, secure products efficiently.

+

As a Senior Security GRC Analyst, you will focus on risk management across Information Security, Technology, and Corporate Engineering. You will conduct risk assessments, evaluate control effectiveness, support regulatory exams and audits, and provide clear reporting on risk posture. You will help strengthen how Robinhood manages risk across multiple regulatory environments through a centralized enterprise approach. This role offers exposure to international expansion efforts and the opportunity to contribute to automation and AI initiatives that improve control testing, reporting, and governance processes. 

+

This role is based in our Menlo Park, CA office, with in-person attendance expected at least 3 days per week.

+

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

+

What you’ll do

+ +

What you bring

+ +

Bonus points:

+ +

What we offer

+

In addition to the base pay range listed below, this role is also eligible for bonus opportunities + equity + benefits.

+

Base pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands. The expected base pay range for this role is based on the location where the work will be performed and is aligned to one of 3 compensation zones. For other locations not listed, compensation can be discussed with your recruiter during the interview process.

+

Base Pay Range:

Zone 1 (Menlo Park, CA; New York, NY; Bellevue, WA; Washington, DC)
$166,000$195,000 USD
Zone 2 (Denver, CO; Westlake, TX; Chicago, IL)
$146,000$172,000 USD
Zone 3 (Lake Mary, FL; Clearwater, FL; Gainesville, FL)
$129,000$152,000 USD

Click here to learn more about our Total Rewards, which vary by region and entity.

+

If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application.

+

Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws. Inclusion is built into how we hire and work—welcoming different backgrounds, perspectives, and experiences so everyone can do their best. Please review the Privacy Policy for your country of application.

diff --git a/jobs/imported/greenhouse/greenhouse-robinhood-7724385-senior-security-grc-analyst.md b/jobs/imported/greenhouse/greenhouse-robinhood-7724385-senior-security-grc-analyst.md new file mode 100644 index 0000000..bb7743f --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-robinhood-7724385-senior-security-grc-analyst.md @@ -0,0 +1,76 @@ +--- +title: "Senior Security GRC Analyst" +company: "Robinhood" +slug: "greenhouse-robinhood-7724385-senior-security-grc-analyst" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/robinhood/jobs?content=true" +role_url: "https://boards.greenhouse.io/robinhood/jobs/7724385?t=gh_src=&gh_jid=7724385" +apply_url: "https://boards.greenhouse.io/robinhood/jobs/7724385?t=gh_src=&gh_jid=7724385" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "Ljubljana, Slovenia" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" +languages: [] +compensation: "" +summary: "Join us in building the future of finance. Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next..." +--- + +

Join us in building the future of finance.

+

Our mission is to democratize finance for all. An estimated $124 trillion of assets will be inherited by younger generations in the next two decades. The largest transfer of wealth in human history. If you’re ready to be at the epicenter of this historic cultural and financial shift, keep reading.

About the team + role

+

We are building an elite team, applying frontier technologies to the world’s biggest financial problems. We’re looking for bold thinkers. Sharp problem-solvers. Builders who are wired to make an impact. Robinhood isn’t a place for complacency, it’s where ambitious people do the best work of their careers. We’re a high-performing, fast-moving team with ethics at the center of everything we do. Expectations are high, and so are the rewards.

+

The Security GRC (Governance, Risk, and Compliance) team’s mission is to ensure Robinhood meets its “Safety Always” commitments through disciplined risk management, resilient control environments, and effective governance practices. We work closely with Information Security, Technology, Corporate Engineering, Enterprise Risk, and Compliance teams to maintain strong oversight of risk across the organization. Our team supports global regulatory alignment while enabling the business to build compliant, secure products efficiently.

+

As a Senior Security GRC Analyst, you will focus on risk management across Information Security, Technology, and Corporate Engineering. You will conduct risk assessments, evaluate control effectiveness, support regulatory exams and audits, and provide clear reporting on risk posture. You will help strengthen how Robinhood manages risk across multiple regulatory environments through a centralized enterprise approach. This role offers exposure to international expansion efforts and the opportunity to contribute to automation and AI initiatives that improve control testing, reporting, and governance processes. 

+

This role is based in our Ljubljana, Slovenia office, with in-person attendance expected at least 2 days per week. 

At Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

+

Applications for this role will be accepted through April 20, 2026.

+

What you’ll do

+ +

What you bring

+ +

Bonus points:

+ +

What we offer

+

Click here to learn more about our Total Rewards, which vary by region and entity.

+

If our mission energizes you and you’re ready to build the future of finance, we look forward to seeing your application.

+

Robinhood provides equal opportunity for all applicants, offers reasonable accommodations upon request, and complies with applicable equal employment and privacy laws. Inclusion is built into how we hire and work—welcoming different backgrounds, perspectives, and experiences so everyone can do their best. Please review the Privacy Policy for your country of application.

diff --git a/jobs/imported/greenhouse/greenhouse-sigmacomputing-7690372003-governance-risk-and-compliance-grc-manager.md b/jobs/imported/greenhouse/greenhouse-sigmacomputing-7690372003-governance-risk-and-compliance-grc-manager.md new file mode 100644 index 0000000..912d83d --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-sigmacomputing-7690372003-governance-risk-and-compliance-grc-manager.md @@ -0,0 +1,130 @@ +--- +title: "Governance, Risk & Compliance (GRC) Manager" +company: "Sigmacomputing" +slug: "greenhouse-sigmacomputing-7690372003-governance-risk-and-compliance-grc-manager" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/sigmacomputing/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/sigmacomputing/jobs/7690372003" +apply_url: "https://job-boards.greenhouse.io/sigmacomputing/jobs/7690372003" +posted_date: "2026-04-06" +expires_date: "2026-05-06" +location: "San francisco, CA" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST CSF" + - "NIST RMF" + - "HIPAA" +languages: + - "Python" + - "SQL" + - "Rust" +compensation: "$190,000 - $215,000" +summary: "Governance, Risk & Compliance (GRC) Manager Sigma is seeking an experienced GRC Manager to lead and scale our governance, risk, and compliance programs. This role is based in our..." +--- + +

 

+

 

Governance, Risk & Compliance (GRC) Manager

+

Sigma is seeking an experienced GRC Manager to lead and scale our governance, risk, and compliance programs. This role is based in our San Francisco office or upcoming New York office and reports to the General Counsel. You'll have the opportunity to build a strategic, enterprise-wide GRC function that enables business growth while managing organizational risk.

+

As our GRC Manager, you'll partner with Legal, Engineering, Product, Sales, Operations, and leadership to develop a comprehensive GRC framework that protects Sigma's interests, supports our strategic objectives, and builds stakeholder trust. You'll mature our governance structures, implement scalable risk management processes, and ensure compliance with applicable regulatory requirements—all while enabling the business to move quickly and confidently.

+

What You'll Do

+

Governance

+ +

Risk Management

+ +

Compliance

+ +

Business Enablement

+ +

What You Bring

+

Required

+ +

Preferred

+ +

Why Join Sigma

+

This is an opportunity to build a world-class GRC program that doesn't just check boxes but genuinely enables the business to pursue opportunities with confidence. You'll work across the entire organization, have direct access to the General Counsel, and make a tangible impact on how Sigma manages risk and creates value for customers.

+

Additional Job details

+

The base salary range for this position is $190k - $215k annually.

+

Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work at Sigma Computing. This role is eligible for stock options, as well as a comprehensive benefits package.

About us:

+

Sigma is the AI apps and analytics platform connected to the cloud data warehouse. Using Sigma, business and technical teams can build intelligent, production-ready AI apps that accelerate and automate operational workflows. Sigma provides a spreadsheet interface, SQL and Python editors, visual builders, and native AI to help teams turn live data into interactive applications, analysis, reports, and embedded experiences.

+

Sigma announced its $200M in Series D financing in May 2024, to continue transforming BI through its innovations in AI infrastructure, data application development, enterprise-wide collaboration, and business user adoption. Spark Capital and Avenir Growth Capital co-led the Series D funding round, with additional participation from a group of past investors including Snowflake Ventures and Sutter Hill Ventures.The Series D funding, raised at a valuation 60% higher than the company’s Series C round three years ago, promises to further accelerate Sigma’s growth.   

+

Come join us!

+

Benefits For Our Full-Time Employees:

+ +

Sigma Computing is an equal opportunity employer. We are committed to building a smart and strong team regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We look forward to learning how your experience can enable all of us to grow.

+

Note: We have an in-office work environment in all our offices in SF, NYC, and London.

+

Our Privacy Practices

+

When you submit a job application on this site, Sigma processes your personal data for the purposes of evaluating your candidacy for employment at Sigma and as otherwise needed throughout the recruitment and hiring process. Please review Sigma’s Candidate Privacy Notice for more details. Please note that your personal data may be transferred to a country other than the one in which it was provided (including to USA, the UK, and Canada). 

+

Sigma’s use of AI

+

This hiring process utilizes artificial intelligence tools to assist in candidate screening and assessment. Our AI tools are designed to complement, not replace, human decision-making. 

diff --git a/jobs/imported/greenhouse/greenhouse-sigmacomputing-7690373003-governance-risk-and-compliance-grc-manager.md b/jobs/imported/greenhouse/greenhouse-sigmacomputing-7690373003-governance-risk-and-compliance-grc-manager.md new file mode 100644 index 0000000..ca1f1d5 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-sigmacomputing-7690373003-governance-risk-and-compliance-grc-manager.md @@ -0,0 +1,130 @@ +--- +title: "Governance, Risk & Compliance (GRC) Manager" +company: "Sigmacomputing" +slug: "greenhouse-sigmacomputing-7690373003-governance-risk-and-compliance-grc-manager" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/sigmacomputing/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/sigmacomputing/jobs/7690373003" +apply_url: "https://job-boards.greenhouse.io/sigmacomputing/jobs/7690373003" +posted_date: "2026-04-06" +expires_date: "2026-05-06" +location: "New York City, NY" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST CSF" + - "NIST RMF" + - "HIPAA" +languages: + - "Python" + - "SQL" + - "Rust" +compensation: "$190,000 - $215,000" +summary: "Governance, Risk & Compliance (GRC) Manager Sigma is seeking an experienced GRC Manager to lead and scale our governance, risk, and compliance programs. This role is based in our..." +--- + +

 

+

 

Governance, Risk & Compliance (GRC) Manager

+

Sigma is seeking an experienced GRC Manager to lead and scale our governance, risk, and compliance programs. This role is based in our San Francisco office or upcoming New York office and reports to the General Counsel. You'll have the opportunity to build a strategic, enterprise-wide GRC function that enables business growth while managing organizational risk.

+

As our GRC Manager, you'll partner with Legal, Engineering, Product, Sales, Operations, and leadership to develop a comprehensive GRC framework that protects Sigma's interests, supports our strategic objectives, and builds stakeholder trust. You'll mature our governance structures, implement scalable risk management processes, and ensure compliance with applicable regulatory requirements—all while enabling the business to move quickly and confidently.

+

What You'll Do

+

Governance

+ +

Risk Management

+ +

Compliance

+ +

Business Enablement

+ +

What You Bring

+

Required

+ +

Preferred

+ +

Why Join Sigma

+

This is an opportunity to build a world-class GRC program that doesn't just check boxes but genuinely enables the business to pursue opportunities with confidence. You'll work across the entire organization, have direct access to the General Counsel, and make a tangible impact on how Sigma manages risk and creates value for customers.

+

Additional Job details

+

The base salary range for this position is $190k - $215k annually.

+

Compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience. Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work at Sigma Computing. This role is eligible for stock options, as well as a comprehensive benefits package.

About us:

+

Sigma is the AI apps and analytics platform connected to the cloud data warehouse. Using Sigma, business and technical teams can build intelligent, production-ready AI apps that accelerate and automate operational workflows. Sigma provides a spreadsheet interface, SQL and Python editors, visual builders, and native AI to help teams turn live data into interactive applications, analysis, reports, and embedded experiences.

+

Sigma announced its $200M in Series D financing in May 2024, to continue transforming BI through its innovations in AI infrastructure, data application development, enterprise-wide collaboration, and business user adoption. Spark Capital and Avenir Growth Capital co-led the Series D funding round, with additional participation from a group of past investors including Snowflake Ventures and Sutter Hill Ventures.The Series D funding, raised at a valuation 60% higher than the company’s Series C round three years ago, promises to further accelerate Sigma’s growth.   

+

Come join us!

+

Benefits For Our Full-Time Employees:

+ +

Sigma Computing is an equal opportunity employer. We are committed to building a smart and strong team regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We look forward to learning how your experience can enable all of us to grow.

+

Note: We have an in-office work environment in all our offices in SF, NYC, and London.

+

Our Privacy Practices

+

When you submit a job application on this site, Sigma processes your personal data for the purposes of evaluating your candidacy for employment at Sigma and as otherwise needed throughout the recruitment and hiring process. Please review Sigma’s Candidate Privacy Notice for more details. Please note that your personal data may be transferred to a country other than the one in which it was provided (including to USA, the UK, and Canada). 

+

Sigma’s use of AI

+

This hiring process utilizes artificial intelligence tools to assist in candidate screening and assessment. Our AI tools are designed to complement, not replace, human decision-making. 

diff --git a/jobs/imported/greenhouse/greenhouse-spycloud-7677705003-grc-engineer.md b/jobs/imported/greenhouse/greenhouse-spycloud-7677705003-grc-engineer.md new file mode 100644 index 0000000..d0fb972 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-spycloud-7677705003-grc-engineer.md @@ -0,0 +1,153 @@ +--- +title: "GRC Engineer" +company: "Spycloud" +slug: "greenhouse-spycloud-7677705003-grc-engineer" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/spycloud/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/spycloud/jobs/7677705003" +apply_url: "https://job-boards.greenhouse.io/spycloud/jobs/7677705003" +posted_date: "2026-04-01" +expires_date: "2026-05-01" +location: "Austin, Texas | Remote" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "CCPA" + - "CMMC" +languages: + - "Python" +compensation: "" +summary: "SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground. SpyCloud’s solutions thwart cyberattacks and protect more than 4 billion..." +--- + +

SpyCloud is on a mission to make the internet a safer place by disrupting the criminal underground. SpyCloud’s solutions thwart cyberattacks and protect more than 4 billion accounts worldwide. Cybersecurity is an exciting, evolving space, and being at the forefront of the fight to disrupt cybercrime makes SpyCloud a special place to work. If you’re driven to align your career with a fantastic mission, look no further!

The GRC Engineer is a role within SpyCloud’s Governance, Risk, and Compliance (GRC) department, part of the Legal & Compliance organization. This position plays a critical role in strengthening SpyCloud’s compliance posture by driving audit readiness, scaling continuous control testing, and embedding compliance requirements into cloud-native systems and workflows.

+

This role partners closely with Engineering, Security, IT, Product, and Legal teams to ensure compliance requirements are implemented effectively within cloud environments. The GRC Engineer leads complex compliance initiatives while leveraging automation and scripting to improve efficiency, accuracy, and scalability.

+

 

+

What You'll Do:

+ +

 

+

Requirements:

+ +

 

+

Nice to Have:

+ +

SpyCloud is not sponsoring visas at this time.

+

For applicants residing in California, please click here to read SpyCloud's CCPA Notice.

+

For applicants residing in the UK, please click here to read SpyCloud's Employee Privacy Notice.

+

U.S.-Based Benefits + Perks (for Full Time Employees):

+

At SpyCloud, we are committed to working alongside individuals who are equally passionate about preventing cybercrime, regardless of their department or role. Guided by our core values in all business decisions, we prioritize unity in our mission and ensure all SpyCloud employees have the support and benefits they need to stay focused on our goals. In addition to our engaging workspace in South Austin, flexible and remote-friendly work options, and competitive salary package, we offer our employees a comprehensive benefits package that includes:

+ +

U.K.-Based Benefits + Perks (for Full Time Employees):

+ +

About SpyCloud:

+

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics and AI to proactively prevent ransomware and account takeover, detect insider threats, safeguard employee and consumer identities, and accelerate cybercrime investigations. SpyCloud's data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

To learn more and see insights on your company’s exposed data, visit spycloud.com.

+

Our Mission:

+

Our mission is to make the internet a safer place by disrupting the criminal underground. Together with our customers and partners, we aim to end criminals’ ability to profit from stolen information.

+

Who We Are:

+

SpyCloud is a place for innovative, collaborative, and problem-solvers to thrive. Individually, we’re amazing, but together, we’re unstoppable. We celebrate diversity and various perspectives and aim to create an inclusive and supportive environment for all. We are proud to be an Equal Employment Opportunity and Affirmative Action employer of choice. All aspects of employment decisions will be based on merit, performance, and business needs. We do not discriminate on the basis of any status protected under federal, state, or local law. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. Women, minorities, individuals with disabilities, and protected veterans are encouraged to apply. SpyCloud complies with applicable state and local laws governing nondiscrimination in employment. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

+

SpyCloud expressly prohibits any form of workplace harassment. Improper interference with the ability of SpyCloud's employees to perform their job duties may result in discipline up to and including discharge. SpyCloud shares the right to work and participates in the E-Verify program in all locations.

+

If you need assistance or accommodation due to a disability, you may contact us.

+

Our Culture:

+

Our culture is something really special. We’re all driven to disrupt the cybercriminal economy as we keep customer accounts safe from compromise. We support a truly worthy and serious mission, but we have fun doing it together. If you are driven, inventive, and collaborative, you’ll fit right in.

+

SpyCloud’s Recruitment Policy:

+

We will never ask an applicant for sensitive or personal financial information during the recruitment process. We advise all applicants seeking employment with SpyCloud to review available information on recruitment fraud. Anyone who suspects that they have been contacted by someone falsely representing SpyCloud should email careers@spycloud.com.

+

Compensation Transparency Policy: 

+

At SpyCloud, we believe in transparency and fairness in compensation. We strive to ensure that all employees are fairly compensated for their contributions, and we openly discuss our compensation philosophy and structure. We are committed to providing competitive salaries and benefits packages to attract and retain top talent, and we encourage open dialogue and feedback regarding compensation matters.

+

Learn more and apply: SpyCloud Careers

+
diff --git a/jobs/imported/greenhouse/greenhouse-vercel-5836016004-staff-grc-analyst.md b/jobs/imported/greenhouse/greenhouse-vercel-5836016004-staff-grc-analyst.md new file mode 100644 index 0000000..1925c35 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-vercel-5836016004-staff-grc-analyst.md @@ -0,0 +1,79 @@ +--- +title: "Staff GRC Analyst" +company: "Vercel" +slug: "greenhouse-vercel-5836016004-staff-grc-analyst" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/vercel/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/vercel/jobs/5836016004" +apply_url: "https://job-boards.greenhouse.io/vercel/jobs/5836016004" +posted_date: "2026-04-02" +expires_date: "2026-05-02" +location: "Remote - United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST AI RMF" +languages: + - "Rust" +compensation: "$180,000 - $270,000" +summary: "About Vercel: Vercel gives developers the tools and cloud infrastructure to build, scale, and secure a faster, more personalized web. As the team behind v0, Next.js, and AI SDK,..." +--- + +

About Vercel:

+

Vercel gives developers the tools and cloud infrastructure to build, scale, and secure a faster, more personalized web. As the team behind v0, Next.js, and AI SDK, Vercel helps customers like Ramp, Supreme, PayPal, and Under Armour build for the AI-native web.

+

Our mission is to enable the world to ship the best products. That starts with creating a place where everyone can do their best work. Whether you're building on our platform, supporting our customers, or shaping our story: You can just ship things.

About the role:

+

We are looking for a Staff GRC Analyst to join our Governance, Risk, and Compliance (GRC) team. You will have the opportunity to enhance our global compliance posture and further our commitment to managing enterprise risk. Your role will be instrumental in ensuring that our company operates in accordance with security requirements and embodies an environment where it’s everyone’s responsibility. This role will help shape the next iteration of the GRC program and further embed compliance requirements into the business.

+

Think you may not have all the skills and are hesitant to apply? There is no “perfect” candidate and encourage you to apply if you think that you can bring value to our team and are passionate and committed to upholding the highest standards of compliance and ethics.

+

If you’re based within a pre-determined commuting distance of one of our offices (SF, NY, London, or Berlin), the role includes in-office anchor days on Monday, Tuesday, and Friday, even if the role is listed as remote. For location-specific details, please connect with our recruiting team.

+

Getting started:

+ +

What you will do:

+ +

About you:

+ +

Bonus if you:

+ +

Benefits:

+ +

The San Francisco, CA base pay range for this role is $180,000.00 - $270,000.00. Actual salary will be based on job-related skills, experience, and location. Compensation outside of San Francisco may be adjusted based on employee location. The total compensation package may include benefits, equity-based compensation, and eligibility for a company bonus or variable pay program depending on the role. Your recruiter can share more details during the hiring process. 

+

Vercel is committed to fostering and empowering an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Vercel encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.

+

 

+
diff --git a/jobs/imported/greenhouse/greenhouse-zscaler-4940338007-federal-compliance-program-manager-fedramp-il5-and-il6-compliance.md b/jobs/imported/greenhouse/greenhouse-zscaler-4940338007-federal-compliance-program-manager-fedramp-il5-and-il6-compliance.md new file mode 100644 index 0000000..e3b85a6 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-zscaler-4940338007-federal-compliance-program-manager-fedramp-il5-and-il6-compliance.md @@ -0,0 +1,118 @@ +--- +title: "Federal Compliance Program Manager (FedRAMP, IL5 and IL6 Compliance)" +company: "Zscaler" +slug: "greenhouse-zscaler-4940338007-federal-compliance-program-manager-fedramp-il5-and-il6-compliance" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/zscaler/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/zscaler/jobs/4940338007" +apply_url: "https://job-boards.greenhouse.io/zscaler/jobs/4940338007" +posted_date: "2026-03-31" +expires_date: "2026-04-30" +location: "Crystal City, Virginia, USA; Remote - USA" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" +languages: + - "Rust" +compensation: "" +summary: "About Zscaler Zscaler accelerates digital transformation to ensure our customers can be more agile, efficient, resilient, and secure. As an AI-forward enterprise , we are..." +--- + +

About Zscaler

+

Zscaler accelerates digital transformation to ensure our customers can be more agile, efficient, resilient, and secure. As an AI-forward enterprise, we are constantly pushing the envelope, leveraging the world’s largest security data lake to power our cloud-native Zero Trust Exchange platform. This innovation protects our customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location.

+

Here, impact in your role matters more than title and trust is built on results. We say, impact over activity. We seek innovators who actively use AI to amplify their impact and who thrive in an environment where we leverage intelligent systems to stay ahead of evolving threats. We believe in transparency and value constructive, honest debate—we’re focused on getting to the best ideas, faster. We build high-performing teams that can make an impact quickly and with high quality. To do this, we are building a culture of execution centered on customer obsession, collaboration, ownership, and accountability.

+

We value high-impact, high-accountability with a sense of urgency where you’re enabled to do your best work and embrace your potential. If you’re driven by purpose, thrive on solving complex challenges, and want to be part of the team that’s helping to secure the AI age, we invite you to bring your talents to Zscaler and help shape the future of cybersecurity.

 

+

We are looking for an experienced Federal Compliance Program Manager to join our Technology Risk & Compliance team. Reporting to the Director of Technology Risk and Compliance, this role allows for remote work provided the individual maintains the readiness to work on-site in a Washington, DC SCIF on a frequent or as-needed basis. You will be responsible for designing, implementing, and maintaining integrated Federal Compliance frameworks for FedRAMP and DoD authorization. Your work will directly influence business strategy by ensuring compliance activities are integrated into broader business processes and initiatives while supporting our mission as a global cloud security leader.

+

What you’ll do (Role Expectations)

+ +

Who You Are (Success Profile)

+ +

What We’re Looking for (Minimum Qualifications)

+ +

What Will Make You Stand Out (Preferred Qualifications)

+ +

#LI-JM1

+

#LI-Remote

+

 

+

 

Zscaler’s salary ranges are benchmarked and are determined by role and level. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations and could be higher or lower based on a multitude of factors, including job-related skills, experience, and relevant education or training.

+

The base salary range listed for this full-time position excludes commission/ bonus/ equity (if applicable) + benefits.

Base Pay Range
$140,000$200,000 USD

At Zscaler, we are committed to building a team that reflects the communities we serve and the customers we work with. We foster an inclusive environment that values all backgrounds and perspectives, emphasizing collaboration and belonging. Join us in our mission to make doing business seamless and secure.

+

Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including:

+
+
    +
  • Various health plans
    • +
  • Time off plans for vacation and sick time
    • +
  • Parental leave options
    • +
  • Retirement options
    • +
  • Education reimbursement
    • +
  • In-office perks, and more!
    • +
+

Learn more about Zscaler’s Future of Work strategy, hybrid working model, and benefits here.

+
+

By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines.

+

Zscaler is committed to providing equal employment opportunities to all individuals. We strive to create a workplace where employees are treated with respect and have the chance to succeed. All qualified applicants will be considered for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status, or any other characteristic protected by federal, state, or local laws. See more information by clicking on the Know Your Rights: Workplace Discrimination is Illegal link.

+

Pay Transparency

+

Zscaler complies with all applicable federal, state, and local pay transparency rules.

+

Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.

diff --git a/jobs/imported/greenhouse/greenhouse-zscaler-5020699007-senior-governance-risk-and-compliance-specialist.md b/jobs/imported/greenhouse/greenhouse-zscaler-5020699007-senior-governance-risk-and-compliance-specialist.md new file mode 100644 index 0000000..73d4ad7 --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-zscaler-5020699007-senior-governance-risk-and-compliance-specialist.md @@ -0,0 +1,122 @@ +--- +title: "Senior Governance, Risk & Compliance Specialist" +company: "Zscaler" +slug: "greenhouse-zscaler-5020699007-senior-governance-risk-and-compliance-specialist" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/zscaler/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/zscaler/jobs/5020699007" +apply_url: "https://job-boards.greenhouse.io/zscaler/jobs/5020699007" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "Remote - USA" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Cloud Security" +frameworks: + - "FedRAMP" +languages: + - "Rust" +compensation: "" +summary: "About Zscaler Zscaler accelerates digital transformation to ensure our customers can be more agile, efficient, resilient, and secure. As an AI-forward enterprise , we are..." +--- + +

About Zscaler

+

Zscaler accelerates digital transformation to ensure our customers can be more agile, efficient, resilient, and secure. As an AI-forward enterprise, we are constantly pushing the envelope, leveraging the world’s largest security data lake to power our cloud-native Zero Trust Exchange platform. This innovation protects our customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location.

+

Here, impact in your role matters more than title and trust is built on results. We say, impact over activity. We seek innovators who actively use AI to amplify their impact and who thrive in an environment where we leverage intelligent systems to stay ahead of evolving threats. We believe in transparency and value constructive, honest debate—we’re focused on getting to the best ideas, faster. We build high-performing teams that can make an impact quickly and with high quality. To do this, we are building a culture of execution centered on customer obsession, collaboration, ownership, and accountability.

+

We value high-impact, high-accountability with a sense of urgency where you’re enabled to do your best work and embrace your potential. If you’re driven by purpose, thrive on solving complex challenges, and want to be part of the team that’s helping to secure the AI age, we invite you to bring your talents to Zscaler and help shape the future of cybersecurity.

Role

+

We are looking for a Senior Governance, Risk & Compliance Specialist to join our Technology Risk & Compliance team. This is a remote U.S. role with a preference for a hybrid schedule near San Jose, CA, reporting to the Director Technology Risk and Compliance. You will support the implementation, maintenance, and enhancement of integrated GRC frameworks for FedRAMP and DoD authorizations. Your work will directly influence business strategy by ensuring compliance activities are integrated into broader business processes while supporting our mission as a global cloud security leader.

+

What you’ll do (Role Expectations)

+ +

Who You Are (Success Profile)

+ +

What We’re Looking for (Minimum Qualifications)

+ +

What Will Make You Stand Out (Preferred Qualifications)

+ +

#LI-hybrid #LI-BH1

+

 

Zscaler’s salary ranges are benchmarked and are determined by role and level. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations and could be higher or lower based on a multitude of factors, including job-related skills, experience, and relevant education or training.

+

The base salary range listed for this full-time position excludes commission/ bonus/ equity (if applicable) + benefits.

Base Pay Range
$119,000$170,000 USD

At Zscaler, we are committed to building a team that reflects the communities we serve and the customers we work with. We foster an inclusive environment that values all backgrounds and perspectives, emphasizing collaboration and belonging. Join us in our mission to make doing business seamless and secure.

+

Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including:

+
+
    +
  • Various health plans
    • +
  • Time off plans for vacation and sick time
    • +
  • Parental leave options
    • +
  • Retirement options
    • +
  • Education reimbursement
    • +
  • In-office perks, and more!
    • +
+

Learn more about Zscaler’s Future of Work strategy, hybrid working model, and benefits here.

+
+

By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines.

+

Zscaler is committed to providing equal employment opportunities to all individuals. We strive to create a workplace where employees are treated with respect and have the chance to succeed. All qualified applicants will be considered for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status, or any other characteristic protected by federal, state, or local laws. See more information by clicking on the Know Your Rights: Workplace Discrimination is Illegal link.

+

Pay Transparency

+

Zscaler complies with all applicable federal, state, and local pay transparency rules.

+

Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.

diff --git a/jobs/imported/greenhouse/greenhouse-zscaler-5043550007-senior-governance-risk-and-compliance-manager-nist-fair.md b/jobs/imported/greenhouse/greenhouse-zscaler-5043550007-senior-governance-risk-and-compliance-manager-nist-fair.md new file mode 100644 index 0000000..404ad6e --- /dev/null +++ b/jobs/imported/greenhouse/greenhouse-zscaler-5043550007-senior-governance-risk-and-compliance-manager-nist-fair.md @@ -0,0 +1,121 @@ +--- +title: "Senior Governance, Risk & Compliance Manager - NIST, FAIR" +company: "Zscaler" +slug: "greenhouse-zscaler-5043550007-senior-governance-risk-and-compliance-manager-nist-fair" +status: "published" +source: "Greenhouse" +sources: + - "Greenhouse" +source_url: "https://boards-api.greenhouse.io/v1/boards/zscaler/jobs?content=true" +role_url: "https://job-boards.greenhouse.io/zscaler/jobs/5043550007" +apply_url: "https://job-boards.greenhouse.io/zscaler/jobs/5043550007" +posted_date: "2026-03-31" +expires_date: "2026-04-30" +location: "San Jose, California, USA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "NIST RMF" +languages: + - "Rust" +compensation: "" +summary: "About Zscaler Zscaler accelerates digital transformation to ensure our customers can be more agile, efficient, resilient, and secure. As an AI-forward enterprise , we are..." +--- + +

About Zscaler

+

Zscaler accelerates digital transformation to ensure our customers can be more agile, efficient, resilient, and secure. As an AI-forward enterprise, we are constantly pushing the envelope, leveraging the world’s largest security data lake to power our cloud-native Zero Trust Exchange platform. This innovation protects our customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location.

+

Here, impact in your role matters more than title and trust is built on results. We say, impact over activity. We seek innovators who actively use AI to amplify their impact and who thrive in an environment where we leverage intelligent systems to stay ahead of evolving threats. We believe in transparency and value constructive, honest debate—we’re focused on getting to the best ideas, faster. We build high-performing teams that can make an impact quickly and with high quality. To do this, we are building a culture of execution centered on customer obsession, collaboration, ownership, and accountability.

+

We value high-impact, high-accountability with a sense of urgency where you’re enabled to do your best work and embrace your potential. If you’re driven by purpose, thrive on solving complex challenges, and want to be part of the team that’s helping to secure the AI age, we invite you to bring your talents to Zscaler and help shape the future of cybersecurity.

Role

+

We are looking for a Cybersecurity Risk Management Principal to join our team. This is a hybrid role, going in to the San Jose, CA office 3 days a week.  You'll be reporting to the Sr. Director, Enterprise Risk Management within the Security GRC department. You will serve as a technical leader and subject matter expert, conducting sophisticated risk assessments and maintaining the strategic risk register to protect our global infrastructure. You'll bridge the gap between deep technical adversary tactics and high-level business impact to drive remediation across the enterprise.

+

What you’ll do (Role Expectations)

+ +

Who You Are (Success Profile)

+ +

What We’re Looking for (Minimum Qualifications)

+ +

What Will Make You Stand Out (Preferred Qualifications)

+ +

#LI-BH1 #LI-Hybrid

Zscaler’s salary ranges are benchmarked and are determined by role and level. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations and could be higher or lower based on a multitude of factors, including job-related skills, experience, and relevant education or training.

+

The base salary range listed for this full-time position excludes commission/ bonus/ equity (if applicable) + benefits.

Base Pay Range
$164,500$235,000 USD

At Zscaler, we are committed to building a team that reflects the communities we serve and the customers we work with. We foster an inclusive environment that values all backgrounds and perspectives, emphasizing collaboration and belonging. Join us in our mission to make doing business seamless and secure.

+

Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including:

+
+
    +
  • Various health plans
    • +
  • Time off plans for vacation and sick time
    • +
  • Parental leave options
    • +
  • Retirement options
    • +
  • Education reimbursement
    • +
  • In-office perks, and more!
    • +
+

Learn more about Zscaler’s Future of Work strategy, hybrid working model, and benefits here.

+
+

By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines.

+

Zscaler is committed to providing equal employment opportunities to all individuals. We strive to create a workplace where employees are treated with respect and have the chance to succeed. All qualified applicants will be considered for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status, or any other characteristic protected by federal, state, or local laws. See more information by clicking on the Know Your Rights: Workplace Discrimination is Illegal link.

+

Pay Transparency

+

Zscaler complies with all applicable federal, state, and local pay transparency rules.

+

Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.

diff --git a/jobs/imported/lever/lever-aqueduct-tech-b3141f17-4635-43fb-8a91-fd5e3f455b0c-grc-analyst.md b/jobs/imported/lever/lever-aqueduct-tech-b3141f17-4635-43fb-8a91-fd5e3f455b0c-grc-analyst.md new file mode 100644 index 0000000..c1df2f5 --- /dev/null +++ b/jobs/imported/lever/lever-aqueduct-tech-b3141f17-4635-43fb-8a91-fd5e3f455b0c-grc-analyst.md @@ -0,0 +1,152 @@ +--- +title: "GRC Analyst" +company: "Aqueduct Tech" +slug: "lever-aqueduct-tech-b3141f17-4635-43fb-8a91-fd5e3f455b0c-grc-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/aqueduct-tech" +role_url: "https://jobs.lever.co/aqueduct-tech/b3141f17-4635-43fb-8a91-fd5e3f455b0c" +apply_url: "https://jobs.lever.co/aqueduct-tech/b3141f17-4635-43fb-8a91-fd5e3f455b0c/apply" +posted_date: "2026-02-16" +expires_date: "2026-03-18" +location: "Hybrid, Canton MA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST CSF" + - "PCI-DSS" + - "HIPAA" +languages: + - "Rust" +compensation: "" +summary: "Aqueduct Technologies is seeking a GRC Analyst to join our Governance, Risk, and Compliance (GRC) team. Reporting directly to the Director of GRC, this role plays a pivotal part..." +--- + +Aqueduct Technologies is seeking a GRC Analyst to join our Governance, Risk, and Compliance (GRC) team. Reporting directly to the Director of GRC, this role plays a pivotal part in designing, executing, and maturing our clients’ security and compliance programs. + +This is an analyst to mid level position designed for a GRC professional who is ready to take ownership of key workstreams while continuing to develop under senior leadership guidance. You will work directly with clients in a consulting environment, contributing to meaningful security improvements across diverse industries. + +As part of our growing GRC practice, you will: + +- Support and progressively lead client compliance engagements + +- Contribute to the development of Aqueduct’s GRC service offerings + +- Assist with internal compliance initiatives and audit readiness activities + +### Core Responsibilities: + +- Compliance Readiness and Assessments: + +- Support and conduct readiness assessments aligned to frameworks such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, and CMMC + +- Identify control gaps and provide practical, risk based remediation recommendations + +- Assist clients in preparing for external audits and certification efforts + +Risk Assessments: + +- Perform organizational risk assessments and document risk findings + +- Evaluate control effectiveness and recommend mitigation strategies aligned with business objectives + +- Maintain risk registers and support risk reporting processes + +Third Party Risk Management: + +- Conduct vendor risk assessments and due diligence reviews + +- Support the development and maintenance of third party risk programs + +- Assist with ongoing monitoring activities and documentation + +Client Reporting and Communication: + +- Prepare clear, structured reports summarizing findings, risks, and recommended actions + +- Present results to client stakeholders with guidance from senior team members + +- Translate technical findings into business relevant insights + +Collaboration and Internal Support: + +- Work closely with security operations, engineering, and account teams to align GRC initiatives + +- Support internal compliance initiatives including SOC 2 readiness and audit activities + +- Contribute to documentation development, templates, and process improvement efforts + +Professional Development: + +- Stay current on evolving cybersecurity risks, regulatory requirements, and industry standards + +- Expand expertise across multiple frameworks and advisory domains + +### Required Skills & Qualifications: + +- Core Competencies: + +- Strong written and verbal communication skills + +- Analytical thinking and attention to detail + +- Ability to manage multiple client workstreams in a consulting environment + +- Professional presence in client facing situations + +Technical and Compliance Experience: + +- Experience supporting or conducting assessments across one or more major frameworks such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, or CMMC + +- Working knowledge of risk assessment methodologies + +- Familiarity with third party risk management concepts and processes + +- Foundational understanding of Zero Trust principles and modern security architecture concepts + +Professional Background: + +- 3 or more years of experience in information security with exposure to GRC functions + +- Experience in consulting, advisory, or managed services environments preferred + +- Experience with GRC platforms such as ServiceNow GRC, Archer, Drata, Vanta, or similar tools is a plus + +Certifications: + +- One or more of the following certifications is preferred but not required: + +- CISA + +- CISM + +- CRISC + +- CISSP + +- CCSP + +Work Model: + +- Ability to work in a hybrid model in the Canton, MA area + +- Willingness to travel locally for client engagements as needed + +### Growth Opportunity + +- This role offers a clear path toward Senior GRC Consultant responsibilities. Analysts who demonstrate strong client delivery, technical depth, and engagement ownership will have opportunities to lead larger assessments, mentor junior team members, and expand into broader advisory engagements. + +Aqueduct Technologies is committed to developing a diverse and talented team. We celebrate and support diversity and are committed to making an inclusive environment for all employees and applicants including women, minorities, individuals with disabilities, members of the LGBTQIA community, veterans, and any other legally protected group. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant on the basis of any status protected by federal, state, or local laws. + +Aqueduct Technologies is one of the largest IT solutions providers in the US, recognized for our relentless pursuit of customer satisfaction, our corporate culture, technology leadership, and our commitment to the local community. We pride ourselves on our world-class engineering, the investments we make in our employees and our systems, and on our loyal base of customers and manufacturers. Recognized as one of the fastest-growing, private companies in Massachusetts—and awarded the Best Place to Work in Boston for six, consecutive years—there is no better time to join Aqueduct than now! diff --git a/jobs/imported/lever/lever-binance-8daa3226-5f4f-4dc3-b4a4-c9f662085915-compliance-analyst.md b/jobs/imported/lever/lever-binance-8daa3226-5f4f-4dc3-b4a4-c9f662085915-compliance-analyst.md new file mode 100644 index 0000000..7f418f1 --- /dev/null +++ b/jobs/imported/lever/lever-binance-8daa3226-5f4f-4dc3-b4a4-c9f662085915-compliance-analyst.md @@ -0,0 +1,87 @@ +--- +title: "Compliance Analyst" +company: "Binance" +slug: "lever-binance-8daa3226-5f4f-4dc3-b4a4-c9f662085915-compliance-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/binance" +role_url: "https://jobs.lever.co/binance/8daa3226-5f4f-4dc3-b4a4-c9f662085915" +apply_url: "https://jobs.lever.co/binance/8daa3226-5f4f-4dc3-b4a4-c9f662085915/apply" +posted_date: "2026-01-21" +expires_date: "2026-02-20" +location: "Kazakhstan, Almaty" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: [] +languages: + - "Rust" +compensation: "" +summary: "Binance is a leading global blockchain ecosystem behind the world’s largest cryptocurrency exchange by trading volume and registered users. We are trusted by 300+ million people..." +--- + +Binance is a leading global blockchain ecosystem behind the world’s largest cryptocurrency exchange by trading volume and registered users. We are trusted by 300+ million people in 100+ countries for our industry-leading security, user fund transparency, trading engine speed, deep liquidity, and an unmatched portfolio of digital-asset products. Binance offerings range from trading and finance to education, research, payments, institutional services, Web3 features, and more. We leverage the power of digital assets and blockchain to build an inclusive financial ecosystem to advance the freedom of money and improve financial access for people around the world. + +Binance is a leading global blockchain ecosystem behind the world’s largest cryptocurrency exchange by trading volume and registered users. We are trusted by 300+ million people in 100+ countries for our industry-leading security, user fund transparency, trading engine speed, deep liquidity, and an unmatched portfolio of digital-asset products. Binance offerings range from trading and finance to education, research, payments, institutional services, Web3 features, and more. We leverage the power of digital assets and blockchain to build an inclusive financial ecosystem to advance the freedom of money and improve financial access for people around the world. + +### Responsibilities + +- Work with the CO and MLRO on internal compliance policy review, including ongoing assessments, assisting with compliance review, internal audit reviews and ongoing or ad hoc reviews; + +- Tracking new product/service launch compliance items; + +- Handle, review and verify all applications for client on-boarding within available SLAs; + +- Proficiency in compliance applications and programs such as Thomson Reuters, Worldcheck, KYC vendors, Chainalysis, etc.; + +- Work closely with checker to ensure an effective 2 eye, 4 eye customer due diligence process; + +- Good knowledge on provisions of local and AIFC laws, guidance, regulations and otherwise standards applicable to subject persons and knowledge of upcoming regulation of virtual currency policies is a strong plus; + +- Good proficiency in conducting risk assessments, periodic/trigger reviews and enhanced due diligence; + +- Monitoring and documentation of unusual activity or AML flags; + +- Participate in internal and external training programs related to AML/CFT and other subjects that may form part of the day to day work requirements; + +- Any general administration and ancillary activities as may be required and related to the above functions in accordance with the business requirements of the Company. + +### Requirements + +- At least 3-5 years’ directly related experience in a legal or compliance role with a substantial knowledge of relevant rules and regulations and the day-to-day compliance affairs; + +- Fluent in Kazakh, Russian and English; + +- An undergraduate degree is required and a law degree is a plus; + +- Demonstrated ability to write effectively; + +- Superior organizational skills; + +- Strong communication skills. + +Why Binance + +• Shape the future with the world’s leading blockchain ecosystem + +• Collaborate with world-class talent in a user-centric global organization with a flat structure + +• Tackle unique, fast-paced projects with autonomy in an innovative environment + +• Thrive in a results-driven workplace with opportunities for career growth and continuous learning + +• Competitive salary and company benefits + +• Work-from-home arrangement (the arrangement may vary depending on the work nature of the business team) + +Binance is committed to being an equal opportunity employer. We believe that having a diverse workforce is fundamental to our success. + +By submitting a job application, you confirm that you have read and agree to our Candidate Privacy Notice (https://www.binance.com/en/candidate/privacy/notice) . diff --git a/jobs/imported/lever/lever-capital-03d1e146-79ad-4719-922e-c4f911be6903-it-compliance-specialist-ii.md b/jobs/imported/lever/lever-capital-03d1e146-79ad-4719-922e-c4f911be6903-it-compliance-specialist-ii.md new file mode 100644 index 0000000..88d6ae4 --- /dev/null +++ b/jobs/imported/lever/lever-capital-03d1e146-79ad-4719-922e-c4f911be6903-it-compliance-specialist-ii.md @@ -0,0 +1,113 @@ +--- +title: "IT Compliance Specialist II" +company: "Capital" +slug: "lever-capital-03d1e146-79ad-4719-922e-c4f911be6903-it-compliance-specialist-ii" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/capital" +role_url: "https://jobs.lever.co/capital/03d1e146-79ad-4719-922e-c4f911be6903" +apply_url: "https://jobs.lever.co/capital/03d1e146-79ad-4719-922e-c4f911be6903/apply" +posted_date: "2026-02-03" +expires_date: "2026-03-05" +location: "Warsaw, Mazowieckie, Poland" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" +languages: + - "Go" +compensation: "" +summary: "We are a leading trading platform that is ambitiously expanding to the four corners of the globe. Our top-rated products have won prestigious industry awards for their..." +--- + +We are a leading trading platform that is ambitiously expanding to the four corners of the globe. Our top-rated products have won prestigious industry awards for their cutting-edge technology and seamless client experience. We deliver only the best, so we are always in search of the best people to join our ever-growing talented team. + +As part of our ongoing global expansion, we are seeking an IT Compliance Specialist to join our team. This is a newly created position with a global scope, offering the opportunity to shape and influence our compliance framework worldwide. + +We are a leading trading platform that is ambitiously expanding to the four corners of the globe. Our top-rated products have won prestigious industry awards for their cutting-edge technology and seamless client experience. We deliver only the best, so we are always in search of the best people to join our ever-growing talented team. + +### Responsibilities: + +- Participate in interactions with external auditors and regulators, collaborating with internal teams to collect and provide necessary evidence for audits and regulatory requests. + +- Assist in regular reviews of the Company’s procedures, practices, and documentation to identify potential weaknesses or risks. + +- Support the execution of action plans to address IT audit findings and IT compliance violations, ensuring alignment with regulatory requirements and industry best practices. + +- Conduct gap assessments to evaluate IT compliance with new regulatory requirements and identify areas for improvement. + +- Maintain accurate records and documentation related to IT compliance activities, including evidence collected for audits and regulatory submissions. + +- Contribute to the maintenance and continuous improvement of the IT compliance management program. + +### Requirements: + +- Business level proficiency in English or above (equivalent to B2 or above in CEFR). + +- Minimum of 3 years of experience in IT compliance / IT audit. + +- Solid understanding of risk management principles and a risk-based approach. + +- Ability to work with a high degree of independence in assigned tasks and duties. + +- Excellent interpersonal and communication skills for effective collaboration across teams. + +- Analytical mindset with strong attention to detail. + +### Nice to have: + +- Knowledge of ISO 27001, NIST, SOC2 standards. + +- Previous experience in FinTech or other highly regulated industries. + +- Experience in process optimisation and / or policy development. + +### What you will get in return: + +- Competitive Salary: We believe great work deserves great pay! Your skills and talents will be rewarded with a salary that makes you feel valued and motivated. + +- Work-Life Harmony: Join a company that genuinely cares about you —because your life outside of work matters just as much as your time on the clock. + +- Annual Performance Bonus: Your hard work doesn’t go unnoticed! Celebrate your achievements with a well-deserved annual bonus tied to your performance. + +- Generous Time Off: Need a breather? Our annual leave policy lets you recharge and enjoy life outside of work without a worry. + +- Employee Referral Program: Love working here? Share the love! Bring your talented friends on board and get rewarded for growing our awesome team. + +- Comprehensive Health & Pension Benefits: From medical insurance to pension plans, we’ve got your back. Plus, location-specific benefits and perks! + +- Workation Wonderland: Live your digital nomad dreams with 30 extra days to work remotely from anywhere in the world (some restrictions apply). Adventure awaits! + +- Volunteer Days: Make a difference! Take two additional paid days each year to support causes you care about and give back to the community. + +Be a key player at the forefront of the digital assets movement, propelling your career to new heights! Join a dynamic and rapidly expanding company that values and rewards talent, initiative, and creativity. Work alongside one of the most brilliant teams in the industry. + +What you will get in return: + +• Competitive Salary: We believe great work deserves great pay! Your skills and talents will be rewarded with a salary that makes you feel valued and motivated. + +• Work-Life Harmony: Join a company that genuinely cares about you - because your life outside of work matters just as much as your time on the clock. #LI-Hybrid + +• Generous Time Off: Need a breather? Our annual leave policy lets you recharge and enjoy life outside of work without a worry. + +• Employee Referral Program: Love working here? Share the love! Bring your talented friends on board and get rewarded for growing our awesome team. + +• Comprehensive Health & Pension Benefits: From medical insurance to pension plans, we’ve got your back. Plus, location-specific benefits and perks! + +• Workation Wonderland: Live your digital nomad dreams with 30 extra days to work remotely from anywhere in the world (some restrictions apply). Adventure awaits! + +• Volunteer Days: Make a difference! Take two additional paid days each year to support causes you care about and give back to the community. + +Be a key player at the forefront of the digital assets movement, propelling your career to new heights! Join a dynamic and rapidly expanding company that values and rewards talent, initiative, and creativity. Work alongside one of the most brilliant teams in the industry. + +Applicable for Poland: Our company has an Internal Reporting Procedure. It is available from the Human Resources Department upon request hr@capital.com (http://hr@capital.com) . You may report a violation referred to in the Procedure under the terms specified therein. diff --git a/jobs/imported/lever/lever-clearcapital-8da269fe-a1fe-4e14-a3ec-5b6cc21e2473-information-security-grc-manager.md b/jobs/imported/lever/lever-clearcapital-8da269fe-a1fe-4e14-a3ec-5b6cc21e2473-information-security-grc-manager.md new file mode 100644 index 0000000..74e60e1 --- /dev/null +++ b/jobs/imported/lever/lever-clearcapital-8da269fe-a1fe-4e14-a3ec-5b6cc21e2473-information-security-grc-manager.md @@ -0,0 +1,91 @@ +--- +title: "Information Security GRC Manager" +company: "Clearcapital" +slug: "lever-clearcapital-8da269fe-a1fe-4e14-a3ec-5b6cc21e2473-information-security-grc-manager" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/clearcapital" +role_url: "https://jobs.lever.co/clearcapital/8da269fe-a1fe-4e14-a3ec-5b6cc21e2473" +apply_url: "https://jobs.lever.co/clearcapital/8da269fe-a1fe-4e14-a3ec-5b6cc21e2473/apply" +posted_date: "2026-02-26" +expires_date: "2026-03-28" +location: "Reno, NV" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "GDPR" +languages: + - "Go" +compensation: "$150,000 - $200,000" +summary: "The Information Security Governance, Risk, and Compliance (GRC) Manager provides tactical leadership and operational oversight for key components of the company’s enterprise GRC..." +--- + +The Information Security Governance, Risk, and Compliance (GRC) Manager provides tactical leadership and operational oversight for key components of the company’s enterprise GRC program. This role is responsible for the day-to-day management of GRC analysts, driving compliance initiatives, managing the integrated risk assessment lifecycle, and ensuring control effectiveness. The Manager will serve as a key point of contact for internal business units and external auditors, directly supporting the strategic directives set by program leadership. The position requires a proven ability to lead teams, implement policy, and translate complex security and compliance requirements into clear business actions. + +### What You Will Work On + +- Manage and mentor a team of GRC Security Analysts, providing clear direction and facilitating continuous professional development. +- Oversee and execute the security risk assessment process, including identifying, analyzing, and documenting emerging and ongoing risks across the organization and its third parties. +- Lead efforts to document, enforce, and communicate security policies and control frameworks that are aligned with key regulations and standards (e.g., NIST, ISO, GDPR, GLBA). +- Develop, implement, and maintain security policies and controls specifically for the safe and ethical deployment and use of artificial intelligence (AI) systems. +- Act as the primary operational liaison for internal and external audits, coordinating the collection of evidence, tracking the resolution of findings, and ensuring sustained audit readiness. +- Provide direct support to the third-party risk management program, ensuring rigorous security review of vendors and business partners to mitigate external risk. +- Facilitate IT compliance activities, focusing on the operational effectiveness of technical and general IT controls. +- Collaborate with business units and technical teams to ensure adequate security controls are available and implemented during the onboarding of new solutions and systems. +- Define and track qualitative and quantitative metrics to measure the success and maturity of the security program, reporting regularly to program leadership. +- Support incident response and disaster recovery efforts, ensuring GRC documentation and controls are properly applied to corporate resiliency programs. +- Ensure the protection of critical data is maintained through established data classification, data loss prevention (DLP), and records retention requirements. +- Manage information security training requirements for the organization, to include identifying role-based security training for all organizational roles in accordance with the roles capacity to introduce risk in the performance of their duties. + +### Who We Are Looking For + +- 7+ years of experience in cybersecurity, with a focus on governance, compliance, risk management, or audit. +- 3+ years of demonstrated experience managing or leading a distributed or hybrid team. +- Expert-level understanding of major regulatory frameworks and standards, including but not limited to NIST, ISO, GDPR, and GLBA. +- Proven ability to manage GRC-related projects and work with cross-functional stakeholders to deliver outcomes on time and within scope. +- Strong technical acumen in cloud computing security (AWS, GCP, or Azure), DevOps, and application security. +- Exceptional written and verbal communication skills, with the ability to articulate security risk and compliance requirements to technical staff and business leadership. +- Prior experience in defining metrics, preparing management reports, and implementing process improvements using GRC tools. +- Demonstrated experience in conducting tabletop exercises for business continuity is preferable. + +Education Requirements + +- Bachelor’s degree in computer science, information assurance, MIS, or a related technical field, or equivalent practical experience. + +Certification Requirements + +- Holds or is actively working toward one or more of the following: CISSP, CISM, CISA, CRISC, or CGRC. + +### What You Can Expect + +- Compensation: The base salary for this position ranges from $150,000 to $200,000 annually, depending on your location, experience, and qualifications. Additional compensation offerings include company profit-sharing bonus program, communication stipends, and referral bonuses. +- Inclusive benefits package offering: +- Comprehensive medical, dental, and company paid vision insurance, 401(k) retirement plan with employer match, voluntary life and AD&D insurance options, voluntary supplemental insurances for accident, critical illness, and legal services, paid time off (PTO) and paid holidays, employee assistance and wellness programs, company paid short term disability coverage, company contributions to health saving funds (with participation in the high deductible health plan. We offer company paid access to Galileo for virtual primary care and Rula for virtual mental health resources. +- Through our Anniversary Program, we celebrate the meaningful milestones and long tenure that reflect how much we value your contributions and commitment to our team. +- Career and skill development resources to help advance your career and personal growth. +- A mission-driven environment where your work makes a measurable impact on the real estate industry. + +### What We Value + +- Wherever it Leads, Whatever it Takes® - No matter how remote, complex, or unexpected. Our commitment never wavers. +- Hire NICE people - Skills can be taught but character shines through. We seek those who bring integrity, kindness, and grit. +- Lift others up - We lead with empathy and strive to improve the lives of those around us. +- Sweat the details - Excellence lives in the little things. Getting it just so is how we make a big impact. +- Raise the bar - We don’t settle for industry standards, we redefine them. + +About Us + +Our story began in the mountain town of Truckee, California more than 20 years ago, when we pioneered simple, web-based valuation technology solutions for an industry that relied on paper. Today, we’ve grown one of the highest-coverage networks of real professionals in the county. As we continue our journey to modernize valuation we’ll hold on to our promise from day one: to go wherever it leads and do whatever it takes to serve our customer with remarkable technology and uncompromising service. + +Clear Capital is an equal-opportunity employer. + +To all recruitment agencies: Clear Capital does not accept agency resumes. Please do not forward resumes to our jobs alias, Clear Capital employees, or any other company location. Clear Capital is not responsible for any fees related to unsolicited resumes. diff --git a/jobs/imported/lever/lever-coalfire-5a90c713-98ee-4026-a923-990f1d89c8a2-director-fedramp-assessment.md b/jobs/imported/lever/lever-coalfire-5a90c713-98ee-4026-a923-990f1d89c8a2-director-fedramp-assessment.md new file mode 100644 index 0000000..6d225e5 --- /dev/null +++ b/jobs/imported/lever/lever-coalfire-5a90c713-98ee-4026-a923-990f1d89c8a2-director-fedramp-assessment.md @@ -0,0 +1,114 @@ +--- +title: "Director, FedRAMP Assessment" +company: "Coalfire" +slug: "lever-coalfire-5a90c713-98ee-4026-a923-990f1d89c8a2-director-fedramp-assessment" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/coalfire" +role_url: "https://jobs.lever.co/coalfire/5a90c713-98ee-4026-a923-990f1d89c8a2" +apply_url: "https://jobs.lever.co/coalfire/5a90c713-98ee-4026-a923-990f1d89c8a2/apply" +posted_date: "2026-03-20" +expires_date: "2026-04-19" +location: "United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Audit & Assurance" + - "Cloud Security" + - "Identity & Access Management" +frameworks: + - "FedRAMP" + - "CMMC" +languages: [] +compensation: "$114,000 - $198,000" +summary: "About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to..." +--- + +About Coalfire + +Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world. + +But that’s not who we are – that’s just what we do. + +We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. + +About Coalfire + +Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world. + +But that’s not who we are – that’s just what we do. + +We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. + +### What You'll Do + +- Manages a team of 6-10 individuals, including consultants and managers. Responsible for career development, performance management, and hiring decisions. + +- Develop team expertise in assessment skills, technical acumen, and consulting skills. + +- Key member of the account management team, for one or several key client accounts. Jointly responsible, along with the Account Director and sales representatives, for revenue growth as the service delivery expert. + +- Supports the sales process with inputs to scoping, contract language, and subject expertise. + +- Establish strong relationships with account stakeholders. + +- Accountable for project success metrics like staff utilization and delivery excellence. Monitors and drives progress for multiple projects across the team's book of business. + +- Through continuous professional development, maintains personal credibility as a FedRAMP expert, and becomes an expert on the client's business and product as it relates to security and compliance. + +### What You'll Bring + +- 8-10 years of compliance experience as an assessment, advisory, or industry professional including: +- 5 years of experience with FedRAMP, DoD Cloud SRG, or CMMC + +- 2 years of assessment specific experience + +- 2-5 years of management experience in professional services + +- Bachelor's Degree, or equivalent job experience + +- Certified Information System Security Professional (CISSP) + +Will be required to hold and strongly preferred to have already obtained a second A2LA R311 required certification: + +- +- Product specific cloud certifications (such as AWS, Google, Microsoft, IBM) + +- CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CE) + +- GIAC Certified Enterprise Defender (GCED) + +- GIAC Certified Incident Handler (GCIH) + +- GIAC Security Leadership (GSLC) + +- Certified Information Systems Auditor (CISA) + +- Certified Information Security Manager (CISM) + +- Certified Cloud Security Professional (CCSP) + +- CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP) + +- CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP) + +- CISSP-Information Systems Security Management Professional (CISSP-ISSMP) + +- CyberSec First Responder (CFR) + +- Certified Chief Information Security Officer (CCISO) + +- Baltimore Cyber Range (BCR) Cyber Technical Proficiency Testing Activity + +Why You’ll Want to Join Us + +At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. + +Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options. + +At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at HumanResourcesMB@coalfire.com (mailto:HumanResourcesMB@coalfire.com) . diff --git a/jobs/imported/lever/lever-coalfire-a70241bc-d26a-4c1c-b5b3-ed82e81ce158-principal-fedramp-advisory.md b/jobs/imported/lever/lever-coalfire-a70241bc-d26a-4c1c-b5b3-ed82e81ce158-principal-fedramp-advisory.md new file mode 100644 index 0000000..daee5e4 --- /dev/null +++ b/jobs/imported/lever/lever-coalfire-a70241bc-d26a-4c1c-b5b3-ed82e81ce158-principal-fedramp-advisory.md @@ -0,0 +1,154 @@ +--- +title: "Principal, FedRAMP Advisory" +company: "Coalfire" +slug: "lever-coalfire-a70241bc-d26a-4c1c-b5b3-ed82e81ce158-principal-fedramp-advisory" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/coalfire" +role_url: "https://jobs.lever.co/coalfire/a70241bc-d26a-4c1c-b5b3-ed82e81ce158" +apply_url: "https://jobs.lever.co/coalfire/a70241bc-d26a-4c1c-b5b3-ed82e81ce158/apply" +posted_date: "2026-01-14" +expires_date: "2026-02-13" +location: "United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "CMMC" +languages: [] +compensation: "$104,000 - $179,600" +summary: "Position Summary The Principal Consultant (SME) is considered a Public Sector compliance (NIST, FedRAMP, CMMC, FISMA, DoD SRG, GovRAMP, etc.) subject matter expert (SME), with..." +--- + +Position Summary + +The Principal Consultant (SME) is considered a Public Sector compliance (NIST, FedRAMP, CMMC, FISMA, DoD SRG, GovRAMP, etc.) subject matter expert (SME), with strong expertise in a focal technical area e.g., evaluating/assessing the security and compliance of client firms/services against regulatory, industry requirements and standards, or against security best practice frameworks, etc. but has subject matter knowledge and/or experience in the other areas that affect the practice. + +The Principal Consultant (SME) is expected to leverage their technical and business experience across four (4) domains, including: + +Evaluate and enhance the security of complex systems that may impact both risk and compliance for organizations, large and small. + +Mentor and develop team members to help grow the team and its capabilities. + +Perform research on topics and/or areas affecting client engagements or regulatory requirements to bring clarity to that area which may involve engaging the regulatory bodies to get the clarification. Communicate the information gathered to the entire practice through various mediums such as information repositories, meetings, trainings, etc. Update repositories that have outdated information with updated information. + +Engage outwardly into the community through blog posts, technical white papers, forum participation and conference speaking engagements. Engage inwardly to support business and practice growth by developing Sales/Marketing collateral, delivery methodologies and SOPs, train/mentor colleagues as necessary and serve as the SME for all topics related to your technical or compliance area of expertise. + +About Coalfire + +Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world. + +But that’s not who we are – that’s just what we do. + +We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. + +### What You'll Do + +- Work with industry and standards bodies to provide information security technical and non-technical expertise. + +- Work with other teams within Coalfire to drive customer success. + +- Scope and lead on-site engagements with clients. This includes leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements. + +- Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs. + +- Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc. + +- Manage delivery engagements by providing project status updates to applicable stakeholders, identifying showstoppers and roadblocks to project success, etc. + +- Collaborate with Coalfire engineering, support, and business teams to convey partner and customer feedback. + +- Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue. + +- Provide Delivery Team Support, including identifying process improvements, training delivery personnel on methodologies/tools and quality topics, and mentoring delivery personnel. + +- Development of industry-wide service line thought leadership through: + +- Authoring methodologies, templates, white papers, work instructions, guidelines, forms, tools + +- Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars + +- Support management of client satisfaction at all phases of the client relationship. + +- Ensure continuous professional development by maintaining industry specific certifications. + +- Maintain strong depth of knowledge in the practice area. + +- Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables. + +- Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales. + +- Travel 20% + +### What You'll Bring + +- Bachelor’s degree in computer science, Information Systems Management, Information Security, Business, or equivalent experience required. + +- CISSP or CISM or CISA or CCSP or equivalent + +- 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role. + +- Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges, and solutions. + +- Knowledge of strategy, privacy and risk standards/frameworks and professional practices (e.g., NIST, ISO, CIS Top 20, ISSA, CSA CMM, Privacy by Design and FAIR, etc.). + +- Knowledge of the typical enterprise risk and security operational practices. + +- Knowledge of information security related solutions, tools, and utilities. + +- Experience in strategy development, setting direction for team members, influencing both internally and externally. + +- Experience building common compliance frameworks as well as mapping between different compliance requirements. + +- Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc. + +- Hands-on technical expertise is nice to have due to the technical components of the frameworks that are worked with. + +- Experience with risk assessment methodologies and risk reporting for executive leadership. + +- Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience. + +7+ years of experience working with one, more, or a combination of the following: + +- National Institute of Standards and Technology (NIST) frameworks (800 series) + +- CMMC + +- FedRAMP + +- DoD CC SRG and/or RMF + +- FISMA + +- GovRAMP (StateRAMP) + +### Bonus Points + +- Big Four Advisory/Consulting Experience + +- DevSec Ops Experience + +- CMMC CCP or CCA certification + +- AWS, Azure, Google Cloud Platform certification(s). + +- OpenFair or related certification, CCBP + +- Vendor certifications for applicable product solution sets + +Why You’ll Want to Join Us + +At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. + +Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options. + +At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at HumanResourcesMB@coalfire.com (mailto:HumanResourcesMB@coalfire.com) . diff --git a/jobs/imported/lever/lever-cwsc-d4ed1daa-0cf7-4918-9d15-1e7b0f483aa7-intermediate-cyber-risk-assessment-analyst.md b/jobs/imported/lever/lever-cwsc-d4ed1daa-0cf7-4918-9d15-1e7b0f483aa7-intermediate-cyber-risk-assessment-analyst.md new file mode 100644 index 0000000..39111b1 --- /dev/null +++ b/jobs/imported/lever/lever-cwsc-d4ed1daa-0cf7-4918-9d15-1e7b0f483aa7-intermediate-cyber-risk-assessment-analyst.md @@ -0,0 +1,74 @@ +--- +title: "Intermediate Cyber Risk Assessment Analyst" +company: "Cwsc" +slug: "lever-cwsc-d4ed1daa-0cf7-4918-9d15-1e7b0f483aa7-intermediate-cyber-risk-assessment-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/cwsc" +role_url: "https://jobs.lever.co/cwsc/d4ed1daa-0cf7-4918-9d15-1e7b0f483aa7" +apply_url: "https://jobs.lever.co/cwsc/d4ed1daa-0cf7-4918-9d15-1e7b0f483aa7/apply" +posted_date: "2025-11-21" +expires_date: "2025-12-21" +location: "Fort Meade, MD" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: [] +languages: [] +compensation: "$80,000 - $95,000" +summary: "Job Description The Cyber Risk Assessment Analyst – Intermediate provides technical and analytical support to the DISA Infrastructure Executive by performing cybersecurity..." +--- + +Job Description + +The Cyber Risk Assessment Analyst – Intermediate provides technical and analytical support to the DISA Infrastructure Executive by performing cybersecurity standardization and risk management tasks. This position ensures cybersecurity baselines are developed and maintained across IE1 and IE6, and contributes to risk analysis, accreditation, and reporting functions in support of CCRIs, SAVs, and other inspections. + +Job Description + +The Cyber Risk Assessment Analyst – Intermediate provides technical and analytical support to the DISA Infrastructure Executive by performing cybersecurity standardization and risk management tasks. This position ensures cybersecurity baselines are developed and maintained across IE1 and IE6, and contributes to risk analysis, accreditation, and reporting functions in support of CCRIs, SAVs, and other inspections. + +### Key Tasks & Responsibilities + +- Assist in drafting/maintaining cybersecurity baseline documents including CSSP, CONOPS, PPP, SOPs, and IRPs. +- Evaluate newly released IAVMs, STIGs, and SRGs for applicability and support preparation of waiver requests when fixes cannot be implemented within required timelines +- Support development of POA&Ms, ensure submission within 30 days, and update bi-monthly status reports +- Contribute to the preparation of accreditation packages, due 70–90 days prior to ATO expiration, and ensure all FISMA requirements are met +- Provide input to FISMA reports, CMRS Risk Status Reports, and ACAS scan results for reporting to the Government ISSM +- Participate in CCRI, SAV, A&A, and self-assessments, providing documentation/analysis in support of inspections + +### Education & Experience + +- Bachelor’s degree or equivalent experience required +- Command Cyber Readiness Inspection (CCRI) +- Site Assistance Visit (SAV)/ Assessment and Authorization (A&A) +- Cyber Self-Assessments +- Assist in the preparation of CVPA (Cooperative Vulnerability and Penetration Assessment) +- AA (Adversary Assessment) +- DISA Risk Management Executive (RME) +- Decision Support System (DSS) +- Auditing and reporting of systems, networks, documentation, RMF controls, DoD 8140.03 (http://8140.03) requirements, IAVMs, STIGs and DISA Task Order (DTO) and CYBERCOM Task Order (CTO) + +### Certifications + +- DoD 8570 IAT Level II / 8140 Compliance Required after fully in place +- CompTIA Security+ CE + +### Security Clearance + +- TS/SCI + +### Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.) + +- Onsite at Fort Meade, any remote work must be justified and approved before even considered. + +Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations. + +Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Human Resources at hr@cwsc.com (mailto:hr@cwsc.com) diff --git a/jobs/imported/lever/lever-cye-0ff5bb09-02da-43de-b0f1-0266c2dddedf-junior-cybersecurity-architect-grc-and-risk.md b/jobs/imported/lever/lever-cye-0ff5bb09-02da-43de-b0f1-0266c2dddedf-junior-cybersecurity-architect-grc-and-risk.md new file mode 100644 index 0000000..c9730ed --- /dev/null +++ b/jobs/imported/lever/lever-cye-0ff5bb09-02da-43de-b0f1-0266c2dddedf-junior-cybersecurity-architect-grc-and-risk.md @@ -0,0 +1,70 @@ +--- +title: "Junior Cybersecurity Architect (GRC & Risk)" +company: "CYE" +slug: "lever-cye-0ff5bb09-02da-43de-b0f1-0266c2dddedf-junior-cybersecurity-architect-grc-and-risk" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/CYE" +role_url: "https://jobs.lever.co/CYE/0ff5bb09-02da-43de-b0f1-0266c2dddedf" +apply_url: "https://jobs.lever.co/CYE/0ff5bb09-02da-43de-b0f1-0266c2dddedf/apply" +posted_date: "2026-02-12" +expires_date: "2026-03-14" +location: "Herzliya, Israel" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "ISO 27001" + - "NIST CSF" +languages: [] +compensation: "" +summary: "Cye is seeking a Junior Cybersecurity Architect (GRC & Risk) to support governance, risk analysis, and security process design. The role focuses on translating security findings..." +--- + +Cye is seeking a Junior Cybersecurity Architect (GRC & Risk) to support governance, risk analysis, and security process design. The role focuses on translating security findings into structured mitigation plans and improving methodologies and frameworks—without hands‑on technical configuration. + +You will work with CISOs, security leaders, engineering teams, and customers on due diligence, maturity assessments, and development of security processes and documentation. + +### Responsibilities + +- Conduct customer and third‑party security assessments and questionnaires. + +- Lead or support mitigation workshops and build actionable remediation plans. + +- Develop and refine methodologies, processes, and architectural guidelines. + +- Map technical findings to governance, risk, and control gaps. + +- Perform NIST CSF 2.0–aligned maturity assessments. + +- Produce clear reports and executive summaries. + +- Maintain internal documentation and ensure framework alignment. + +### Qualifications + +- 1–2 years in cybersecurity GRC, IT risk, compliance, audit/assurance, or related process‑oriented security roles. + +- Strong understanding of governance, risk management, and operational processes. + +- Familiarity with cybersecurity frameworks (NIST CSF, ISO 27001 concepts), risk assessment, mitigation planning, and third‑party risk management. + +- Basic conceptual understanding of cloud/SaaS shared responsibility models. + +- Ability to communicate technical issues in business‑aligned language. + +- Strong writing, communication, and facilitation skills. + +- Comfortable collaborating with internal stakeholders and external customers. + +About us + +Cye helps security and risk leaders gain a clear, defensible view of their cyber exposure, grounded in financial impact and real-world attack paths. By continuously quantifying exposure and validating it in context, organizations can establish a strong baseline, prioritize decisions with confidence, and track measurable reduction over time. diff --git a/jobs/imported/lever/lever-emburse-06481c7c-d2f6-4eaa-b233-5beb86f41600-lead-grc-analyst.md b/jobs/imported/lever/lever-emburse-06481c7c-d2f6-4eaa-b233-5beb86f41600-lead-grc-analyst.md new file mode 100644 index 0000000..d83b075 --- /dev/null +++ b/jobs/imported/lever/lever-emburse-06481c7c-d2f6-4eaa-b233-5beb86f41600-lead-grc-analyst.md @@ -0,0 +1,111 @@ +--- +title: "Lead GRC Analyst" +company: "Emburse" +slug: "lever-emburse-06481c7c-d2f6-4eaa-b233-5beb86f41600-lead-grc-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/emburse" +role_url: "https://jobs.lever.co/emburse/06481c7c-d2f6-4eaa-b233-5beb86f41600" +apply_url: "https://jobs.lever.co/emburse/06481c7c-d2f6-4eaa-b233-5beb86f41600/apply" +posted_date: "2026-02-27" +expires_date: "2026-03-29" +location: "Dallas, TX" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "ISO 42001" + - "PCI-DSS" + - "GDPR" +languages: + - "Rust" +compensation: "" +summary: "The security and privacy-focused Governance, Risk, and Compliance (GRC) Lead will lead the efforts for strengthening our security and privacy posture and ensuring adherence to..." +--- + +The security and privacy-focused Governance, Risk, and Compliance (GRC) Lead will lead the efforts for strengthening our security and privacy posture and ensuring adherence to critical regulatory and industry standards. This role will be responsible for building and managing a comprehensive security GRC framework that protects our organization from cyber risks, ensures compliance with security regulations, and enables business resilience. The ideal candidate has expertise in security governance, risk management, and compliance, with the ability to partner with both technical and business teams. + +Who We Are: + +At Emburse, you’ll not just imagine the future – you’ll build it. As a leader in travel and expense solutions, we are creating a future where technology drives business value and inspires extraordinary results. Our AI-powered platform helps organizations modernize financial operations, increase visibility, and optimize spend across the enterprise. + +### What will you do + +- Essential Functions +- Establish and maintain security policies, standards, and controls aligned with industry frameworks (NIST, ISO 27001, PCI, SOC 2). +- Develop a metrics and reporting framework to assess the effectiveness of the security and privacy programs. +- Organize information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings. +- Assist with compliance audits and projects (SOC 1, SOC 2, ISO 27001, ISO 27701, PCI-DSS, Tx-RAMP, and other projects). +- Manage privacy program to ensure that it is in compliance with legal and regulatory requirements (GDPR, PIPEDA, CCPA, CPRA) +- Execute Privacy Impact Assessments (PIAs) +- Support in the development and implementation of a continuous controls monitoring program for security compliance and automation of manual processes. +- Monitor regulatory and industry trends to ensure required changes in compliance policies, procedures, and testing are integrated in a timely manner. +- Assist with enterprise-wide targeted training for employee compliance with regulatory requirements +- Coordinate security incident response and resiliency activities from a compliance and governance perspective, ensuring lessons learned feed back into governance processes. +- Manage Third Party Risk Management oversight for new and existing vendors +- Support and help grow the AI Governace initiatives within the organization + +### What are we looking for + +- Education: +- Required: Bachelor’s Degree; Minimum 5+ years of technology project/program management. + +Experience: + +- Ability to effectively work as part of a cohesive and agile team. +- Ability to manage security audits and frameworks (e.g., PCI, ISO, SOC 1, SOC2, NIST) +- Ability to manage privacy audits and frameworks (e.g., GDPR, CPRA, CCPA, PIPEDA) +- Ability to manage AI audits and frameworks (e.g., ISO 42001) +- Ability to remain organized and to elicit cooperation from a wide variety of sources, including team members, other internal departments, and external parties. +- Ability to effectively prioritize and execute tasks in a high-pressure environment and react to project adjustments and alterations promptly and efficiently. +- Ability to exercise good judgment and discretion in confidential matters. +- Demonstrable experience interacting with auditors and strategic partners in cloud-based environments similar to Emburse, relating to assurance frameworks such as SOX, PCI DSS, ISO27001, SOC 2 Trust Principles, Business Continuity and Disaster Recovery and Third-Party Risk Management. +- Implemented or maintained Drata (or other GRC tools) + +Certifications: + +- Preferred: CISSP, CIPP/EU, CIPM, Security+, CISA, PMP + +### Required Skills + +- Excellent analytical skills. +- Self-starter with the ability to work with minimal supervision. +- Experience working on large cross-functional teams, representing GRC on initiatives such as change management, identity and access management, policy management, and data retention. +- Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way +- Ability to develop creative and adaptive solutions to unique and complex inquiries +- Unwavered by a rapid-paced working environment and meeting deadlines +- Team-focused, positive attitude, and good sense of humor + +Why Emburse? + +Finance is changing—and at Emburse, we’re leading the way. Our AI-powered solutions help organizations eliminate inefficiencies, gain real-time visibility, and optimize spend—so they can focus on what’s next, not what’s slowing them down. + +• A Company with Momentum – We serve 12M+ users across 120 countries, helping businesses modernize + +their finance operations. + +• A Team That Innovates – Work alongside some of the brightest minds in finance, tech, and AI to solve real- + +world challenges. + +• A Culture That Empowers – Competitive pay, flexible work, and an inclusive, collaborative environment that + +supports your success. + +• A Career That Matters – Your work here drives efficiency, innovation, and smarter financial decision-making + +for businesses everywhere. + +Shape your future & find what’s next at Emburse. + +Emburse provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Emburse complies with applicable state and local laws governing nondiscrimination in employment in every location where the company has facilities. This policy applies to all terms and conditions of employment. diff --git a/jobs/imported/lever/lever-emburse-2644907f-a322-495c-82e4-6f94c7dadbe1-lead-grc-analyst.md b/jobs/imported/lever/lever-emburse-2644907f-a322-495c-82e4-6f94c7dadbe1-lead-grc-analyst.md new file mode 100644 index 0000000..f29ec2b --- /dev/null +++ b/jobs/imported/lever/lever-emburse-2644907f-a322-495c-82e4-6f94c7dadbe1-lead-grc-analyst.md @@ -0,0 +1,111 @@ +--- +title: "Lead GRC Analyst" +company: "Emburse" +slug: "lever-emburse-2644907f-a322-495c-82e4-6f94c7dadbe1-lead-grc-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/emburse" +role_url: "https://jobs.lever.co/emburse/2644907f-a322-495c-82e4-6f94c7dadbe1" +apply_url: "https://jobs.lever.co/emburse/2644907f-a322-495c-82e4-6f94c7dadbe1/apply" +posted_date: "2026-02-27" +expires_date: "2026-03-29" +location: "Boston, MA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "ISO 42001" + - "PCI-DSS" + - "GDPR" +languages: + - "Rust" +compensation: "" +summary: "The security and privacy-focused Governance, Risk, and Compliance (GRC) Lead will lead the efforts for strengthening our security and privacy posture and ensuring adherence to..." +--- + +The security and privacy-focused Governance, Risk, and Compliance (GRC) Lead will lead the efforts for strengthening our security and privacy posture and ensuring adherence to critical regulatory and industry standards. This role will be responsible for building and managing a comprehensive security GRC framework that protects our organization from cyber risks, ensures compliance with security regulations, and enables business resilience. The ideal candidate has expertise in security governance, risk management, and compliance, with the ability to partner with both technical and business teams. + +Who We Are: + +At Emburse, you’ll not just imagine the future – you’ll build it. As a leader in travel and expense solutions, we are creating a future where technology drives business value and inspires extraordinary results. Our AI-powered platform helps organizations modernize financial operations, increase visibility, and optimize spend across the enterprise. + +### What will you do + +- Essential Functions +- Establish and maintain security policies, standards, and controls aligned with industry frameworks (NIST, ISO 27001, PCI, SOC 2). +- Develop a metrics and reporting framework to assess the effectiveness of the security and privacy programs. +- Organize information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings. +- Assist with compliance audits and projects (SOC 1, SOC 2, ISO 27001, ISO 27701, PCI-DSS, Tx-RAMP, and other projects). +- Manage privacy program to ensure that it is in compliance with legal and regulatory requirements (GDPR, PIPEDA, CCPA, CPRA) +- Execute Privacy Impact Assessments (PIAs) +- Support in the development and implementation of a continuous controls monitoring program for security compliance and automation of manual processes. +- Monitor regulatory and industry trends to ensure required changes in compliance policies, procedures, and testing are integrated in a timely manner. +- Assist with enterprise-wide targeted training for employee compliance with regulatory requirements +- Coordinate security incident response and resiliency activities from a compliance and governance perspective, ensuring lessons learned feed back into governance processes. +- Manage Third Party Risk Management oversight for new and existing vendors +- Support and help grow the AI Governace initiatives within the organization + +### What are we looking for + +- Education: +- Required: Bachelor’s Degree; Minimum 5+ years of technology project/program management. + +Experience: + +- Ability to effectively work as part of a cohesive and agile team. +- Ability to manage security audits and frameworks (e.g., PCI, ISO, SOC 1, SOC2, NIST) +- Ability to manage privacy audits and frameworks (e.g., GDPR, CPRA, CCPA, PIPEDA) +- Ability to manage AI audits and frameworks (e.g., ISO 42001) +- Ability to remain organized and to elicit cooperation from a wide variety of sources, including team members, other internal departments, and external parties. +- Ability to effectively prioritize and execute tasks in a high-pressure environment and react to project adjustments and alterations promptly and efficiently. +- Ability to exercise good judgment and discretion in confidential matters. +- Demonstrable experience interacting with auditors and strategic partners in cloud-based environments similar to Emburse, relating to assurance frameworks such as SOX, PCI DSS, ISO27001, SOC 2 Trust Principles, Business Continuity and Disaster Recovery and Third-Party Risk Management. +- Implemented or maintained Drata (or other GRC tools) + +Certifications: + +- Preferred: CISSP, CIPP/EU, CIPM, Security+, CISA, PMP + +### Required Skills + +- Excellent analytical skills. +- Self-starter with the ability to work with minimal supervision. +- Experience working on large cross-functional teams, representing GRC on initiatives such as change management, identity and access management, policy management, and data retention. +- Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way +- Ability to develop creative and adaptive solutions to unique and complex inquiries +- Unwavered by a rapid-paced working environment and meeting deadlines +- Team-focused, positive attitude, and good sense of humor + +Why Emburse? + +Finance is changing—and at Emburse, we’re leading the way. Our AI-powered solutions help organizations eliminate inefficiencies, gain real-time visibility, and optimize spend—so they can focus on what’s next, not what’s slowing them down. + +• A Company with Momentum – We serve 12M+ users across 120 countries, helping businesses modernize + +their finance operations. + +• A Team That Innovates – Work alongside some of the brightest minds in finance, tech, and AI to solve real- + +world challenges. + +• A Culture That Empowers – Competitive pay, flexible work, and an inclusive, collaborative environment that + +supports your success. + +• A Career That Matters – Your work here drives efficiency, innovation, and smarter financial decision-making + +for businesses everywhere. + +Shape your future & find what’s next at Emburse. + +Emburse provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Emburse complies with applicable state and local laws governing nondiscrimination in employment in every location where the company has facilities. This policy applies to all terms and conditions of employment. diff --git a/jobs/imported/lever/lever-gearset-58b596e7-a23b-42f4-a01b-6a8ebceaf68b-grc-manager.md b/jobs/imported/lever/lever-gearset-58b596e7-a23b-42f4-a01b-6a8ebceaf68b-grc-manager.md new file mode 100644 index 0000000..53e1620 --- /dev/null +++ b/jobs/imported/lever/lever-gearset-58b596e7-a23b-42f4-a01b-6a8ebceaf68b-grc-manager.md @@ -0,0 +1,106 @@ +--- +title: "GRC Manager" +company: "Gearset" +slug: "lever-gearset-58b596e7-a23b-42f4-a01b-6a8ebceaf68b-grc-manager" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/gearset" +role_url: "https://jobs.lever.co/gearset/58b596e7-a23b-42f4-a01b-6a8ebceaf68b" +apply_url: "https://jobs.lever.co/gearset/58b596e7-a23b-42f4-a01b-6a8ebceaf68b/apply" +posted_date: "2026-03-19" +expires_date: "2026-04-18" +location: "Remote, United Kingdom" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "ISO 27001" + - "HIPAA" + - "GDPR" + - "CCPA" +languages: + - "Rust" +compensation: "" +summary: "We’re proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data..." +--- + +We’re proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data through our modern approach to security and compliance, and this is only getting more important as we grow our customer base in increasingly regulated sectors. This is a fantastic opportunity to progress your career in security and compliance within the tech sector. This role will provide you with exposure to several key areas including information security, data protection, general compliance, audits and relevant project work. There’ll be lots of opportunity to progress within the role and specialise within a certain area of the business in the future. + +### What’s the opportunity at Gearset? + +- Own our security and compliance documentation accurate and up to date, such as policies, procedures, and support documentation across our information security and compliance programs. + +- Support our commercial teams in complex information security and compliance negotiations, while making sure we respond accurately and within given timescales. + +- Take ownership of maintaining our current ISO 27001 compliance and certification through continuous improvement activities, as well as supporting preparation for internal and external audits. + +- Own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, and CCPA. + +- Gain experience in the implementation and ownership of additional compliance based projects as we increase the international regulation and standards we comply with. + +- Help us work efficiently by identifying common deal blockers and standardising documentation and processes. + +### What you’ll achieve + +- You’ll build on your prior experience from a GRC or an information security role, within a technology company, to support our ambitious company growth plans. + +- You’ll become a technical expert on the company and our products to streamline customer onboarding, and security and compliance reviews. + +- You’ll own reviewing and responding to our complex customer security and compliance requests. + +- You’ll have ownership of compliance and reporting to the international information security standard ISO 27001, to ensure Gearset retains our certification and continues to provide the highest level of protection to our customers’ data. + +- You’ll own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, CCPA. + +- You’ll manage out third party supplier risk program. + +- You’ll work as part of the compliance project team when implementing new regulations or standards such as NIST, fedRAMP etc. + +- You’ll have the opportunity to get certified to international standards on Information Security, Compliance, Risk, Data Protection or Cyber Security. + +### About you + +- Have been in an information security or GRC role, within a technology company and hold either a ISO 27001 Lead Implementer or Lead Auditor certificate. + +- Have in-depth knowledge of ISO 27001 standards & proven experience in implementing ISO 27001 and maintaining the certification. Along with knowledge of general compliance requirements such as Modern Slavery, AML, Bribery etc. + +- Have a track record of owning internal compliance with global data protection laws including GDPR and CCPA. + +- Have an understanding of AWS Cloud infrastructure, and application security + +- Possess a technical predisposition, the desire to learn and ability to react to the needs of a rapidly growing company eg comfortable working in an ever changing environment. + +- Are an excellent communicator, with attention to detail and a passion for always delivering a great customer experience. + +### Great to haves + +- A degree in Computer Science, Information Security, Cybersecurity, or a closely related discipline such as Data Protection, Information Governance or Risk. - A recognised Information Security qualification such as CISSP, CompTIA Security+ etc - Past exposure to other regulations or frameworks such as NIST, HIPAA, fedRAMP, DORA - Knowledge of DevOps and DevSecOps + +### Benefits (the stuff you’d expect!) + +- Salary is up to £75k (depending on experience) + +- This is a full time opportunity, working Monday to Friday remotely within the UK. + +- Opportunity to join our Long Term Incentive scheme + +- Generous personal development budget for courses, conferences, or whatever is useful to your professional development in the role of up to £1500 per year + +- Top end hardware provided + +- Free lunch any day you are in the office + +- BUPA health care + +- Life Insurance & critical illness cover + +- Discounted gym membership, as well as a range of health and wellness benefits diff --git a/jobs/imported/lever/lever-gearset-5949570f-9de7-4467-bab7-f1eaa97abde0-grc-analyst.md b/jobs/imported/lever/lever-gearset-5949570f-9de7-4467-bab7-f1eaa97abde0-grc-analyst.md new file mode 100644 index 0000000..ecef974 --- /dev/null +++ b/jobs/imported/lever/lever-gearset-5949570f-9de7-4467-bab7-f1eaa97abde0-grc-analyst.md @@ -0,0 +1,81 @@ +--- +title: "GRC Analyst" +company: "Gearset" +slug: "lever-gearset-5949570f-9de7-4467-bab7-f1eaa97abde0-grc-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/gearset" +role_url: "https://jobs.lever.co/gearset/5949570f-9de7-4467-bab7-f1eaa97abde0" +apply_url: "https://jobs.lever.co/gearset/5949570f-9de7-4467-bab7-f1eaa97abde0/apply" +posted_date: "2026-03-30" +expires_date: "2026-04-29" +location: "Cambridge, United Kingdom" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "ISO 27001" + - "HIPAA" + - "GDPR" + - "CCPA" +languages: + - "Rust" +compensation: "" +summary: "We’re proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data..." +--- + +We’re proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data through our modern approach to security and compliance. As we grow into increasingly regulated sectors, ensuring our global compliance standards are met is more important than ever. + +This is a fantastic opportunity to kickstart or progress your career in Governance, Risk, and Compliance (GRC) within the tech sector. Reporting to the Legal and Compliance Manager, you will get hands-on exposure to customer assurance, information security audits, data protection, and additional international frameworks. As an early hire in this function, you’ll have a clear path to specialise as the team grows. + +### What’s the opportunity for a GRC Analyst at Gearset? + +- Partner with our GRC Manager to maintain our ISO 27001 certification and support compliance with global data protection regulations such as GDPR, CCPA, and HIPAA. - Own the day-to-day response to customer security and compliance requests, ensuring our clients feel confident in how we handle their data. - Coordinate and facilitate on managing GRC platforms, keeping our documentation current and finding ways to automate repeatable tasks. - Play a key role in ISO 27001 Continuous Improvement (CI) activities and help prepare the business for internal and external audits. - Assist in drafting and managing essential compliance policies, including Modern Slavery, AML and Anti-Bribery, ensuring they evolve with the company. - Identify blockages in reviews and recommend ways to standardise documentation to help the company scale efficiently. + +### What you’ll achieve + +- Develop a deep understanding of Gearset’s compliance and security posture to streamline customer onboarding and vendor reviews. - Lead the automation of our compliance workflows, reducing manual overhead for the team. - Play a key role in scaling our global compliance footprint by launching and embedding new international security standards as we grow. - Gain the experience and support needed to pursue certifications in GRC, Information Security or Data Protection. + +### About you + +- You have a passion for accuracy, especially when managing complex documentation and policies. + +- You are comfortable learning about cloud software and can translate security and compliance concepts into clear, written responses. + +- You can communicate professionally with both internal teams and external customers and vendors. + +- You thrive in a fast-paced environment and are always looking for a more efficient way to get things done. + +- Have degree in a relevant field such as Computer Science, or Cyber Security or equivalent foundational experience in a professional office environment. + +### Great to haves + +- Knowledge of ISO 27001, GDPR, CCPA and HIPAA - Experience using GRC or workflow tools - An interest in DevOps or the Salesforce ecosystem + +### Benefits (the stuff you’d expect!) + +- Salary is up to £45k (depending on experience) + +- This role is based in our Cambridge office but with the flexibility to work from home when you need to + +- Opportunity to join our Long Term Incentive scheme + +- Generous personal development budget for courses, conferences, or whatever is useful to your professional development in the role of up to £1500 per year + +- Top end hardware provided + +- Free lunch any day you are in the office + +- BUPA health care + +- Life Insurance & critical illness cover + +- Discounted gym membership, as well as a range of health and wellness benefits diff --git a/jobs/imported/lever/lever-gearset-9302491f-2c77-4a77-b6c2-0a90687d8787-grc-manager.md b/jobs/imported/lever/lever-gearset-9302491f-2c77-4a77-b6c2-0a90687d8787-grc-manager.md new file mode 100644 index 0000000..ce21a4d --- /dev/null +++ b/jobs/imported/lever/lever-gearset-9302491f-2c77-4a77-b6c2-0a90687d8787-grc-manager.md @@ -0,0 +1,106 @@ +--- +title: "GRC Manager" +company: "Gearset" +slug: "lever-gearset-9302491f-2c77-4a77-b6c2-0a90687d8787-grc-manager" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/gearset" +role_url: "https://jobs.lever.co/gearset/9302491f-2c77-4a77-b6c2-0a90687d8787" +apply_url: "https://jobs.lever.co/gearset/9302491f-2c77-4a77-b6c2-0a90687d8787/apply" +posted_date: "2026-03-19" +expires_date: "2026-04-18" +location: "Cambridge, United Kingdom" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "ISO 27001" + - "HIPAA" + - "GDPR" + - "CCPA" +languages: + - "Rust" +compensation: "" +summary: "We’re proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data..." +--- + +We’re proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data through our modern approach to security and compliance, and this is only getting more important as we grow our customer base in increasingly regulated sectors. This is a fantastic opportunity to progress your career in security and compliance within the tech sector. This role will provide you with exposure to several key areas including information security, data protection, general compliance, audits and relevant project work. There’ll be lots of opportunity to progress within the role and specialise within a certain area of the business in the future. + +### What’s the opportunity at Gearset? + +- Own our security and compliance documentation accurate and up to date, such as policies, procedures, and support documentation across our information security and compliance programs. + +- Support our commercial teams in complex information security and compliance negotiations, while making sure we respond accurately and within given timescales. + +- Take ownership of maintaining our current ISO 27001 compliance and certification through continuous improvement activities, as well as supporting preparation for internal and external audits. + +- Own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, and CCPA. + +- Gain experience in the implementation and ownership of additional compliance based projects as we increase the international regulation and standards we comply with. + +- Help us work efficiently by identifying common deal blockers and standardising documentation and processes. + +### What you’ll achieve + +- You’ll build on your prior experience from a GRC or an information security role, within a technology company, to support our ambitious company growth plans. + +- You’ll become a technical expert on the company and our products to streamline customer onboarding, and security and compliance reviews. + +- You’ll own reviewing and responding to our complex customer security and compliance requests. + +- You’ll have ownership of compliance and reporting to the international information security standard ISO 27001, to ensure Gearset retains our certification and continues to provide the highest level of protection to our customers’ data. + +- You’ll own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, CCPA. + +- You’ll manage out third party supplier risk program. + +- You’ll work as part of the compliance project team when implementing new regulations or standards such as NIST, fedRAMP etc. + +- You’ll have the opportunity to get certified to international standards on Information Security, Compliance, Risk, Data Protection or Cyber Security. + +### About you + +- Have been in an information security or GRC role, within a technology company and hold either a ISO 27001 Lead Implementer or Lead Auditor certificate. + +- Have in-depth knowledge of ISO 27001 standards & proven experience in implementing ISO 27001 and maintaining the certification. Along with knowledge of general compliance requirements such as Modern Slavery, AML, Bribery etc. + +- Have a track record of owning internal compliance with global data protection laws including GDPR and CCPA. + +- Have an understanding of AWS Cloud infrastructure, and application security + +- Possess a technical predisposition, the desire to learn and ability to react to the needs of a rapidly growing company eg comfortable working in an ever changing environment. + +- Are an excellent communicator, with attention to detail and a passion for always delivering a great customer experience. + +### Great to haves + +- A degree in Computer Science, Information Security, Cybersecurity, or a closely related discipline such as Data Protection, Information Governance or Risk. - A recognised Information Security qualification such as CISSP, CompTIA Security+ etc - Past exposure to other regulations or frameworks such as NIST, HIPAA, fedRAMP, DORA - Knowledge of DevOps and DevSecOps + +### Benefits (the stuff you’d expect!) + +- Salary is up to £75k (depending on experience) + +- This role is based in our Cambridge office but with the flexibility to work from home when you need to + +- Opportunity to join our Long Term Incentive scheme + +- Generous personal development budget for courses, conferences, or whatever is useful to your professional development in the role of up to £1500 per year + +- Top end hardware provided + +- Free lunch any day you are in the office + +- BUPA health care + +- Life Insurance & critical illness cover + +- Discounted gym membership, as well as a range of health and wellness benefits diff --git a/jobs/imported/lever/lever-gridware-9afa4aa4-1903-44ad-b574-21d9b612815f-compliance-engineer.md b/jobs/imported/lever/lever-gridware-9afa4aa4-1903-44ad-b574-21d9b612815f-compliance-engineer.md new file mode 100644 index 0000000..79e1fac --- /dev/null +++ b/jobs/imported/lever/lever-gridware-9afa4aa4-1903-44ad-b574-21d9b612815f-compliance-engineer.md @@ -0,0 +1,73 @@ +--- +title: "Compliance Engineer" +company: "Gridware" +slug: "lever-gridware-9afa4aa4-1903-44ad-b574-21d9b612815f-compliance-engineer" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/gridware" +role_url: "https://jobs.lever.co/gridware/9afa4aa4-1903-44ad-b574-21d9b612815f" +apply_url: "https://jobs.lever.co/gridware/9afa4aa4-1903-44ad-b574-21d9b612815f/apply" +posted_date: "2026-03-25" +expires_date: "2026-04-24" +location: "San Francisco, CA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST CSF" +languages: + - "Rust" +compensation: "$120,000 - $145,000" +summary: "Role Description We are building our information security compliance program and this role sits at the center of that effort. As our Compliance Engineer, you will work directly..." +--- + +Role Description + +We are building our information security compliance program and this role sits at the center of that effort. As our Compliance Engineer, you will work directly with the Head of Information Security to design, implement, and operationalize controls across multiple frameworks (SOC 2, ISO 27001, NIS 2, CIS IG3, NERC CIP, and NIST). You will also own customer-facing security assurance, including security questionnaires and audit evidence requests. + +This is a high-visibility role for someone energized by building structure in ambiguous environments and who understands that good compliance is good engineering. + +About Gridware + +Gridware is a San Francisco-based technology company dedicated to protecting and enhancing the electrical grid. We pioneered a groundbreaking new class of grid management called active grid response (AGR), focused on monitoring the electrical, physical, and environmental aspects of the grid that affect reliability and safety. Gridware’s advanced Active Grid Response platform uses high-precision sensors to detect potential issues early, enabling proactive maintenance and fault mitigation. This comprehensive approach helps improve safety, reduce outages, and ensure the grid operates efficiently. The company is backed by climate-tech and Silicon Valley investors. For more information, please visit www.Gridware.io (http://www.gridware.io/) . + +### Responsibilities + +Framework Implementation & Control Management - Design a unified control framework mapped across SOC 2, ISO 27001, CIS IG3, NERC CIP, and NIST (CSF/800-53), eliminating duplication and creating a single source of truth for compliance posture. - Develop and maintain a control library, policy inventory, and risk register. - Translate technical control requirements into actionable guidance for engineering, IT, and operations teams. Audit Readiness & Evidence Collection - Build a structured, repeatable evidence collection process supporting concurrent audits across all frameworks. - Maintain a continuously updated evidence repository and coordinate with Engineering, DevOps, HR, and Legal to gather and validate artifacts. - Serve as primary liaison with external auditors; manage schedules, fieldwork, and findings remediation through to closure. Customer Security Assurance - Own intake, triage, and completion of customer security questionnaires (SIG Lite, CAIQ, custom assessments). - Maintain a living questionnaire knowledge base and develop customer-facing security documentation, including trust portal content. Program Development - Define compliance workflows, SOPs, tooling requirements, and automation opportunities as the program matures. - Monitor regulatory changes across NERC CIP, NIS 2, and NIST; proactively communicate impacts to the team. + +### Required Skills + +- 2–4 years in information security compliance, GRC, or a related discipline. - Working knowledge of two or more: SOC 2, ISO 27001, NIST CSF/800-53, CIS Controls, NERC CIP. - Experience supporting or leading external audits, including evidence collection and auditor coordination. - Ability to perform cross-framework control mapping and identify gaps or conflicts. - Strong written communication skills across technical and non-technical audiences. + +### Bonus Skills + +- Hands-on experience with NERC CIP (CIP-002 through CIP-014) in an OT or critical infrastructure environment. - Familiarity with GRC platforms such as Vanta, Drata, OneTrust, or Archer. - Certifications: CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or NERC CIP. + +**At this time, Gridware is unable to provide visa sponsorship or immigration support for this role. We’re only able to consider candidates who are currently authorized to work in the country of employment without visa sponsorship now or in the future.** + +This describes the ideal candidate; many of us have picked up this expertise along the way. Even if you meet only part of this list, we encourage you to apply! + +Benefits + +Health, Dental & Vision (Gold and Platinum with some providers plans fully covered) + +Paid parental leave + +Alternating day off (every other Monday) + +“Off the Grid”, a two week per year paid break for all employees. + +Commuter allowance + +Company-paid training diff --git a/jobs/imported/lever/lever-hive-5a6df125-a38d-4441-af25-6f0806aa7b3d-security-compliance-manager.md b/jobs/imported/lever/lever-hive-5a6df125-a38d-4441-af25-6f0806aa7b3d-security-compliance-manager.md new file mode 100644 index 0000000..7317ebf --- /dev/null +++ b/jobs/imported/lever/lever-hive-5a6df125-a38d-4441-af25-6f0806aa7b3d-security-compliance-manager.md @@ -0,0 +1,88 @@ +--- +title: "Security Compliance Manager" +company: "Hive" +slug: "lever-hive-5a6df125-a38d-4441-af25-6f0806aa7b3d-security-compliance-manager" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/hive" +role_url: "https://jobs.lever.co/hive/5a6df125-a38d-4441-af25-6f0806aa7b3d" +apply_url: "https://jobs.lever.co/hive/5a6df125-a38d-4441-af25-6f0806aa7b3d/apply" +posted_date: "2022-09-29" +expires_date: "2022-10-29" +location: "San Francisco" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "ISO 27001" + - "GDPR" + - "CCPA" +languages: + - "Rust" +compensation: "$140,000 - $180,000" +summary: "About Hive Hive is the leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most..." +--- + +About Hive + +Hive is the leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations. The company empowers developers with a portfolio of best-in-class, pre-trained AI models, serving billions of customer API requests every month. Hive also offers turnkey software applications powered by proprietary AI models and datasets, enabling breakthrough use cases across industries. Together, Hive’s solutions are transforming content moderation, brand protection, sponsorship measurement, context-based ad targeting, and more. + +Hive has raised over $120M in capital from leading investors, including General Catalyst, 8VC, Glynn Capital, Bain & Company, Visa Ventures, and others. We have over 250 employees globally in our San Francisco, Seattle, and Delhi offices. Please reach out if you are interested in joining the future of AI! + +Security Compliance Manager + +We are looking for a highly motivated Security Compliance Manager with a deep security and compliance background to lead system development and process improvement. As part of Hive’s Security Team, you will collaborate with engineers and auditors to meet security compliance controls as well as enhance security compliance capabilities. + +As a Security Compliance Manager, you will oversee the execution of our Information Security program for evaluating compliance with industry standards (ISO, SOC), federal regulations, and customer contractual requirements. You will have complete ownership and accountability of programs from start to finish, aimed at improving the Hive Company personnel screening compliance and risk monitoring. The ideal candidate is comfortable interacting with both technology and business leaders across the organization at all levels. You will drive consensus among stakeholders and verify that controls are effective, or remediated to become effective. + +### Responsibilities + +- Manage Hive’s current risk management program +- Manage external and internal audits, including reviewing materials that require attention for accuracy and properly adhering to regulatory expectations +- Implement ISMS in coordination with executive and mid-level management +- Develop reports that capture key business trends, highlights, lowlights, and metrics as the compliance programs are conducted. Provide status, recommended updates, and detailed metrics and evidence +- Work with Engineering and Product teams to identify process improvements and efficiencies in areas of change management, access management and general technology process controls +- Provide compliance, risk, and controls expertise to support information security and compliance initiatives +- Protect the business by assisting with cyber security risk assessments +- Maintain awareness of industry best practices for data maintenance handling as it relates to your role +- Manage a comprehensive Governance, Risk and Compliance program +- Adhere to and champion policies, guidelines and procedures pertaining to the protection of information assets +- Manage external security, privacy, and compliance requirements, including both internal requirements for vendors as well as external requirements placed on Hive +- Report actual or suspected security and/or policy violations/breaches +- Define, develop, implement, and maintain our policies and processes that enable consistent, effective privacy practices that minimize risk and ensure the confidentiality of protected information, paper and/or electronic, across all media types and comply with applicable privacy laws and regulations +- Support Hive’s security review process from beginning to end by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review), assembling relevant and appropriate documentation, drafting responses, scheduling and leading calls/meetings, and communicating follow-up activities +- Serve as a subject matter expert for information security principles and practices (especially as they pertain to vendors and cloud security), and promoting a culture of security throughout the firm +- Interface with staff throughout the firm to facilitate the efficient and secure use of technology services + +### Requirements + +- Bachelor's degree or related experience +- Minimum 4+ years experience related to conducting risk-based assessment for information systems and/or operations +- Minimum 1+ years experience running a comprehensive Governance, Risk and Compliance program +- Minimum 2+ years experience leading industry standard (ISO 27001 or SOC 1/2) audits from either side +- Strong knowledge of applicable privacy laws (CCPA/CPRA, GDPR) +- Thorough understanding of vulnerability management, penetration testing, and attack simulations +- Experience supporting enterprise-wide Security Compliance programs designed to anticipate, assess, and minimize control gaps and audit findings +- Ability to communicate in a written and oral format to technical and non-technical audiences in a business-friendly manner +- Demonstrated success in a competitive environment +- Highly self-motivated and ambitious in achieving goals +- Strong team player, but can work and execute independently +- Driven; no one needs to push you to excel; that’s just who you are +- Hungry to learn and actively look for opportunities to contribute +- Highly organized and detail-oriented; can handle multiple projects and dynamic priorities without missing a beat + +Who We Are + +We are a group of ambitious individuals who are passionate about creating a revolutionary AI company. At Hive, you will have a steep learning curve and an opportunity to contribute to one of the fastest growing AI start-ups in San Francisco. The work you do here will have a noticeable and direct impact on the development of the company. + +Thank you for your interest in Hive and we hope to meet you soon! + +The current expected base salary for this position ranges from $140,000 - $180,000. Actual compensation may vary depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the total compensation package that is provided to compensate and recognize employees for their work; stock options may be offered in addition to the range provided here. diff --git a/jobs/imported/lever/lever-hive-bcb73357-34dc-4c0c-8b20-ad4abdb69967-security-compliance-analyst.md b/jobs/imported/lever/lever-hive-bcb73357-34dc-4c0c-8b20-ad4abdb69967-security-compliance-analyst.md new file mode 100644 index 0000000..0bb3c98 --- /dev/null +++ b/jobs/imported/lever/lever-hive-bcb73357-34dc-4c0c-8b20-ad4abdb69967-security-compliance-analyst.md @@ -0,0 +1,81 @@ +--- +title: "Security Compliance Analyst" +company: "Hive" +slug: "lever-hive-bcb73357-34dc-4c0c-8b20-ad4abdb69967-security-compliance-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/hive" +role_url: "https://jobs.lever.co/hive/bcb73357-34dc-4c0c-8b20-ad4abdb69967" +apply_url: "https://jobs.lever.co/hive/bcb73357-34dc-4c0c-8b20-ad4abdb69967/apply" +posted_date: "2021-04-17" +expires_date: "2021-05-17" +location: "San Francisco" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "ISO 27001" + - "GDPR" + - "CCPA" +languages: + - "Rust" +compensation: "$110,000 - $140,000" +summary: "About Hive Hive is the leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most..." +--- + +About Hive + +Hive is the leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations. The company empowers developers with a portfolio of best-in-class, pre-trained AI models, serving billions of customer API requests every month. Hive also offers turnkey software applications powered by proprietary AI models and datasets, enabling breakthrough use cases across industries. Together, Hive’s solutions are transforming content moderation, brand protection, sponsorship measurement, context-based ad targeting, and more. + +Hive has raised over $120M in capital from leading investors, including General Catalyst, 8VC, Glynn Capital, Bain & Company, Visa Ventures, and others. We have over 250 employees globally in our San Francisco, Seattle, and Delhi offices. Please reach out if you are interested in joining the future of AI! + +Security Compliance Analyst + +We are looking for a highly motivated individual with information security governance and compliance experience to be part of our team! As a Security Compliance Analyst at Hive, you will collaborate with engineers and auditors to meet security compliance controls as well as enhance security compliance capabilities. You will be responsible for addressing auditors’ requests and performing on call operations. Our ideal candidate should be able to assist in running the risk management program that is managed by the Information Security team. + +### Responsibilities + +- Manage Hive’s current risk management program +- Manage external and internal audits, including reviewing materials that require attention for accuracy and properly adhering to regulatory expectations. +- Implement ISMS in coordination with executive and mid-level management +- Participate in building a comprehensive Governance, Risk and Compliance program +- Work with Engineering and Product teams to identify process improvements and efficiencies in areas change management, access management and general technology process controls. +- Provide compliance, risk, and controls expertise to support information security and compliance initiatives. +- Protect the business by assisting with cyber security risk assessments. +- Maintain awareness of industry best practices for data maintenance handling as it relates to your role +- Manage security and privacy training programs +- Adhere to and champion policies, guidelines and procedures pertaining to the protection of information assets +- Manage external security, privacy, and compliance requirements, including both internal requirements for vendors as well as external requirements placed on Hive +- Report actual or suspected security and/or policy violations/breaches to an appropriate authority +- Define, develop, implement, and maintain our policies and processes that enable consistent, effective privacy practices that minimize risk and ensure the confidentiality of protected information, paper and/or electronic, across all media types and comply with applicable privacy laws and regulations + +### Requirements + +- Bachelor's degree or related experience +- Minimum 4+ years experience related to conducting risk-based assessment for information systems and/or operations. +- Minimum 1+ years experience running a comprehensive Governance, Risk and Compliance program +- Minimum 2+ years experience leading industry standard (ISO 27001 or SOC 1/2) audits from either side +- Strong knowledge of applicable privacy laws (CCPA/CPRA, GDPR) +- Ability to communicate in a written and oral format to technical and non-technical audiences in a business-friendly manner +- Demonstrated success in a competitive environment +- Highly self-motivated and ambitious in achieving goals +- Strong team player, but can work and execute independently +- Driven; no one needs to push you to excel; that’s just who you are +- Hungry to learn and actively look for opportunities to contribute +- Highly organized and detail-oriented; can handle multiple projects and dynamic priorities without missing a beat + +Who We Are + +We are a group of ambitious individuals who are passionate about creating a revolutionary AI company. At Hive, you will have a steep learning curve and an opportunity to contribute to one of the fastest growing AI start-ups in San Francisco. The work you do here will have a noticeable and direct impact on the development of the company. + +Thank you for your interest in Hive and we hope to meet you soon! + +The current expected base salary for this position ranges from $110,000 - $140,000. Actual compensation may vary depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. Base pay is one part of the total compensation package that is provided to compensate and recognize employees for their work; stock options may be offered in addition to the range provided here. diff --git a/jobs/imported/lever/lever-mistral-43cb9106-a7f8-4131-b9b1-3df2f1dd9a03-security-compliance-lead.md b/jobs/imported/lever/lever-mistral-43cb9106-a7f8-4131-b9b1-3df2f1dd9a03-security-compliance-lead.md new file mode 100644 index 0000000..c7f661d --- /dev/null +++ b/jobs/imported/lever/lever-mistral-43cb9106-a7f8-4131-b9b1-3df2f1dd9a03-security-compliance-lead.md @@ -0,0 +1,72 @@ +--- +title: "Security Compliance, Lead" +company: "Mistral" +slug: "lever-mistral-43cb9106-a7f8-4131-b9b1-3df2f1dd9a03-security-compliance-lead" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/mistral" +role_url: "https://jobs.lever.co/mistral/43cb9106-a7f8-4131-b9b1-3df2f1dd9a03" +apply_url: "https://jobs.lever.co/mistral/43cb9106-a7f8-4131-b9b1-3df2f1dd9a03/apply" +posted_date: "2025-12-11" +expires_date: "2026-01-10" +location: "Paris" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" +languages: [] +compensation: "" +summary: "About Mistral At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly..." +--- + +About Mistral + +At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly into daily working life. + +We democratize AI through high-performance, optimized, open-source and cutting-edge models, products and solutions. Our comprehensive AI platform is designed to meet enterprise needs, whether on-premises or in cloud environments. Our offerings include le Chat, the AI assistant for life and work. + +We are a dynamic, collaborative team passionate about AI and its potential to transform society. Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between France, USA, UK, Germany and Singapore. We are creative, low-ego and team-spirited. + +Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on https://mistral.ai/careers (https://mistral.ai/careers) . + +Role summary + +As Cybersecurity Compliance Lead, you will manage the cybersecurity compliance program and guide the company toward obtaining the certifications necessary for the development of its business. + +What you will do + +Develop and manage comprehensive cybersecurity compliance program + +Define and maintain the Information Security Management System + +Manage the global planning for cybersecurity compliance, for internal reviews and external audits + +Deliver cybersecurity training and inform each stakeholder of how they should contribute to compliance projects + +For each certification or regulatory framework, coordinate all parties who must provide evidence to demonstrate proper compliance and prepare for audits- Participate to risk assessment + +Work with sales and marketing to identify new certifications that may be useful for acquiring new customers and prioritize them depending on the cost of certification/potential new income + +About you + +5+ years of managing cybersecurity compliance program + +Strong understanding of cybersecurity guidelines and standards (ISO27001, SOC2, HDS, SecNumCloud, C5) + +Understanding of cybersecurity regulation (NIS2, CRA, LPM, DORA) + +Understanding or regulation related to sensitive (II901) or classified information (IGI1300) + +Excellent communication, analytical, and problem-solving skills + +By applying, you agree to our Applicant Privacy Policy (https://legal.mistral.ai/terms/applicant-privacy-policy). diff --git a/jobs/imported/lever/lever-palantir-6fa1ad9b-4506-45e4-a476-f4292911a279-compliance-engineer.md b/jobs/imported/lever/lever-palantir-6fa1ad9b-4506-45e4-a476-f4292911a279-compliance-engineer.md new file mode 100644 index 0000000..e18200d --- /dev/null +++ b/jobs/imported/lever/lever-palantir-6fa1ad9b-4506-45e4-a476-f4292911a279-compliance-engineer.md @@ -0,0 +1,106 @@ +--- +title: "Compliance Engineer" +company: "Palantir" +slug: "lever-palantir-6fa1ad9b-4506-45e4-a476-f4292911a279-compliance-engineer" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/palantir" +role_url: "https://jobs.lever.co/palantir/6fa1ad9b-4506-45e4-a476-f4292911a279" +apply_url: "https://jobs.lever.co/palantir/6fa1ad9b-4506-45e4-a476-f4292911a279/apply" +posted_date: "2025-09-25" +expires_date: "2025-10-25" +location: "New York, NY" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "NIST 800-53" + - "PCI-DSS" + - "HIPAA" +languages: + - "Terraform" +compensation: "$90,000 - $150,000" +summary: "The Role As a Compliance Engineer, you will help our engineers implement Palantir Security Controls across our entire product line. You’ll work closely with many different teams..." +--- + +The Role + +As a Compliance Engineer, you will help our engineers implement Palantir Security Controls across our entire product line. You’ll work closely with many different teams to shape these controls and champion a robust & nimble approach to risk management across the company. You will navigate & interpret complex US Government regulatory frameworks (e.g. FedRAMP, CMMC, IL5, IL6) in order to provide practical guidance on technical architecture, documentation & operational concerns, and sustainable processes that will allow us to continue to grow quickly & efficiently. + +A World-Changing Company + +Palantir builds the world’s leading software for data-driven decisions and operations. By bringing the right data to the people who need it, our platforms empower our partners to develop lifesaving drugs, forecast supply chain disruptions, locate missing children, and more. + +### Core Responsibilities + +- Implement all aspects of US Government compliance, including FedRAMP, IL5, and IL6 continuous monitoring and compliance audits. +- Support partnerships with various agencies (DoD, HHS, etc.), 3PAOs, and the FedRAMP PMO. +- Partner with engineers to interpret and map compliance requirements to product implementation. +- Directly facilitate operational and regulatory outcomes, including continuous monitoring and compliance audits. +- Build automation for procedural compliance controls. +- Guide technical and operational decision-making towards future product offerings and efficient organizational processes. + +### What We Value + +- 3+ years experience with compliance (PCI, SOC2, HIPAA, etc.) with at least 2 years related to US Government compliance and audit experience (e.g FedRAMP, IL5, CMMC, FISMA, NIST 800-53, etc.). +- Deep understanding of cloud infrastructure and security concepts. +- Experience with distributed applications on cloud infrastructure (AWS, Azure, GCP). +- Familiarity with security controls for cloud automation and configuration tooling (Terraform, Puppet, Jenkins, etc.). +- Ability to clearly communicate compliance requirements to internal engineering teams and associated implementation to external customers. +- Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring (Tenable, Splunk, etc.). +- Hands-on experience in executing against recurring operational regulatory requirements. +- Strong attention to detail. + +### What We Require + +- Willingness and eligibility to obtain a U.S. security clearance. + +Salary + +The estimated salary range for this position is estimated to be $90,000 - $150,000/year. Total compensation for this position may also include Restricted Stock units, sign-on bonus and other potential future incentives. Further note that total compensation for this position will be determined by each individual’s relevant qualifications, work experience, skills, and other factors. This estimate excludes the value of any potential sign-on bonus; the value of any benefits offered; and the potential future value of any long-term incentives. + +Our benefits aim to promote health and wellbeing across all areas of Palantirians’ lives. We work to continuously improve our offerings and listen to our community as we design and update them. The list below details our available benefits and some of the perks that can be enjoyed as an employee of Palantir Technologies. + +Benefits + +• Employees (and their eligible dependents) can enroll in medical, dental, and vision insurance as well as voluntary life insurance + +• Employees are automatically covered by Palantir’s basic life, AD&D and disability insurance + +• Commuter benefits + +• Take what you need paid time off, not accrual based + +• 2 weeks paid time off built into the end of each year (subject to team and business needs) + +• 10 paid holidays throughout the calendar year + +• Supportive leave of absence program including time off for military service and medical events + +• Paid leave for new parents and subsidized back-up care for all parents + +• Fertility and family building benefits including but not limited to adoption, surrogacy, and preservation + +• Stipend to help with expenses that come with a new child + +• Employees can enroll in Palantir’s 401k plan + +Life at Palantir + +We want every Palantirian to achieve their best outcomes, that’s why we celebrate individuals’ strengths, skills, and interests, from your first interview to your longterm growth, rather than rely on traditional career ladders. Paying attention to the needs of our community enables us to optimize our opportunities to grow and helps ensure many pathways to success at Palantir. Promoting health and well-being across all areas of Palantirians’ lives is just one of the ways we’re investing in our community. Learn more at Life at Palantir (https://www.palantir.com/careers/life-at-palantir/) and note that our offerings may vary by region. + +In keeping consistent with Palantir’s values and culture, we believe employees are “better together” and in-person work affords the opportunity for more creative outcomes. Therefore, we encourage employees to work from our offices to foster connectivity and innovation. Many teams do offer hybrid options (WFH a day or two a week), allowing our employees to strike the right trade-off for their personal productivity. Based on business need, there are a few roles that allow for “Remote” work on an exceptional basis. If you are applying for one of these roles, you must work from the state in which you are employed. If the posting is specified as Onsite, you are required to work from an office. + +If you want to empower the world's most important institutions, you belong here. Palantir values excellence regardless of background. We are proud to be an Equal Opportunity Employer for all, including but not limited to Veterans and those with disabilities. Palantir is committed to making the application and hiring process accessible to everyone and will provide a reasonable accommodation for those living with a disability. If you need an accommodation for the application or hiring process , please reach out (mailto:accommodations@palantir.com) and let us know how we can help. + +If you would like to understand more about how your personal data will be processed by Palantir, please see our Privacy Policy (https://www.palantir.com/privacy-and-security/candidate-privacy-notice/). diff --git a/jobs/imported/lever/lever-palantir-755c16c2-5207-49a7-9e7d-55eb608e03e6-compliance-engineer.md b/jobs/imported/lever/lever-palantir-755c16c2-5207-49a7-9e7d-55eb608e03e6-compliance-engineer.md new file mode 100644 index 0000000..54c3dba --- /dev/null +++ b/jobs/imported/lever/lever-palantir-755c16c2-5207-49a7-9e7d-55eb608e03e6-compliance-engineer.md @@ -0,0 +1,106 @@ +--- +title: "Compliance Engineer" +company: "Palantir" +slug: "lever-palantir-755c16c2-5207-49a7-9e7d-55eb608e03e6-compliance-engineer" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/palantir" +role_url: "https://jobs.lever.co/palantir/755c16c2-5207-49a7-9e7d-55eb608e03e6" +apply_url: "https://jobs.lever.co/palantir/755c16c2-5207-49a7-9e7d-55eb608e03e6/apply" +posted_date: "2025-09-25" +expires_date: "2025-10-25" +location: "Palo Alto, CA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "NIST 800-53" + - "PCI-DSS" + - "HIPAA" +languages: + - "Terraform" +compensation: "$90,000 - $150,000" +summary: "The Role As a Compliance Engineer, you will help our engineers implement Palantir Security Controls across our entire product line. You’ll work closely with many different teams..." +--- + +The Role + +As a Compliance Engineer, you will help our engineers implement Palantir Security Controls across our entire product line. You’ll work closely with many different teams to shape these controls and champion a robust & nimble approach to risk management across the company. You will navigate & interpret complex US Government regulatory frameworks (e.g. FedRAMP, CMMC, IL5, IL6) in order to provide practical guidance on technical architecture, documentation & operational concerns, and sustainable processes that will allow us to continue to grow quickly & efficiently. + +A World-Changing Company + +Palantir builds the world’s leading software for data-driven decisions and operations. By bringing the right data to the people who need it, our platforms empower our partners to develop lifesaving drugs, forecast supply chain disruptions, locate missing children, and more. + +### Core Responsibilities + +- Implement all aspects of US Government compliance, including FedRAMP, IL5, and IL6 continuous monitoring and compliance audits. +- Support partnerships with various agencies (DoD, HHS, etc.), 3PAOs, and the FedRAMP PMO. +- Partner with engineers to interpret and map compliance requirements to product implementation. +- Directly facilitate operational and regulatory outcomes, including continuous monitoring and compliance audits. +- Build automation for procedural compliance controls. +- Guide technical and operational decision-making towards future product offerings and efficient organizational processes. + +### What We Value + +- 3+ years experience with compliance (PCI, SOC2, HIPAA, etc.) with at least 2 years related to US Government compliance and audit experience (e.g FedRAMP, IL5, CMMC, FISMA, NIST 800-53, etc.). +- Deep understanding of cloud infrastructure and security concepts. +- Experience with distributed applications on cloud infrastructure (AWS, Azure, GCP). +- Familiarity with security controls for cloud automation and configuration tooling (Terraform, Puppet, Jenkins, etc.). +- Ability to clearly communicate compliance requirements to internal engineering teams and associated implementation to external customers. +- Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring (Tenable, Splunk, etc.). +- Hands-on experience in executing against recurring operational regulatory requirements. +- Strong attention to detail. + +### What We Require + +- Willingness and eligibility to obtain a U.S. security clearance. + +Salary + +The estimated salary range for this position is estimated to be $90,000 - $150,000/year. Total compensation for this position may also include Restricted Stock units, sign-on bonus and other potential future incentives. Further note that total compensation for this position will be determined by each individual’s relevant qualifications, work experience, skills, and other factors. This estimate excludes the value of any potential sign-on bonus; the value of any benefits offered; and the potential future value of any long-term incentives. + +Our benefits aim to promote health and wellbeing across all areas of Palantirians’ lives. We work to continuously improve our offerings and listen to our community as we design and update them. The list below details our available benefits and some of the perks that can be enjoyed as an employee of Palantir Technologies. + +Benefits + +• Employees (and their eligible dependents) can enroll in medical, dental, and vision insurance as well as voluntary life insurance + +• Employees are automatically covered by Palantir’s basic life, AD&D and disability insurance + +• Commuter benefits + +• Take what you need paid time off, not accrual based + +• 2 weeks paid time off built into the end of each year (subject to team and business needs) + +• 10 paid holidays throughout the calendar year + +• Supportive leave of absence program including time off for military service and medical events + +• Paid leave for new parents and subsidized back-up care for all parents + +• Fertility and family building benefits including but not limited to adoption, surrogacy, and preservation + +• Stipend to help with expenses that come with a new child + +• Employees can enroll in Palantir’s 401k plan + +Life at Palantir + +We want every Palantirian to achieve their best outcomes, that’s why we celebrate individuals’ strengths, skills, and interests, from your first interview to your longterm growth, rather than rely on traditional career ladders. Paying attention to the needs of our community enables us to optimize our opportunities to grow and helps ensure many pathways to success at Palantir. Promoting health and well-being across all areas of Palantirians’ lives is just one of the ways we’re investing in our community. Learn more at Life at Palantir (https://www.palantir.com/careers/life-at-palantir/) and note that our offerings may vary by region. + +In keeping consistent with Palantir’s values and culture, we believe employees are “better together” and in-person work affords the opportunity for more creative outcomes. Therefore, we encourage employees to work from our offices to foster connectivity and innovation. Many teams do offer hybrid options (WFH a day or two a week), allowing our employees to strike the right trade-off for their personal productivity. Based on business need, there are a few roles that allow for “Remote” work on an exceptional basis. If you are applying for one of these roles, you must work from the state in which you are employed. If the posting is specified as Onsite, you are required to work from an office. + +If you want to empower the world's most important institutions, you belong here. Palantir values excellence regardless of background. We are proud to be an Equal Opportunity Employer for all, including but not limited to Veterans and those with disabilities. Palantir is committed to making the application and hiring process accessible to everyone and will provide a reasonable accommodation for those living with a disability. If you need an accommodation for the application or hiring process , please reach out (mailto:accommodations@palantir.com) and let us know how we can help. + +If you would like to understand more about how your personal data will be processed by Palantir, please see our Privacy Policy (https://www.palantir.com/privacy-and-security/candidate-privacy-notice/). diff --git a/jobs/imported/lever/lever-palantir-fbf8b12b-38f3-4cdb-a4d3-b5404c0aa98a-compliance-engineer.md b/jobs/imported/lever/lever-palantir-fbf8b12b-38f3-4cdb-a4d3-b5404c0aa98a-compliance-engineer.md new file mode 100644 index 0000000..b9b9ab5 --- /dev/null +++ b/jobs/imported/lever/lever-palantir-fbf8b12b-38f3-4cdb-a4d3-b5404c0aa98a-compliance-engineer.md @@ -0,0 +1,106 @@ +--- +title: "Compliance Engineer" +company: "Palantir" +slug: "lever-palantir-fbf8b12b-38f3-4cdb-a4d3-b5404c0aa98a-compliance-engineer" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/palantir" +role_url: "https://jobs.lever.co/palantir/fbf8b12b-38f3-4cdb-a4d3-b5404c0aa98a" +apply_url: "https://jobs.lever.co/palantir/fbf8b12b-38f3-4cdb-a4d3-b5404c0aa98a/apply" +posted_date: "2025-09-25" +expires_date: "2025-10-25" +location: "Washington, D.C." +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "NIST 800-53" + - "PCI-DSS" + - "HIPAA" +languages: + - "Terraform" +compensation: "$90,000 - $150,000" +summary: "The Role As a Compliance Engineer, you will help our engineers implement Palantir Security Controls across our entire product line. You’ll work closely with many different teams..." +--- + +The Role + +As a Compliance Engineer, you will help our engineers implement Palantir Security Controls across our entire product line. You’ll work closely with many different teams to shape these controls and champion a robust & nimble approach to risk management across the company. You will navigate & interpret complex US Government regulatory frameworks (e.g. FedRAMP, CMMC, IL5, IL6) in order to provide practical guidance on technical architecture, documentation & operational concerns, and sustainable processes that will allow us to continue to grow quickly & efficiently. + +A World-Changing Company + +Palantir builds the world’s leading software for data-driven decisions and operations. By bringing the right data to the people who need it, our platforms empower our partners to develop lifesaving drugs, forecast supply chain disruptions, locate missing children, and more. + +### Core Responsibilities + +- Implement all aspects of US Government compliance, including FedRAMP, IL5, and IL6 continuous monitoring and compliance audits. +- Support partnerships with various agencies (DoD, HHS, etc.), 3PAOs, and the FedRAMP PMO. +- Partner with engineers to interpret and map compliance requirements to product implementation. +- Directly facilitate operational and regulatory outcomes, including continuous monitoring and compliance audits. +- Build automation for procedural compliance controls. +- Guide technical and operational decision-making towards future product offerings and efficient organizational processes. + +### What We Value + +- 3+ years experience with compliance (PCI, SOC2, HIPAA, etc.) with at least 2 years related to US Government compliance and audit experience (e.g FedRAMP, IL5, CMMC, FISMA, NIST 800-53, etc.). +- Deep understanding of cloud infrastructure and security concepts. +- Experience with distributed applications on cloud infrastructure (AWS, Azure, GCP). +- Familiarity with security controls for cloud automation and configuration tooling (Terraform, Puppet, Jenkins, etc.). +- Ability to clearly communicate compliance requirements to internal engineering teams and associated implementation to external customers. +- Proficiency with security concepts (encryption, authentication, etc.) and tooling for continuous monitoring (Tenable, Splunk, etc.). +- Hands-on experience in executing against recurring operational regulatory requirements. +- Strong attention to detail. + +### What We Require + +- Willingness and eligibility to obtain a U.S. security clearance. + +Salary + +The estimated salary range for this position is estimated to be $90,000 - $150,000/year. Total compensation for this position may also include Restricted Stock units, sign-on bonus and other potential future incentives. Further note that total compensation for this position will be determined by each individual’s relevant qualifications, work experience, skills, and other factors. This estimate excludes the value of any potential sign-on bonus; the value of any benefits offered; and the potential future value of any long-term incentives. + +Our benefits aim to promote health and wellbeing across all areas of Palantirians’ lives. We work to continuously improve our offerings and listen to our community as we design and update them. The list below details our available benefits and some of the perks that can be enjoyed as an employee of Palantir Technologies. + +Benefits + +• Employees (and their eligible dependents) can enroll in medical, dental, and vision insurance as well as voluntary life insurance + +• Employees are automatically covered by Palantir’s basic life, AD&D and disability insurance + +• Commuter benefits + +• Take what you need paid time off, not accrual based + +• 2 weeks paid time off built into the end of each year (subject to team and business needs) + +• 10 paid holidays throughout the calendar year + +• Supportive leave of absence program including time off for military service and medical events + +• Paid leave for new parents and subsidized back-up care for all parents + +• Fertility and family building benefits including but not limited to adoption, surrogacy, and preservation + +• Stipend to help with expenses that come with a new child + +• Employees can enroll in Palantir’s 401k plan + +Life at Palantir + +We want every Palantirian to achieve their best outcomes, that’s why we celebrate individuals’ strengths, skills, and interests, from your first interview to your longterm growth, rather than rely on traditional career ladders. Paying attention to the needs of our community enables us to optimize our opportunities to grow and helps ensure many pathways to success at Palantir. Promoting health and well-being across all areas of Palantirians’ lives is just one of the ways we’re investing in our community. Learn more at Life at Palantir (https://www.palantir.com/careers/life-at-palantir/) and note that our offerings may vary by region. + +In keeping consistent with Palantir’s values and culture, we believe employees are “better together” and in-person work affords the opportunity for more creative outcomes. Therefore, we encourage employees to work from our offices to foster connectivity and innovation. Many teams do offer hybrid options (WFH a day or two a week), allowing our employees to strike the right trade-off for their personal productivity. Based on business need, there are a few roles that allow for “Remote” work on an exceptional basis. If you are applying for one of these roles, you must work from the state in which you are employed. If the posting is specified as Onsite, you are required to work from an office. + +If you want to empower the world's most important institutions, you belong here. Palantir values excellence regardless of background. We are proud to be an Equal Opportunity Employer for all, including but not limited to Veterans and those with disabilities. Palantir is committed to making the application and hiring process accessible to everyone and will provide a reasonable accommodation for those living with a disability. If you need an accommodation for the application or hiring process , please reach out (mailto:accommodations@palantir.com) and let us know how we can help. + +If you would like to understand more about how your personal data will be processed by Palantir, please see our Privacy Policy (https://www.palantir.com/privacy-and-security/candidate-privacy-notice/). diff --git a/jobs/imported/lever/lever-pattern-54eb41e4-261f-49e2-97fe-e7383d9e3cd0-import-export-and-customs-compliance-analyst.md b/jobs/imported/lever/lever-pattern-54eb41e4-261f-49e2-97fe-e7383d9e3cd0-import-export-and-customs-compliance-analyst.md new file mode 100644 index 0000000..79d78a8 --- /dev/null +++ b/jobs/imported/lever/lever-pattern-54eb41e4-261f-49e2-97fe-e7383d9e3cd0-import-export-and-customs-compliance-analyst.md @@ -0,0 +1,70 @@ +--- +title: "Import/Export & Customs Compliance Analyst" +company: "Pattern" +slug: "lever-pattern-54eb41e4-261f-49e2-97fe-e7383d9e3cd0-import-export-and-customs-compliance-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/pattern" +role_url: "https://jobs.lever.co/pattern/54eb41e4-261f-49e2-97fe-e7383d9e3cd0" +apply_url: "https://jobs.lever.co/pattern/54eb41e4-261f-49e2-97fe-e7383d9e3cd0/apply" +posted_date: "2026-01-29" +expires_date: "2026-02-28" +location: "Pune, India" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: [] +languages: [] +compensation: "" +summary: "Import/Export & Customs Compliance Analyst Key Responsibilities: Import/Export Operations Oversight: Manage end-to-end import and export processes including coordination of..." +--- + +Import/Export & Customs Compliance Analyst + +Key Responsibilities: + +Import/Export Operations Oversight: Manage end-to-end import and export processes including coordination of international shipments, documentation preparation, booking freight, and resolving shipping exceptions. + +Customs Management: Prepare and review customs documentation (commercial invoices, packing lists, certificates of origin, etc.) to ensure accuracy and compliance with U.S. and international customs regulations. Liaise with customs brokers, government agencies, and logistics partners as needed. + +Regulatory Compliance: Monitor and interpret import/export laws, regulations (e.g., HTS, EAR, ITAR), and sanctioned party lists. Ensure company operations meet all trade compliance requirements and maintain proper transaction records. + +Process Improvement: Identify, recommend, and implement improvements in import/export and customs clearance workflows to increase efficiency, accuracy, and compliance. + +Partner & Vendor Coordination: Act as primary contact for international freight forwarders, customs brokers, and regulatory agencies. Provide guidance to internal teams regarding shipping requirements, document preparation, and transportation timelines. + +Audit & Risk Management: Support and/or lead periodic audits of import/export files, customs entries, and compliance records. Investigate and resolve discrepancies, supporting corrective and preventive actions. + +Training & Cross-Functional Support: Serve as a subject matter expert for the organization on international trade, customs, and compliance topics. Deliver training and updates for relevant teams and stakeholders as requirements or regulations evolve. + +Qualifications: + +Education & Experience: + +Bachelor’s degree in International Business, Supply Chain, Logistics, or a related field. + +3+ years of experience managing import/export operations, customs documentation, and international compliance—preferably in a distribution, retail, or eCommerce environment. + +Familiarity with U.S. Customs regulations, Incoterms, tariffs/duties, and international freight documentation. Experience with customs brokerage or freight forwarding is highly desirable. + +Key Skills: + +Detail-oriented with strong organizational, analytical, and problem-solving skills. + +Advanced written and verbal communication skills for cross-functional and cross-border collaboration. + +Ability to research, interpret, and apply complex regulatory information. + +Proficient in Excel/Google Sheets; experience with trade compliance or ERP systems is a plus. + +Strong initiative, accountability, and adaptability in a dynamic environment. + +Relevant certifications (e.g., Certified Customs Specialist, CUSECO) are a plus but not required. diff --git a/jobs/imported/lever/lever-pattern-56f02c3e-0ab7-410b-acbd-afab7ed01e6d-ecommerce-compliance-specialist.md b/jobs/imported/lever/lever-pattern-56f02c3e-0ab7-410b-acbd-afab7ed01e6d-ecommerce-compliance-specialist.md new file mode 100644 index 0000000..d62abb8 --- /dev/null +++ b/jobs/imported/lever/lever-pattern-56f02c3e-0ab7-410b-acbd-afab7ed01e6d-ecommerce-compliance-specialist.md @@ -0,0 +1,131 @@ +--- +title: "Ecommerce Compliance Specialist" +company: "Pattern" +slug: "lever-pattern-56f02c3e-0ab7-410b-acbd-afab7ed01e6d-ecommerce-compliance-specialist" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/pattern" +role_url: "https://jobs.lever.co/pattern/56f02c3e-0ab7-410b-acbd-afab7ed01e6d" +apply_url: "https://jobs.lever.co/pattern/56f02c3e-0ab7-410b-acbd-afab7ed01e6d/apply" +posted_date: "2026-02-17" +expires_date: "2026-03-19" +location: "Lehi, UT, US" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Audit & Assurance" + - "Cloud Security" + - "Identity & Access Management" +frameworks: [] +languages: [] +compensation: "" +summary: "We need an Ecommerce Compliance Specialist to audit listings on platforms like Amazon, Walmart, and TikTok Shop, resolve compliance violations, and mitigate revenue loss. This..." +--- + +We need an Ecommerce Compliance Specialist to audit listings on platforms like Amazon, Walmart, and TikTok Shop, resolve compliance violations, and mitigate revenue loss. This role involves maintaining communication with the brand management team, researching regulatory requirements, and implementing proactive measures to ensure all e-commerce accounts remain healthy and compliant. This is a full-time role and will work a hybrid schedule based in Lehi, Utah. + +Are you obsessed with data, partner success, taking action, and changing the game? If you have a whole lot of hustle and a touch of nerd, come work with Pattern! We want you to use your skills to push one of the fastest-growing companies headquartered in the US to the top of the list. + +Pattern accelerates brands on global ecommerce marketplaces leveraging proprietary technology and AI. Utilizing more than 46 trillion data points, sophisticated machine learning and AI models, Pattern optimizes and automates all levers of ecommerce growth for global brands, including advertising, content management, logistics and fulfillment, pricing, forecasting and customer service. Hundreds of global brands depend on Pattern’s ecommerce acceleration platform every day to drive profitable revenue growth across 60+ global marketplaces—including Amazon, Walmart.com (http://walmart.com/) , Target.com (http://target.com/) , eBay, Tmall, TikTok Shop, JD, and Mercado Libre. To learn more, visit pattern.com (http://pattern.com/) or email press@pattern.com (mailto:press@pattern.com) . + +Pattern has been named one of the fastest growing tech companies headquartered in North America by Deloitte and one of best-led companies by Inc. We place employee experience at the center of our business model and have been recognized as one of Newsweek’s Global Most Loved Workplaces®. + +### What is a day in the life of an Ecommerce Compliance Specialist? + +- Manage product listings through reviews of new content +- Product catalog auditing to ensure compliance with ecommerce platform policies +- Monitor and update banned keywords and products from ecommerce marketplaces +- Monitor notices from ecommerce platform compliance departments +- Determine best ways to respond to seller account issues +- Proactively troubleshoot potential issues +- Communicate issues with the seller team + +### What will I need to thrive in this role? + +- 1-2 years’ experience with the Amazon.com (http://Amazon.com) marketplace platform or 1-2 years’ experience working in the regulatory compliance field +- Experience with Amazon Account Health - specifically writing plans of action and responding to performance notifications +- Experience working with government regulations or regulatory bodies (FDA, EPA, CPSC, Health Canada, etc.) +- Bachelor’s degree +- Ability to organize and manage multiple tasks simultaneously +- Precise attention to detail +- Excellent verbal and written communication skills +- Strong judgment and commitment to ethics +- An eagerness to learn + +Preferred: + +- Basic familiarity with Walmart.com (http://Walmart.com), and other ecommerce marketplaces (eBay, Shopify, Etsy, etc.) +- Experience with MAP/MSRP compliance enforcement +- Experience performing root cause analysis and implementing corrective and preventive actions (CAPA) +- Strong writing and editing skills +- Previous experience working in a high-stakes business environment + +### What does high performance look like? + +- You follow through with all assignments in a timely manner +- You understand complex issues and can break them down into a simplified list of relevant points +- You correctly apply internal processes, marketplace policies, and regulatory requirements to resolve violations +- You take initiative to proactively share new solutions and process improvements with the team +- You communicate clearly and professionally with collaborative teams, marketplace contacts, and brand partners + +### What is my potential for career growth? + +- This role offers a path for professional growth, starting as an Ecommerce Compliance Specialist and progressing to a Senior Ecommerce Compliance Specialist. As you develop your skills and expertise, there will also be opportunities for future leadership roles within the organization, allowing you to take on greater responsibilities and influence within the team. + +### What does success look like in the first 30, 60, 90 days? + +- In the first 30 days, you will complete training and onboarding, handle simple tasks with support, and start building relationships with your team. By days 31-60, you will take on more complex tasks with increasing independence, demonstrate problem-solving skills, and use feedback to improve. In days 61-90, you will manage a variety of tasks, proactively contribute ideas, focus on the quality of your work, and seek ongoing feedback for continuous development. + +### What is the team like? + +- You will work with the other Ecommerce Compliance Specialists and be supervised by the Director of Account Health. You will also be mentored by the VP of Brand Services and meet with them on a regular basis to discuss your performance. This team is data driven and results oriented. You will collaborate regularly with members of your team to implement actionable solutions. Ideas and input are encouraged from all members. + +### Sounds great! What’s the company culture? We are looking for individuals who are: + +- Game Changers- A game changer is someone who looks at problems with an open mind and shares new ideas with team members, regularly reassesses existing plans and attaches a realistic timeline to goals, makes profitable, productive, and innovative contributions, and actively pursues improvements to Pattern’s processes and outcomes +- Data Fanatics - A data fanatic is someone who recognizes problems and seeks to understand them through data, draws unbiased conclusions based on data that lead to actionable solutions, and continues to track the effects of the solutions using data +- Partner Obsessed- An individual who is partner obsessed clearly explains the status of projects to partners and relies on constructive feedback, actively listens to partner’s expectations, and delivers results that exceed them, prioritizes the needs of your partners, and takes the time to create a personable experience for those interacting with Pattern. +- Team of Doers- Someone who is a part of a team of doers uplifts team members and recognizes their specific contributions, takes initiative to help in any circumstance, actively contributes to supporting improvements, and holds themselves accountable to the team as well as to partners. + +### What is the hiring process? + +- Initial phone interview with Pattern’s talent acquisition team +- Video interview and sample problem with a senior team member +- Onsite interview with the hiring manager +- Professional reference checks +- Executive review +- Offer + +### How can I stand out as an applicant? + +- Discuss professional accomplishments with specific data to quantify examples +- Provide insights on how you can add value and be the best addition to the team +- Focus on mentioning how you would be partner obsessed at Pattern +- Share experience on any side projects related to data and analytics + +Why should I work at Pattern? + +Pattern offers big opportunities to make a difference in the ecommerce industry! We are a company full of talented people that evolves quickly and often. We set big goals, work tirelessly to achieve them, and we love our Pattern community. We also believe in having fun and balancing our lives, so we offer awesome benefits that include: + +- Unlimited PTO + +- Paid Holidays + +- Onsite Fitness Center + +- Company Paid Life Insurance + +- Casual Dress Code + +- Competitive Pay + +- Health, Vision, and Dental Insurance + +- 401(k) match. Pattern matches 100% of the first 3% in eligible compensation deferred and 50% of the next 2% in eligible compensation deferred. + +Pattern provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability, status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. diff --git a/jobs/imported/lever/lever-pattern-670c1397-e837-4504-ab26-3008c91c44ff-senior-grc-analyst.md b/jobs/imported/lever/lever-pattern-670c1397-e837-4504-ab26-3008c91c44ff-senior-grc-analyst.md new file mode 100644 index 0000000..009b56c --- /dev/null +++ b/jobs/imported/lever/lever-pattern-670c1397-e837-4504-ab26-3008c91c44ff-senior-grc-analyst.md @@ -0,0 +1,82 @@ +--- +title: "Senior GRC Analyst" +company: "Pattern" +slug: "lever-pattern-670c1397-e837-4504-ab26-3008c91c44ff-senior-grc-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/pattern" +role_url: "https://jobs.lever.co/pattern/670c1397-e837-4504-ab26-3008c91c44ff" +apply_url: "https://jobs.lever.co/pattern/670c1397-e837-4504-ab26-3008c91c44ff/apply" +posted_date: "2026-02-25" +expires_date: "2026-03-27" +location: "Pune, India" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "NIST 800-53" + - "NIST CSF" + - "NIST RMF" + - "NIST AI RMF" +languages: + - "Rust" +compensation: "" +summary: "About Pattern: Pattern is the leader in global e-commerce and marketplace acceleration, headquartered in Utah's Silicon Slopes tech hub—with offices in Asia, Australia, Europe,..." +--- + +About Pattern: + +Pattern is the leader in global e-commerce and marketplace acceleration, headquartered in Utah's Silicon Slopes tech hub—with offices in Asia, Australia, Europe, and the Middle East. Hundreds of global brands rely on the company’s e-commerce acceleration platform to grow their online sales on direct-to-consumer websites, online marketplaces, and other digital channels in more than 60 countries, all while managing fulfillment and logistics. With last year's revenue exceeding $1 Billion, Pattern has been named one of the fastest growing tech companies in North America by Deloitte and one of best-led companies by Inc. We place employee experience at the center of our business model and have been recognized as one of Newsweek’s Global Most Loved Workplaces®. + +Role Overview + +As a GRC Analyst, you will play a critical role in strengthening the security, risk, and compliance posture of our SaaS-based eCommerce acceleration platform. + +You will collaborate closely with Engineering, Product, and Legal teams to ensure adherence to regulatory, contractual, and customer-driven compliance requirements, including those related to the responsible and secure use of AI-enabled technologies. This role supports the delivery of a secure, scalable, and highly available cloud environment by contributing to audit readiness, control design and testing, policy and standards development, and continuous compliance monitoring. You will also help support emerging AI governance initiatives by assisting with risk assessments, documentation, and oversight of AI usage across the organization. + +### Key Responsibilities + +- Support security and compliance initiatives aligned with industry frameworks including SOC 2, ISO/IEC 27001, ISO 27701, NIST CSF, NIST SP 800-53, CIS Controls, and CSA CCM. +- Assist in the execution of security, privacy, and risk assessments across cloud infrastructure, applications, and third-party vendors. +- Participate in external and internal audits, including SOC 1/2, ISO certification audits, customer audits, and internal risk reviews. +- Coordinate audit readiness activities, including evidence collection, control mapping, walkthroughs, and remediation tracking. +- Support compliance with privacy and data protection regulations, such as GDPR, CCPA/CPRA, and other global privacy laws, in partnership with Legal and Product teams. +- Contribute to the development, maintenance, and review of security policies, standards, procedures, and risk registers. +- Assist in identifying and assessing AI-related risks, such as data privacy, model bias, explainability, security misuse, and third-party AI dependencies. +- Support compliance efforts related to emerging AI regulations and standards, including EU AI Act, NIST AI Risk Management Framework (AI RMF), ISO/IEC 23894, and ISO/IEC 42001. +- Assist with third-party risk management (TPRM), including vendor assessments, due diligence reviews, and risk reporting. +- Assist with documentation and evidence collection for AI governance controls during internal, customer, and regulatory audits. +- Collaborate with Engineering and Product teams to ensure secure and responsible use of generative AI tools across the organization. +- Manage and continuously improve the internal security awareness and phishing simulation program. + +### Required Qualifications + +- 3–5 years of experience in GRC, information security, risk management, and IT audit, preferably in a SaaS or cloud-native environment. +- Strong understanding of IT security principles and technologies, as well as experience with cloud computing environments. +- Working knowledge of emerging AI standards and frameworks such as NIST AI RMF, ISO/IEC 42001, and OECD AI Principles. +- Familiarity with international and domestic compliance regulations,AI governance and risk management concepts, cybersecurity frameworks, and industry best practices. +- Experience supporting security, privacy, and compliance audits, including evidence collection and auditor interaction. +- Ability to interpret technical controls and translate them into compliance and risk documentation. +- Strong documentation, analytical, and communication skills. +- Professional certifications such as CRISC, CCSK or similar are highly desirable. +- Ability to communicate technical risk and compliance requirements clearly to engineering and non-technical stakeholders. + +### What Success looks Like + +- Security and privacy controls are clearly documented, tested, and consistently implemented across the platform. +- Risks and compliance gaps are identified early, tracked effectively, and remediated in partnership with technical teams. +- Compliance processes scale smoothly alongside platform growth and new customer requirements +- Stakeholders view GRC as a trusted, enabling function rather than a blocker. + +### Career Growth and Team Environment + +- You will join a collaborative, security-focused team that values learning, technical depth, and continuous improvement. This role offers exposure to a broad range of security, privacy, cloud, and audit domains, providing a strong foundation for career growth into senior GRC, risk management, or security leadership roles. You will work closely with experienced engineers and security professionals while gaining hands-on experience in a fast-paced SaaS environment supporting enterprise-scale eCommerce operations. If you’re passionate about strengthening governance, risk, and compliance programs including responsible AI governance while enabling secure and scalable SaaS platforms, we’d love to have you join us at Pattern. diff --git a/jobs/imported/lever/lever-ro-af3c256d-62e4-4b53-8329-c7a8d187301e-sr-grc-engineer.md b/jobs/imported/lever/lever-ro-af3c256d-62e4-4b53-8329-c7a8d187301e-sr-grc-engineer.md new file mode 100644 index 0000000..87da243 --- /dev/null +++ b/jobs/imported/lever/lever-ro-af3c256d-62e4-4b53-8329-c7a8d187301e-sr-grc-engineer.md @@ -0,0 +1,113 @@ +--- +title: "Sr. GRC Engineer" +company: "Ro" +slug: "lever-ro-af3c256d-62e4-4b53-8329-c7a8d187301e-sr-grc-engineer" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/ro" +role_url: "https://jobs.lever.co/ro/af3c256d-62e4-4b53-8329-c7a8d187301e" +apply_url: "https://jobs.lever.co/ro/af3c256d-62e4-4b53-8329-c7a8d187301e/apply" +posted_date: "2026-02-19" +expires_date: "2026-03-21" +location: "New York, NY or Remote" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "PCI-DSS" + - "HIPAA" + - "HITRUST" +languages: + - "Python" + - "JavaScript" + - "Rust" +compensation: "$148,000 - $175,000" +summary: "The Role: The Governance Risk and Compliance Engineer role will be a core member of Ro’s GRC team. This is a remote, Individual Contributor role. The GRC team enables Ro to..." +--- + +The Role: + +The Governance Risk and Compliance Engineer role will be a core member of Ro’s GRC team. This is a remote, Individual Contributor role. The GRC team enables Ro to manage risk by vigorously assessing our operations against leading compliance frameworks and standing legislation. This individual contributor role will be a key player in both leading our audit readiness program while driving continuous compliance using leading AI and automation platforms.. + +Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient, end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 99% of primary care deserts. + +Ro is consistently recognized as a top workplace in Health Care, in New York, and for Women and Parents—earning more than 20 honors from Fortune, Great Place to Work, and PEOPLE since 2021. In 2025 alone, we ranked top 5 among medium workplaces in Health Care and New York, and top 50 nationwide. + +### What You’ll Do: + +- Serve as both a risk practitioner and automation engineer. Automate everything. + +- Own and maintain the compliance platform (Vanta), including control mapping, evidence collection, continuous monitoring, and audit workflows + +- Perform risk assessments, vendor security reviews, and control gap analyses, and track remediation through to completion + +- Manage control documentation, policies, procedures, and supporting artifacts across multiple compliance frameworks + +- Partner with Security, IT, Infrastructure, and Engineering teams to ensure technical and administrative controls align with documented policies and compliance requirements + +- Support internal and external audits (SOC 2, HIPAA, HITRUST) + +- Own and maintain the cyber risk register, collaborating with risk owners to quantify risks and develop remediation plans. + +- Develop and maintain risk reporting, metrics, and executive summaries with BI tools (Looker, Hex, etc) + +### What You’ll Bring to the Team: + +- 5+ years of combined experience across governance, risk, compliance, security engineering, or adjacent technical roles, including hands-on experience working with compliance frameworks such as SOC 2, HIPAA, HITRUST, NIST, and PCI in modern, technology-driven environments. + +- 3+ years of experience with ongoing compliance operations, with demonstrated progression from manual evidence collection to automated, continuously monitored controls. + +- 2+ years of hands-on experience implementing and administering continuous compliance and evidence automation platforms (e.g., Vanta, Drata, SecureFrame), including configuring and creating custom integrations as well as optimizing automated evidence workflows. + +- Working knowledge of cloud computing platforms (AWS, Azure, GCP) and how their native services and configurations support security and compliance requirements. + +- Expertise in using Looker (or similar BI tool; HEX) to create dashboards, generate reports, and visualize GRC data for stakeholders, with a focus on simplifying complex data into actionable insights. + +- Ability to automate data ingestion, transformation, and reporting using scripting or programmatic approaches (e.g., Python, JavaScript, APIs, Tines.) + +- Strong analytical and root cause analysis skills + +- Kindness, and an ability to communicate to all levels of the organization + +### Bonus Points + +- Advanced GRC Automation & Engineering Mindset (custom automatons or workflows beyond out-of-the-box compliance tools) + +### We’ve Got You Covered: + +- Full medical, dental, and vision insurance + OneMedical membership + +- Healthcare and Dependent Care FSA + +- 401(k) with company match + +- Flexible PTO + +- Wellbeing + Learning & Growth reimbursements + +- Paid parental leave + Fertility benefits + +- Pet insurance + +- Student loan refinancing + +- Virtual resources for mindfulness, counseling, and fitness + +The target base salary for this position ranges from $148,000 to $175,000, in addition to a competitive equity and benefits package (as applicable). When determining compensation, we analyze and carefully consider several factors, including location, job-related knowledge, skills and experience. These considerations may cause your compensation to vary. + +Ro recognizes the power of in-person collaboration, while supporting the flexibility to work anywhere in the United States. For our Ro’ers in the tri-state (NY) area, you will join us at HQ on Tuesdays and Thursdays. For those outside of the tri-state area, you will be able to join in-person collaborations throughout the year (i.e., during team on-sites). + +At Ro, we believe that our diverse perspectives are our biggest strengths — and that embracing them will create real change in healthcare. As an equal opportunity employer, we provide equal opportunity in all aspects of employment, including recruiting, hiring, compensation, training and promotion, termination, and any other terms and conditions of employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, familial status, age, disability and/or any other legally protected classification protected by federal, state, or local law. + +Ro is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and interview process. If you require a reasonable accommodation in the application or interview process, please contact us at talent@ro.co. + +See our California Privacy Policy here (https://ro.co/job-applicant-privacy-policy/) . diff --git a/jobs/imported/lever/lever-swordhealth-f1b2cda0-53f7-4436-b967-ab045d4eba42-governance-risk-and-compliance-analyst.md b/jobs/imported/lever/lever-swordhealth-f1b2cda0-53f7-4436-b967-ab045d4eba42-governance-risk-and-compliance-analyst.md new file mode 100644 index 0000000..4143974 --- /dev/null +++ b/jobs/imported/lever/lever-swordhealth-f1b2cda0-53f7-4436-b967-ab045d4eba42-governance-risk-and-compliance-analyst.md @@ -0,0 +1,132 @@ +--- +title: "Governance, Risk & Compliance Analyst" +company: "Swordhealth" +slug: "lever-swordhealth-f1b2cda0-53f7-4436-b967-ab045d4eba42-governance-risk-and-compliance-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/swordhealth" +role_url: "https://jobs.lever.co/swordhealth/f1b2cda0-53f7-4436-b967-ab045d4eba42" +apply_url: "https://jobs.lever.co/swordhealth/f1b2cda0-53f7-4436-b967-ab045d4eba42/apply" +posted_date: "2026-01-07" +expires_date: "2026-02-06" +location: "Porto" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST 800-171" +languages: + - "Rust" +compensation: "€35,000 - €70,000" +summary: "As a GRC Analyst, you will be a key driver of trust and regulatory excellence at Sword Health. You will act as the primary interface for our partners and clients, translating our..." +--- + +As a GRC Analyst, you will be a key driver of trust and regulatory excellence at Sword Health. You will act as the primary interface for our partners and clients, translating our security posture into clear, authoritative responses that enable business growth. Beyond external trust, you will take ownership of certification lifecycles and bridge the gap between technical security controls and medical device quality standards. + +We are looking for an agile problem-solver who can pivot quickly to support new products and initiatives in a way that aligns with our fast-paced innovation. + +Sword Health is shifting healthcare from human-first to AI-first through its AI Care platform, making world-class healthcare available anytime, anywhere, while significantly reducing costs for payers, self-insured employers, national health systems, and other healthcare organizations. Sword began by reinventing pain care with AI at its core, and has since expanded into women’s health, movement health, and more recently mental health. Since 2020, more than 700,000 members across three continents have completed 10 million AI sessions, helping Sword's 1,000+ enterprise clients avoid over $1 billion in unnecessary healthcare costs. Backed by 42 clinical studies and over 44 patents, Sword Health has raised more than $500 million from leading investors, including Khosla Ventures, General Catalyst, Transformation Capital, and Founders Fund. Learn more at www.swordhealth.com (http://www.swordhealth.com) . + +### What you’ll be doing: + +- Acting as the primary subject matter expert for all security and compliance inquiries, including security questionnaires, RFPs, and M&A due diligence; building and maintaining a robust knowledge base to ensure accurate and efficient responses to partners and clients. + +- Taking end-to-end ownership of certification lifecycles, such as ISO 27001 and Cyber Essentials; ensuring year-round audit readiness, managing the certification process from start to finish, and independently leading external audits. + +- Working closely with the GRC team to improve existing programs, ensuring that our mapping of controls to processes and documentation remains robust and scalable as we grow. + +- Partnering with the Quality Assurance & Regulatory Affairs (QARA) team to bridge the gap between security-focused frameworks and Medical Device Compliance initiatives, ensuring a unified approach to the AI Act and other healthcare-specific regulations. + +- Collaborating with product teams on existing and upcoming initiatives to ensure security-by-design; quickly learning new product architectures and partnering with stakeholders to ensure all necessary compliance and security controls are integrated smoothly into the development lifecycle. + +- Collaborating with Security, Product, Engineering, and IT teams to ensure that security controls are naturally integrated into their existing workflows without creating operational friction. + +- Providing subject matter expertise and support for security and compliance training, as well as other general GRC initiatives as they arise. + +### What you need to have: + +- 5+ years of hands-on experience in GRC, with a proven track record of leading audits and maintaining certifications for internationally recognized security standards. + +- Hands-on experience with at least three of the following frameworks: ISO 27001, SOC 2, HITRUST, NIS2, Cyber Resilience Act, FedRAMP, CMMC, NIST SP 800-171, NIST SP 800-53, GDPR, HIPAA or PCI DSS. + +- Exceptional command of the English language, both written and spoken. You must be able to communicate complex security concepts clearly and authoritatively to both technical teams and external stakeholders. + +- A strong understanding of how security controls apply to Infrastructure and Product environments to effectively map requirements to technical work instructions. + +- A "wildcard" mindset—the ability to be dropped into a new project or product initiative, learn the context quickly, and define the necessary compliance path forward. + +- Familiarity with the intersection of cybersecurity (ISO, NIS2) and privacy/regulatory frameworks (GDPR, AI Act, or Medical Device regulations). + +- Familiarity with Medical Device certifications and regulations, such as ISO 13485 and FDA’s Good Manufacturing Practices (GMP). + +- Proven experience using LLMs to accelerate personal workflows, including drafting, summarizing, and analyzing GRC-related tasks to achieve significant individual productivity gains. + +- Demonstrated ability to design and implement AI-driven automations or integrated workflows that replace manual processes and enhance productivity at a team level is a strong plus. + +- Experience working across diverse teams such as Legal, Quality, and IT to align on shared compliance goals. + +- Leverage AI to streamline the creation and maintenance of compliance artifacts (e.g., policies, control descriptions, risk assessments), ensuring accuracy, consistency, and proper review processes. + +- Design and implement AI-assisted workflows for risk tracking and governance, improving visibility, follow-ups, and accountability across risk owners. + +- Support the automation of evidence collection and control monitoring processes, using AI to reduce manual effort while maintaining auditability. + +- Ensure that the use of AI in GRC processes preserves traceability, version control, and regulatory compliance requirements. + +- Define and enforce guardrails for the responsible use of AI in compliance and risk management activities. + +- Continuously evaluate the reliability and integrity of AI-generated outputs used in governance and reporting processes. + +### To ensure you feel good solving a big Human problem, we offer: + +- A stimulating, fast-paced environment with lots of room for creativity. + +- A bright future at a promising high-tech startup company. + +- Career development and growth, with a competitive salary. + +- The opportunity to work with a talented team and to add real value to an innovative solution with the potential to change the future of healthcare. + +- A flexible environment where you can control your hours (remotely) with unlimited vacation. + +- Access to our health and well-being program (digital therapist sessions). + +- Remote or Hybrid work policy. + +- To get to know more about our Tech Stack, check here (https://stackshare.io/sword-health/sword-health). + +Portugal - Sword Benefits & Perks: + +• Health, dental and vision insurance + +• Meal allowance + +• Equity shares + +• Remote work allowance + +• Flexible working hours + +• Work from home + +• Discretionary vacation + +• Snacks and beverages + +• English class + +Note: Please note that this position does not offer relocation assistance. Candidates must possess a valid EU visa and be based in Portugal. + +Sword Health complies with applicable Federal and State civil rights laws and does not discriminate on the basis of Age, Ancestry, Color, Citizenship, Gender, Gender expression, Gender identity, Gender information, Marital status, Medical condition, National origin, Physical or mental disability, Pregnancy, Race, Religion, Caste, Sexual orientation, and Veteran status. diff --git a/jobs/imported/lever/lever-whoop-5a69af6c-bcb8-4744-b541-0e2501c3750e-ai-risk-and-compliance-analyst.md b/jobs/imported/lever/lever-whoop-5a69af6c-bcb8-4744-b541-0e2501c3750e-ai-risk-and-compliance-analyst.md new file mode 100644 index 0000000..d3a93b2 --- /dev/null +++ b/jobs/imported/lever/lever-whoop-5a69af6c-bcb8-4744-b541-0e2501c3750e-ai-risk-and-compliance-analyst.md @@ -0,0 +1,45 @@ +--- +title: "AI Risk & Compliance Analyst" +company: "Whoop" +slug: "lever-whoop-5a69af6c-bcb8-4744-b541-0e2501c3750e-ai-risk-and-compliance-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/whoop" +role_url: "https://jobs.lever.co/whoop/5a69af6c-bcb8-4744-b541-0e2501c3750e" +apply_url: "https://jobs.lever.co/whoop/5a69af6c-bcb8-4744-b541-0e2501c3750e/apply" +posted_date: "2026-03-12" +expires_date: "2026-04-11" +location: "Boston, MA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "NIST CSF" + - "NIST RMF" + - "NIST AI RMF" + - "PCI-DSS" + - "GDPR" +languages: [] +compensation: "$85,000 - $135,000" +summary: "At WHOOP, we’re on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better..." +--- + +At WHOOP, we’re on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies and make smarter decisions about training, recovery, and lifestyle. As AI systems play a growing role across our platform, effective governance, risk management, and compliance for AI and associated technologies are critical for safeguarding member data, ensuring regulatory alignment, and enabling secure innovation. We are seeking an AI Risk & Compliance Analyst to partner with Security, Product, Engineering, Legal, and Privacy teams to govern risk and compliance related to AI systems and machine learning integrations. This role will support AI-related risk evaluation, vendor assessments, policy governance, audit coordination, and compliance with emerging AI regulatory frameworks. This is a senior individual contributor role within GRC with broad influence across risk domains and collaboration with technical and business stakeholders. + +### RESPONSIBILITIES: + +- Lead governance, risk assessment, and compliance activities specific to AI/ML systems, LLM integrations, AI agents, and retrieval-augmented workflows - Partner with the Senior Security Engineer, AI/ML to integrate risk assessment findings into GRC frameworks and translate technical risk into governance requirements - Develop, maintain, and refine AI risk and compliance controls aligned with relevant frameworks, including ISO/IEC 27001, NIST Cybersecurity Framework, NIST AI Risk Management Framework, EU AI Act, GDPR, and other applicable standards - Execute risk assessments for new AI vendors, LLM platforms, AI APIs, and enterprise AI tools, including third-party risk scoring, control mapping, and remediation tracking - Manage the vendor risk assessment lifecycle for AI/ML related suppliers, ensuring documented controls, evidence collection, and follow-up on remediation items - Support audit activities, capturing evidence and coordinating cross-functional stakeholders for internal and external compliance reviews involving AI systems - Develop and maintain AI-specific GRC policies, standards, and procedures that map to AI risk domains, explainability requirements, and compliance obligations - Facilitate AI risk and compliance reporting to leadership, including risk dashboards, trend analysis, control effectiveness measurements, and key metrics - Monitor emerging AI governance requirements, guidance, and best practices, translating them into GRC program updates and compliance recommendations - Support security incident documentation and post-incident analysis for AI system events, coordinating with Legal and Security teams to ensure appropriate governance response + +### QUALIFICATIONS: + +- 6+ years of experience in Governance, Risk & Compliance, including risk assessment, policy development, audit coordination, and third-party risk management - Demonstrated experience performing governance or risk assessments for AI/ML systems, including LLM integrations, model pipelines, AI agents, or data-driven algorithmic systems - Experience translating AI-specific risks (i.e., data poisoning, prompt injection, model misuse, data leakage, explainability gaps) into documented control requirements and governance standards - Hands-on experience conducting third-party risk assessments for AI vendors, LLM platforms, AI APIs, or machine learning service providers - Experience mapping AI-related risks and controls to frameworks such as ISO/IEC 27001, NIST CSF, NIST AI RMF, ISO/IEC 42001, GDPR, PCI DSS, or similar standards - Strong understanding of data governance concepts relevant to AI systems, including training data lineage, data retention, model output handling, and human oversight requirements - Experience supporting regulatory readiness or compliance efforts related to AI systems - Proven ability to collaborate with engineering and security teams to validate control implementation and remediation - Experience with GRC tools, risk registers, and evidence-based compliance workflows - Bachelor’s degree in Information Security, Computer Science, Business Risk, Compliance, or a related field, relevant certifications CISA, CISM, CRISC, CISSP, AIGP, or equivalent practical experience + +This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office. Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply. WHOOP is an Equal Opportunity Employer and participates in E-verify (https://www.e-verify.gov/) to determine employment eligibility The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values. At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success. The U.S. base salary range for this full-time position is $85,000 - $135,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. In addition to the base salary, the successful candidate will also receive benefits and a generous equity package. These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements. diff --git a/jobs/imported/lever/lever-whoop-f7841047-c054-4b3a-8986-c69c05bad406-senior-risk-and-compliance-analyst.md b/jobs/imported/lever/lever-whoop-f7841047-c054-4b3a-8986-c69c05bad406-senior-risk-and-compliance-analyst.md new file mode 100644 index 0000000..bbc755a --- /dev/null +++ b/jobs/imported/lever/lever-whoop-f7841047-c054-4b3a-8986-c69c05bad406-senior-risk-and-compliance-analyst.md @@ -0,0 +1,45 @@ +--- +title: "Senior Risk & Compliance Analyst" +company: "Whoop" +slug: "lever-whoop-f7841047-c054-4b3a-8986-c69c05bad406-senior-risk-and-compliance-analyst" +status: "published" +source: "Lever" +sources: + - "Lever" +source_url: "https://jobs.lever.co/whoop" +role_url: "https://jobs.lever.co/whoop/f7841047-c054-4b3a-8986-c69c05bad406" +apply_url: "https://jobs.lever.co/whoop/f7841047-c054-4b3a-8986-c69c05bad406/apply" +posted_date: "2026-03-20" +expires_date: "2026-04-19" +location: "Boston, MA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Identity & Access Management" +frameworks: + - "ISO 27001" + - "NIST CSF" + - "NIST AI RMF" + - "PCI-DSS" + - "HIPAA" +languages: [] +compensation: "$125,000 - $155,000" +summary: "At WHOOP, we are on a mission to unlock human performance and extend healthspan. The Governance, Risk, and Compliance (GRC) team helps ensure technology and cybersecurity risks..." +--- + +At WHOOP, we are on a mission to unlock human performance and extend healthspan. The Governance, Risk, and Compliance (GRC) team helps ensure technology and cybersecurity risks are identified, assessed, and communicated clearly across the organization. As a Senior Risk & Compliance Analyst, you will play a key role in supporting the design, execution, and continued evolution of the cyber risk management program. In this role, you will lead structured risk assessments, maintain the cyber risk register, and support risk governance through the Cyber Risk Committee while partnering with Security Architecture, Security Engineering, Product Security, Legal, IT, and business stakeholders to identify and assess technology and cybersecurity risks across systems, infrastructure, and business operations, and to translate technical findings into clear business risk and contribute to effective risk mitigation strategies. The ideal candidate combines strong analytical thinking with the ability to communicate complex risk scenarios clearly to both technical and non-technical stakeholders. + +### RESPONSIBILITIES: + +- Lead cyber and technology risk assessments across systems, cloud environments, business processes, and major initiatives, evaluating threats, vulnerabilities, control effectiveness, and residual risk. - Maintain and operate the enterprise cyber risk register, including drafting risk statements, tracking mitigation plans, and supporting governance and reporting processes. - Translate technical findings, architectural concerns, and control gaps into clear business risk scenarios that support prioritization and decision-making. - Support and help mature quantitative cyber risk analysis approaches such as FAIR to improve how risk is measured and communicated. - Prepare materials and analysis to support the Cyber Risk Committee and executive risk reporting. - Partner with Security Architecture to assess risk in system designs, cloud architecture, identity models, data flows, and platform changes. - Collaborate with Security Engineering, Product Security, Legal, IT, and business teams to evaluate new initiatives, technology changes, artificial intelligence use cases, and third-party integrations through a risk lens. - Conduct risk assessments for emerging technologies including artificial intelligence and machine learning systems, evaluating data usage, model behavior, external dependencies, and security implications. - Evaluate risks associated with the use of artificial intelligence technologies, including model behavior, data exposure, prompt or input manipulation, and external model dependencies. - Develop dashboards and reporting that provide leadership with visibility into key cybersecurity risks and trends. - Track mitigation progress and risk treatment activities to ensure accountability and clear documentation of outcomes. - Contribute to the continued development of cyber risk management processes, methodologies, and governance practices across the GRC program. + +### QUALIFICATIONS: + +- 6+ years of experience in cybersecurity risk management, information security, technology risk, or a related field. - Demonstrated experience conducting structured cybersecurity or IT risk assessments. - Experience maintaining risk registers and tracking risk mitigation or treatment activities. - Strong understanding of security frameworks such as NIST CSF, ISO 27001, or PCI DSS, and familiarity with regulatory environments such as GDPR, HIPAA or other privacy and data protection requirements. - Ability to translate technical findings into clear business risk for non-technical stakeholders. - Strong written and verbal communication skills with experience presenting findings to cross-functional teams. - Experience working with engineering, architecture, legal, compliance, and business stakeholders. - Experience assessing risks related to artificial intelligence, machine learning systems, or emerging technologies, including familiarity with emerging AI governance frameworks such as NIST AI RMF, ISO/IEC 42001, or similar standards. - Professional certifications such as CRISC, CISSP, CISM, CISA, or CGRC are a plus. + +This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office. Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply. WHOOP is an Equal Opportunity Employer and participates in E-verify (https://www.e-verify.gov/) to determine employment eligibility The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values. At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success. The U.S. base salary range for this full-time position is $125,000 - $155,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. In addition to the base salary, the successful candidate will also receive benefits and a generous equity package. These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements. diff --git a/jobs/imported/remoteok/remoteok-expansia-e01-hr-compliance-specialist-iv.md b/jobs/imported/remoteok/remoteok-expansia-e01-hr-compliance-specialist-iv.md new file mode 100644 index 0000000..d183b80 --- /dev/null +++ b/jobs/imported/remoteok/remoteok-expansia-e01-hr-compliance-specialist-iv.md @@ -0,0 +1,128 @@ +--- +title: "E01 HR Compliance Specialist IV" +company: "EXPANSIA" +slug: "remoteok-expansia-e01-hr-compliance-specialist-iv" +status: "published" +source: "Remote OK" +sources: + - "Remote OK" +source_url: "https://remoteok.com/json" +role_url: "https://remoteOK.com/remote-jobs/remote-e01-hr-compliance-specialist-iv-expansia-1131045" +apply_url: "https://remoteOK.com/remote-jobs/remote-e01-hr-compliance-specialist-iv-expansia-1131045" +posted_date: "2026-04-09" +expires_date: "2026-05-09" +location: "Remote" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: [] +languages: [] +compensation: "" +summary: "Start Date: Immediate JHNA, CTSi, and EXPANSIA have come together to form a Defense Technology platform focused on delivering high-impact technologies, technology-enabled services..." +--- + +Start Date: Immediate + +JHNA, CTSi, and EXPANSIA have come together to form a Defense Technology platform focused on delivering high-impact technologies, technology-enabled services and advanced manufacturing solutions to the U.S. Department of Defense and related national security customers. Backed by Falfurrias Management Partners, the platform brings together deep domain expertise across Army, Navy, and Air Force and Space Force programs, digital engineering, systems integration, and specialized manufacturing capabilities. + +The combined organization operates as a multi-entity aerospace and defense technology and tech-enabled services and manufacturing enterprise positioned for scalable growth, operational excellence, and long-term value creation. + +OVERVIEW + +Full-time/Permanent Employee + +Location: Remote + +As a Human Resources (HR) Compliance Specialist IV, you will ensure the organization operates in a legal and ethical manner while meeting its strategic business objectives. You will serve as an emerging authority, applying extensive technical expertise to develop and manage comprehensive compliance and ethics programs. You will advise leadership on regulatory obligations, compliance risks, and mitigation strategies through detailed analysis and reporting. You will design and implement policies, procedures, and internal controls that strengthen regulatory adherence and ethical standards across the enterprise. You will work closely with the Chief People Officer in determining objectives, strategies, and corrective actions related to compliance initiatives. You will collaborate with internal stakeholders to enhance monitoring, communication, and enforcement of compliance standards. You will handle sensitive information with discretion while supporting a workplace culture grounded in integrity, accountability, and compliance with regulatory standards. + +The proposed salary range for this position is $118,566–$177,848 . There are a host of factors that can influence final salary including, but not limited to, relevant prior work experience, specific skills and competencies, geographic location, education, and certifications. Our employees value the flexibility EXPANSIA allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our unique mix of benefits options is designed to support and protect employees and their families. Employment benefits include health and wellness programs, income protection, paid leave and retirement and savings. + +\n + +RESPONSIBILITIES + +- Implement and manage an effective HR legal and regulatory compliance program + +- Develop, review, and update company policies to ensure alignment with applicable laws and regulations + +- Advise management on compliance risks and regulatory requirements through detailed reports and recommendations + +- Create and manage corrective action plans in response to audit findings and compliance violations + +- Conduct periodic internal audits and reviews of procedures, practices, and documentation to identify risks or weaknesses + +- Assess company operations to determine areas of compliance, ethical, or operational risk + +- Identify compliance or ethics issues requiring follow-up, investigation, or remediation + +- Design and implement risk management strategies to mitigate identified compliance risks + +- Write, disseminate, and maintain policies and procedures related to compliance and ethics programs + +- Collaborate with internal management teams to develop, implement, and operate compliance and ethics initiatives + +- Develop and deliver employee training on compliance-related topics, policies, and regulatory updates + +- Ensure employees are educated on current regulations, reporting mechanisms, and ethical standards + +- Resolve employee concerns related to legal compliance and ethical matters + +- Assist with audit reporting and oversee related corrective actions to ensure timely resolution + +- Design and implement improvements in communication, monitoring, and enforcement of compliance standards + +- Maintain strict confidentiality of sensitive employee and organizational information + +- Participate in growth efforts as requested + +- Ensure all contractual deliverables are met/exceeded to the customer's satisfaction + +- Complete personal PDP and attend Staff Meeting and Storytime (with camera on) + +- Execute all contract requirements as assigned in accordance with the contract-specific LCAT and requirements + +- Perform other related duties as assigned + +KEY QUALIFICATIONS + +Clearance: Ability to obtain Secret clearance Education and Years of Experience: Bachelor's (or equivalent) with 8 - 10 years of experience, or a Master's with 6 - 8 years of experience in Human Resources, Compliance, Business Administration, or a related field. + +- Extensive knowledge of HR policies, labor laws, including federal, state, and local employment laws and regulatory requirements + +- Strong analytical skills with the ability to interpret HR data and provide strategic recommendations + +- Excellent interpersonal and communication skills for coaching, counseling, and conflict resolution + +- Demonstrated experience developing and implementing enterprise-wide compliance programs + +- Experience drafting, reviewing, and revising corporate policies and operating procedures + +- Strong analytical skills with the ability to assess complex compliance risks and recommend effective solutions + +- Excellent written and verbal communication skills with experience presenting findings to senior leadership + +- Ability to exercise independent judgment and discretion in handling confidential and sensitive matters + +PREFERRED ADDITIONAL QUALIFICATIONS + +- Professional certification such as SHRM-SCP, SPHR, CHRC, or Certified Compliance & Ethics Professional (CCEP) + +- Experience supporting compliance within government contracting or regulated industries + +- Knowledge of ethics program management and whistleblower protection frameworks + +- Experience implementing compliance management systems or governance tools + +- Familiarity with data privacy, workplace investigations, and regulatory reporting requirements + +\n + +EXPANSIA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic. + +Please mention the word **NEATEST** and tag RMjYwMDo0MDQwOjJlZDI6M2IwMDo3MTk5OjgzYzc6NDA3YToyODE0 when applying to show you read the job post completely (#RMjYwMDo0MDQwOjJlZDI6M2IwMDo3MTk5OjgzYzc6NDA3YToyODE0). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human. diff --git a/jobs/imported/rippling/rippling-aalyria-careers-4c8b8c5b-da46-457d-a8e4-052ac47f2e5f-security-and-compliance-lead.md b/jobs/imported/rippling/rippling-aalyria-careers-4c8b8c5b-da46-457d-a8e4-052ac47f2e5f-security-and-compliance-lead.md new file mode 100644 index 0000000..25ecc22 --- /dev/null +++ b/jobs/imported/rippling/rippling-aalyria-careers-4c8b8c5b-da46-457d-a8e4-052ac47f2e5f-security-and-compliance-lead.md @@ -0,0 +1,122 @@ +--- +title: "Security and Compliance Lead" +company: "Aalyria Technologies, Inc." +slug: "rippling-aalyria-careers-4c8b8c5b-da46-457d-a8e4-052ac47f2e5f-security-and-compliance-lead" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/aalyria-careers/jobs" +role_url: "https://ats.rippling.com/aalyria-careers/jobs/4c8b8c5b-da46-457d-a8e4-052ac47f2e5f" +apply_url: "https://ats.rippling.com/aalyria-careers/jobs/4c8b8c5b-da46-457d-a8e4-052ac47f2e5f" +posted_date: "2026-01-07" +expires_date: "2026-02-06" +location: "Remote (United States)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Audit & Assurance" + - "Cloud Security" + - "Identity & Access Management" +frameworks: + - "FedRAMP" + - "NIST 800-53" + - "NIST 800-171" + - "CMMC" +languages: + - "Python" + - "Terraform" + - "Bash" +compensation: "$180,000 - $215,000" +summary: "About Aalyria: Aalyria is a leading technology company that supplies laser communications technology and temporospatial software-defined networking platforms to the aerospace..." +--- + +# About Aalyria: + +Aalyria is a leading technology company that supplies laser communications technology and temporospatial software-defined networking platforms to the aerospace industry. With technology acquired from Google, Aalyria is at the forefront of innovation in satellite and airborne mesh networks, as well as cislunar and deep-space communications. We are revolutionizing the orchestration and management of planetary mesh networks using any radio or optical spectrum, any orbit, and any hardware across land, sea, air, and space. + +## Role Overview: + +We are looking for an experienced Security & Compliance Lead to join our team. The ideal candidate for this role has deep expertise in federal compliance frameworks including CMMC, FedRAMP, ITAR, and DFARS, combined with hands-on technical security implementation experience. We need someone who can navigate compliance frameworks and roll up their sleeves to implement controls, harden systems, and solve technical problems. We require an individual capable of navigating compliance frameworks, implementing controls, hardening systems, and resolving technical challenges. + +You will be the primary owner of our government compliance programs while also contributing directly to security architecture, tooling, and engineering efforts. You will work closely with the Director of Security & IT, our engineering teams, and external partners to ensure we meet contractual and regulatory obligations. Come join a team building secure systems that support mission-critical communications for defense and federal customers. + +## Key Responsibilities: + +- Own CMMC L2 certification and FedRAMP High authorization efforts end-to-end, including gap analysis, remediation tracking, evidence collection, and assessment coordination +- Maintain compliance with DFARS cybersecurity clauses (7012, 7019, 7020), ITAR, EAR and other federal requirements; manage SPRS score and supplier requirements +- Develop and maintain System Security Plans, POA&Ms, policies, procedures, and supporting artifacts across all compliance frameworks +- Serve as primary point of contact for C3PAO/3PAO assessors, government customers, prime contractors, and agency authorizing officials +- Manage continuous monitoring activities including vulnerability scanning, access reviews, evidence collection, and monthly/annual reporting +- Monitor regulatory changes across CMMC, FedRAMP, NIST 800-171/800-53, DFARS, and ITAR; assess impact and drive necessary updates +- Implement security controls hands-on, including identity and access management, logging, encryption, and endpoint security +- Harden cloud infrastructure in GCP, AWS, implementing security configurations and access controls aligned with compliance requirements +- Build automation and tooling for evidence collection and compliance reporting; integrate security into CI/CD pipelines +- Define, document, and enforce CUI boundaries and enclave architecture +- Translate compliance requirements into actionable technical guidance for engineering teams +- Support customer security assessments, due diligence requests, and contract security requirements + +## Required Qualifications: + +- 7+ years of experience in security roles with demonstrated compliance and technical responsibilities +- Deep knowledge of federal compliance frameworks: NIST 800-171, NIST 800-53 Rev 5, CMMC 2.0, FedRAMP, and ITAR compliance and cybersecurity requirements +- Experience preparing for and supporting third-party assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or equivalent) +- Hands-on technical skills: ability to write scripts, Terraform, and troubleshoot access issues +- Cloud security experience securing cloud environments (GCP preferred; AWS GovCloud) +- Experience with enterprise IAM platforms (Okta, Azure AD, or similar) +- Excellent documentation skills with ability to write policies that satisfy auditors and implementation guides that engineers can use +- Strong communication skills with comfort presenting to auditors, executives, government customers, and authorizing officials +- Combined experience in both compliance/GRC and hands-on technical security implementation +- Experience leading or supporting third-party security assessments (C3PAO, 3PAO, FedRAMP JAB/Agency, or similar) +- Ability to interpret NIST 800-53 controls and implement them in cloud environments +- Working knowledge of CMMC, FedRAMP, and DFARS frameworks, including overlapping control requirements +- Demonstrated ability to operate effectively in fast-paced environments with competing priorities +- Experience building or significantly maturing a compliance program +- U.S. Citizenship required + +## Preferred Qualifications: + +- FedRAMP authorization experience, ideally from initial readiness through ATO +- CMMC C3PAO assessment experience +- DoD or federal contractor background with understanding of regulatory environment and contract requirements +- GCP experience including Security Command Center, Cloud Audit Logs, IAM, VPC Service Controls, and Assured Workloads +- Infrastructure-as-code experience with Terraform, Ansible, or similar tools +- GRC tooling experience (Vanta, Drata,or similar) +- Security certifications such as CISSP, CISM, CGRC, CAP, or Security+ +- Familiarity with scripting languages (Python, Go, Bash) +- Active Secret or Top Secret clearance, or ability to obtain + +## What We Offer: + +- Innovative Environment: Work at a cutting-edge company shaping the future of aerospace communications. +- Impactful Work: Directly contribute to critical national security programs and initiatives. +- Growth Opportunities: Expand your career with opportunities for professional development and advancement. +- Inclusive Culture: Be part of a collaborative, supportive, and inclusive workplace where your contributions matter. +- Flexibility: Flexible working arrangements including hybrid remote/in-office schedules. +- Compensation and Equity: Competitive salary, comprehensive benefits (401(k), dental, vision, health, life insurance), paid time off, and equity options. + +## ITAR/EAR Requirements: + +This position involves access to export-controlled information. To comply with U.S. government export regulations, applicants must meet one of the following criteria: + +(A) Qualify as a U.S. person, which includes: + +- U.S. citizen or national +- U.S. lawful permanent resident (green card holder) +- Refugee under 8 U.S.C. 1157 +- Asylee under 8 U.S.C. 1158 + +(B) Be eligible to access export-controlled information without requiring an export authorization. + +(C) Be eligible and reasonably likely to obtain the necessary export authorization from the appropriate U.S. government agency. + +The company reserves the right to decline pursuing an export licensing process for legitimate business-related reasons. + +## Equal Opportunity Employer Statement: + +Aalyria is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based on race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Qualified applicants from all backgrounds are encouraged to apply. + +#LI-Remote diff --git a/jobs/imported/rippling/rippling-agencycyber-a5ba9012-de9d-4f90-b5d1-ae612892d776-senior-compliance-grc-manager.md b/jobs/imported/rippling/rippling-agencycyber-a5ba9012-de9d-4f90-b5d1-ae612892d776-senior-compliance-grc-manager.md new file mode 100644 index 0000000..cb7fcc0 --- /dev/null +++ b/jobs/imported/rippling/rippling-agencycyber-a5ba9012-de9d-4f90-b5d1-ae612892d776-senior-compliance-grc-manager.md @@ -0,0 +1,96 @@ +--- +title: "Senior Compliance / GRC Manager" +company: "Agency Cyber Inc" +slug: "rippling-agencycyber-a5ba9012-de9d-4f90-b5d1-ae612892d776-senior-compliance-grc-manager" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/agencycyber/jobs" +role_url: "https://ats.rippling.com/agencycyber/jobs/a5ba9012-de9d-4f90-b5d1-ae612892d776" +apply_url: "https://ats.rippling.com/agencycyber/jobs/a5ba9012-de9d-4f90-b5d1-ae612892d776" +posted_date: "2026-01-27" +expires_date: "2026-02-26" +location: "Richmond, VA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "PCI-DSS" + - "HIPAA" +languages: + - "Rust" +compensation: "$115,000 - $145,000" +summary: "About Agency Cybersecurity: Agency Cybersecurity is fast growing ventured back startup that provides best-in-class cybersecurity and compliance. Our software and services simplify..." +--- + +About Agency Cybersecurity: + +Agency Cybersecurity is fast growing ventured back startup that provides best-in-class cybersecurity and compliance. Our software and services simplify complex compliance frameworks including SOC2, ISO 27001, HIPAA, and others, empowering businesses to scale securely and confidently. We're backed by top tier investors like Y Combinator and have offices in NYC, Boston, Richmond, and London. + +Location: 100% On-Site in Richmond VA + +Position Type: Full-Time, Salaried + +Experience Level: Senior Manager Level + +Compensation: $115,000 to $145,000 total comp, including annual bonus and benefits. + +Job Summary: + +Agency Cybersecurity is seeking a Senior Compliance / GRC Manager to join our fast-growing team. This senior-level role is ideal for an experienced compliance professional who has led cybersecurity and compliance engagements from start to finish in a consulting environment. You will be responsible for managing multiple client relationships, leading audits end-to-end, and delivering exceptional cybersecurity compliance services. + +Key Responsibilities: + +- Serve as the primary point of contact for multiple cybersecurity and compliance client engagements. +- Lead and manage SOC 2, ISO 27001, HIPAA, and other compliance framework audits from initiation through completion. +- Own the delivery of multiple simultaneous client projects, ensuring timely and high-quality results. +- Conduct gap assessments, risk analyses, and compliance readiness reviews for clients +- Develop and implement comprehensive compliance strategies and remediation plans +- Coordinate with external auditors and manage all aspects of the audit process +- Build and maintain strong client relationships, serving as a trusted advisor on compliance matters +- Guide clients through complex compliance requirements and regulatory standards +- Create detailed compliance documentation, policies, procedures, and control frameworks +- Manage a team of 10 junior members +- Stay current on evolving compliance frameworks, regulations, and industry standards + +Required Qualifications: + +- Minimum 4+ years of consulting experience at a cybersecurity and compliance consulting firm +- Proven track record as primary point of contact on multiple client engagements +- Demonstrated experience owning delivery for multiple clients simultaneously +- Extensive experience leading compliance audits end-to-end (SOC 2, ISO 27001, HIPAA, etc.) +- Deep domain expertise with 40+ SOC 2 engagements completed +- Strong understanding of compliance frameworks, including SOC 2, ISO 27001, HIPAA, NIST, and related standards +- Excellent project management skills with the ability to manage multiple concurrent engagements +- Outstanding client-facing communication and relationship management skills +- Strong analytical and problem-solving abilities +- Experience developing compliance documentation, policies, and procedures +- Bachelor's degree in Information Security, Computer Science, Business, or related field (or equivalent experience) + +Preferred Qualifications: + +- Professional certifications such as CISSP, CISA, CISM, or similar +- Experience with GRC platforms and compliance automation tools (Vanta, Drata, etc) +- Background working with startup or high-growth technology companies +- Experience with additional frameworks such as FedRAMP, PCI-DSS, or GDPR +- Previous experience at a Big Four firm or top-tier cybersecurity consultancy +- Strong technical background in information security and cloud infrastructure + +What We Offer: + +- Competitive compensation: $115,000 to $145,000 total comp, including annual bonus and benefits +- Opportunity to work with diverse clients across industries +- Collaborative team environment with a fast-paced startup team +- Exposure to cutting-edge compliance technology and methodologies +- Career growth opportunities in a fast-growing +- Work with top-tier clients backed by leading investors diff --git a/jobs/imported/rippling/rippling-agencycyber-d0df90a7-5d16-4233-b737-b2e6f6b54681-senior-compliance-grc-manager.md b/jobs/imported/rippling/rippling-agencycyber-d0df90a7-5d16-4233-b737-b2e6f6b54681-senior-compliance-grc-manager.md new file mode 100644 index 0000000..5616060 --- /dev/null +++ b/jobs/imported/rippling/rippling-agencycyber-d0df90a7-5d16-4233-b737-b2e6f6b54681-senior-compliance-grc-manager.md @@ -0,0 +1,96 @@ +--- +title: "Senior Compliance / GRC Manager" +company: "Agency Cyber Inc" +slug: "rippling-agencycyber-d0df90a7-5d16-4233-b737-b2e6f6b54681-senior-compliance-grc-manager" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/agencycyber/jobs" +role_url: "https://ats.rippling.com/agencycyber/jobs/d0df90a7-5d16-4233-b737-b2e6f6b54681" +apply_url: "https://ats.rippling.com/agencycyber/jobs/d0df90a7-5d16-4233-b737-b2e6f6b54681" +posted_date: "2025-12-20" +expires_date: "2026-01-19" +location: "New York, NY" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "PCI-DSS" + - "HIPAA" +languages: + - "Rust" +compensation: "$135,000 - $175,000" +summary: "About Agency Cybersecurity: Agency Cybersecurity is fast growing ventured back startup that provides best-in-class cybersecurity and compliance. Our software and services simplify..." +--- + +About Agency Cybersecurity: + +Agency Cybersecurity is fast growing ventured back startup that provides best-in-class cybersecurity and compliance. Our software and services simplify complex compliance frameworks including SOC2, ISO 27001, HIPAA, and others, empowering businesses to scale securely and confidently. We're backed by top tier investors like Y Combinator and have offices in NYC, Boston, Richmond, and London. + +Location: 100% On-Site in New York, NY + +Position Type: Full-Time Salaried + +Experience Level: Senior Manager Level + +Compensation: $135,000 to $175,000 total comp, including annual bonus and benefits. + +Job Summary: + +Agency Cybersecurity is seeking a Senior Compliance / GRC Manager to join our fast-growing team. This senior-level role is ideal for an experienced compliance professional who has led cybersecurity and compliance engagements from start to finish in a consulting environment. You will be responsible for managing multiple client relationships, leading audits end-to-end, and delivering exceptional cybersecurity compliance services. + +Key Responsibilities: + +- Serve as the primary point of contact for multiple cybersecurity and compliance client engagements. +- Lead and manage SOC 2, ISO 27001, HIPAA, and other compliance framework audits from initiation through completion. +- Own the delivery of multiple simultaneous client projects, ensuring timely and high-quality results. +- Conduct gap assessments, risk analyses, and compliance readiness reviews for clients +- Develop and implement comprehensive compliance strategies and remediation plans +- Coordinate with external auditors and manage all aspects of the audit process +- Build and maintain strong client relationships, serving as a trusted advisor on compliance matters +- Guide clients through complex compliance requirements and regulatory standards +- Create detailed compliance documentation, policies, procedures, and control frameworks +- Manage a team of 10 junior members +- Stay current on evolving compliance frameworks, regulations, and industry standards + +Required Qualifications: + +- Minimum 4+ years of consulting experience at a cybersecurity and compliance consulting firm +- Proven track record as primary point of contact on multiple client engagements +- Demonstrated experience owning delivery for multiple clients simultaneously +- Extensive experience leading compliance audits end-to-end (SOC 2, ISO 27001, HIPAA, etc.) +- Deep domain expertise with 40+ SOC 2 engagements completed +- Strong understanding of compliance frameworks, including SOC 2, ISO 27001, HIPAA, NIST, and related standards +- Excellent project management skills with the ability to manage multiple concurrent engagements +- Outstanding client-facing communication and relationship management skills +- Strong analytical and problem-solving abilities +- Experience developing compliance documentation, policies, and procedures +- Bachelor's degree in Information Security, Computer Science, Business, or related field (or equivalent experience) + +Preferred Qualifications: + +- Professional certifications such as CISSP, CISA, CISM, or similar +- Experience with GRC platforms and compliance automation tools (Vanta, Drata, etc) +- Background working with startup or high-growth technology companies +- Experience with additional frameworks such as FedRAMP, PCI-DSS, or GDPR +- Previous experience at a Big Four firm or top-tier cybersecurity consultancy +- Strong technical background in information security and cloud infrastructure + +What We Offer: + +- Competitive compensation: $135,000 to $175,000 total comp, including annual bonus and benefits +- Opportunity to work with diverse clients across industries +- Collaborative team environment with a fast-paced startup team +- Exposure to cutting-edge compliance technology and methodologies +- Career growth opportunities in a fast-growing +- Work with top-tier clients backed by leading investors diff --git a/jobs/imported/rippling/rippling-brevian-careers-6cf6c868-744f-47ba-92cf-2098051d1d8f-security-compliance-engineer.md b/jobs/imported/rippling/rippling-brevian-careers-6cf6c868-744f-47ba-92cf-2098051d1d8f-security-compliance-engineer.md new file mode 100644 index 0000000..bea96ec --- /dev/null +++ b/jobs/imported/rippling/rippling-brevian-careers-6cf6c868-744f-47ba-92cf-2098051d1d8f-security-compliance-engineer.md @@ -0,0 +1,86 @@ +--- +title: "Security Compliance Engineer" +company: "BREVIAN" +slug: "rippling-brevian-careers-6cf6c868-744f-47ba-92cf-2098051d1d8f-security-compliance-engineer" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/brevian-careers/jobs" +role_url: "https://ats.rippling.com/brevian-careers/jobs/6cf6c868-744f-47ba-92cf-2098051d1d8f" +apply_url: "https://ats.rippling.com/brevian-careers/jobs/6cf6c868-744f-47ba-92cf-2098051d1d8f" +posted_date: "2024-04-12" +expires_date: "2024-05-12" +location: "Sunnyvale, CA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "SOC 2" + - "ISO 27001" + - "PCI-DSS" + - "GDPR" + - "CCPA" +languages: + - "Terraform" +compensation: "" +summary: "BREV/AN is at the forefront of revolutionizing how businesses leverage artificial intelligence. Our no-code platform empowers every business team to harness the power of..." +--- + +BREV/AN is at the forefront of revolutionizing how businesses leverage artificial intelligence. Our no-code platform empowers every business team to harness the power of production-grade AI agents, without the need for specialized skills. With BREV/AN, users can effortlessly create, customize, and train AI agents to automate tasks, analyze data, and enhance team productivity. Our commitment to security ensures each agent is equipped with advanced features to protect against prompt injections, redact sensitive information, and refine responses for maximum safety and compliance. + +Job title + +Security Compliance Engineer + +Position overview + +We are seeking a Security Compliance Engineer with DevOps experience to enhance our Engineering team. This role combines security, compliance, and DevOps to ensure our technology infrastructure is secure, compliant, and efficiently managed. The ideal candidate will be adept at using cloud technologies, particularly AWS, and have experience with infrastructure as code, specifically Terraform. + +Key responsibilities + +- Implement security measures and compliance controls within our backend systems, focusing on cloud environments like AWS and enterprise security. +- Collaborate with compliance project managers and corporate IT to adopt new compliance standards, integrate them with existing security solutions and collect evidence for external audits. +- Enhance data protection, conduct risk assessments, and ensure systems comply with standards like GDPR, SOC2, or ISO. +- Ensure controls are configured correctly and integrated into the security strategy +- Identify and mitigate vulnerabilities, ensuring both security and compliance across systems. +- Stay updated on security technologies and compliance regulations, applying this knowledge to improve our infrastructure. +- Works with the engineering team to build secure and compliant software development practices. +- Manage application patching and update AWS configurations using Terraform to maintain system integrity and performance. +- Work with the team to conduct regular audits to ensure compliance with internal policies and procedures, relevant security standards best practices, regulations and client requirements to identify gaps and provide remediation solutions + +Qualifications + +Basic Qualifications + +- Bachelor’s degree in Computer Science, Information Systems, Security or a related field. +- 4+ years of experience within a security and compliance function +- Experience with vulnerability management tooling, remediation, and processes +- Experience with Docker, Terraform, AWS +- Understanding of concepts related to Systems Engineering/DevOps, IaC, IAM, network security, systems security, cryptography +- Understanding of compliance frameworks (e.g., GDPR, SOC2, ISO) and security best practices. +- Strong expertise in cloud security and compliance, particularly with AWS. + +Preferred Qualifications + +- Have a wide understanding of cybersecurity and data protection frameworks such as ISO 27001, NIST, SOC2, PCI-DSS, GDPR, CCPA. +- Experience developing and maintaining policies, procedures, standards, and guidelines to align with company’s strategy and best practices +- Experience with automated compliance and security monitoring tools. +- Knowledge of Large Language Models (LLMs) and secure, compliant integration. +- Ability to work effectively in fast-paced and dynamic environments. +- Excellent communication skills for technical and regulatory collaboration. +- Enterprise security experience is a plus + +Why BREVIAN? + +We are a very well funded seed stage startup. You get to experience the 0-1 of building a startup, working with talented engineers from Databricks, LinkedIn, MoveWorks, and AWS . You get to work with industry managers in Compliance and Corporate IT to coach and mentor you. This is an exciting opportunity to get into the space of AI at a company that’s security focused. + +We offer generous compensation, equity, benefits, perks and flexible time off. + +This is an exciting opportunity to ensure generative AI delivers tremendous value safely and securely. Please contact us if you have the skills and passion for this position at the cutting edge of AI security. diff --git a/jobs/imported/rippling/rippling-d-wave-quantum-f5a3a12c-53c9-49c0-860a-7bcc7608b1a7-fedramp-program-lead.md b/jobs/imported/rippling/rippling-d-wave-quantum-f5a3a12c-53c9-49c0-860a-7bcc7608b1a7-fedramp-program-lead.md new file mode 100644 index 0000000..d12e33b --- /dev/null +++ b/jobs/imported/rippling/rippling-d-wave-quantum-f5a3a12c-53c9-49c0-860a-7bcc7608b1a7-fedramp-program-lead.md @@ -0,0 +1,117 @@ +--- +title: "FedRAMP Program Lead" +company: "D-Wave Quantum Inc." +slug: "rippling-d-wave-quantum-f5a3a12c-53c9-49c0-860a-7bcc7608b1a7-fedramp-program-lead" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/d-wave-quantum/jobs" +role_url: "https://ats.rippling.com/d-wave-quantum/jobs/f5a3a12c-53c9-49c0-860a-7bcc7608b1a7" +apply_url: "https://ats.rippling.com/d-wave-quantum/jobs/f5a3a12c-53c9-49c0-860a-7bcc7608b1a7" +posted_date: "2026-03-11" +expires_date: "2026-04-10" +location: "Boca Raton, FL | Remote (United States)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "CMMC" +languages: + - "Rust" +compensation: "$122,000 - $184,000" +summary: "D-Wave (NYSE: QBTS) , D-Wave is a leader in the development and delivery of quantum computing systems, software, and services. We are the world’s first commercial supplier of..." +--- + +D-Wave (NYSE: QBTS) , D-Wave is a leader in the development and delivery of quantum computing systems, software, and services. We are the world’s first commercial supplier of quantum computers, and the only company building both annealing and gate-model quantum computers. Our mission is to help customers realize the value of quantum, today. Our quantum computers — the world’s largest — feature QPUs with sub-second response times and can be deployed on-premises or accessed through our quantum cloud service, which offers 99.9% availability and uptime. More than 100 organizations trust D-Wave with their toughest computational challenges. With over 200 million problems submitted to our quantum systems to date, our customers apply our technology to address use cases spanning optimization, artificial intelligence, research and more. Learn more about realizing the value of quantum computing today and how we’re shaping the quantum-driven industrial and societal advancements of tomorrow: www.dwavequantum.com (http://www.dwavequantum.com) . + +You can read more about our company and our innovations in the pages of The Wall Street Journal, Time Magazine, Fast Company, MIT Technology Review, Forbes, Inc. Magazine, Wired and across many whitepapers. + +At D-Wave, we’re helping customers realize the value of quantum computing today and are shaping the quantum-driven industrial and societal advancements of tomorrow. + +About the role + +We are seeking a knowledgeable and experienced FedRAMP Program Lead to lead and manage our Federal Risk and Authorization Management Program (FedRAMP) initiative. The successful candidate will oversee all aspects of FedRAMP compliance, ensuring our cloud services meet and maintain authorization requirements for operation within U.S. federal agencies. + +This is a highly visible role critical to enabling U.S. government adoption of next-generation quantum technologies. + +What you'll do + +- Lead and coordinate FedRAMP authorization and continuous monitoring efforts across cross-functional teams (security, engineering, product, legal). + +- Develop and manage FedRAMP project plans, schedules, and deliverables. + +- Serve as the point of contact with FedRAMP consultants and government agencies + +- Ensure adherence to NIST 800-53 controls and FedRAMP documentation requirements. + +- Work with the FedRAMP consultant to prepare, review, and submit System Security Plans (SSPs), POA&Ms, SARs, and other required documentation. + +- Coordinate penetration testing, security assessments, and audits. + +- Manage remediation plans, track POA&M items, and ensure timely resolution of findings. + +- Educate stakeholders on FedRAMP requirements and promote a compliance-first culture. + +- Establish support and operations team to meet FedRAMP regulations + +- Maintain up-to-date knowledge of FedRAMP updates and federal security regulations. + +- Serve as the internal expert for FedRAMP, FISMA, and federal cloud compliance. + +- Support adjacent compliance efforts (SOC 2, ISO 27001, CMMC, ITAR/EAR as applicable). + +About You + +- 6+ years of related professional experience in IT compliance, cybersecurity, and program management roles and a bachelor’s degree, or 8+ years of practical experience in IT compliance, cybersecurity, and program management roles + +- 3+ years Federal Compliance Subject Matter Expertise: Proven track record of leading FedRAMP authorizations from end-to-end, including direct experience with DoD SRG (IL4/IL5) requirements, 3PAO audits, and the full lifecycle of Continuous Monitoring (ConMon) activities. + +- Strong understanding of FedRAMP requirements, NIST 800-53, FISMA, and government security frameworks. + +- Proven experience working with federal agencies + +- Must currently have or be able to get a US Government Secret or higher-level security clearance + +Desired Qualifications: + +- FedRAMP experience with both Agency ATO and JAB P-ATO processes. + +- Certifications such as CAP, CISSP, PMP, or CISA. + +- Experience working with 3PAOs, the FedRAMP PMO, and federal customers. + +- Familiarity with cloud platforms (e.g., AWS) and their FedRAMP offerings. + +A D-Waver's DNA + +- We look at the future and say “why not”; we see possibilities where others see problems or routines. We show the way ahead and are committed to achieving ambitious goals. +- We practice straight talk and listen generously to each other with empathy. We value different opinions and points of views. We ensure that we connect outside as well as inside to learn from others and inspire each other. +- We hold ourselves accountable for delivering results. We make decisions & take responsibility so that we can act & support each other. +- As leaders we motivate & engage our teams to undertake beyond what they originally thought possible, by developing our teams & creating the conditions for people to grow and empower themselves through enabling & coaching. + +Our Compensation Philosophy is Simple but Powerful: + +We believe providing D-Wavers with company ownership, competitive pay, and a range of meaningful benefits is the start of creating a culture where people want to give the best they’ve got — not because they’re simply making money, but because they’ve fallen in love with our vision, mission, values, and team. + +During the interview process, your Recruiter will review our total rewards (base, equity, bonus, perks, benefit, culture) offerings. The final offer is determined by your proficiencies within this level. + +Inclusion: + +We celebrate diverse perspectives to drive innovation in our pursuit. Our employees range from distinguished domain experts with decades of experience in their respective fields, to bright and motivated graduates eager to make their mark. Our diverse and innovative team will make you feel appreciated, supported and empower your career growth at D-Wave. + +The Fine Print: + +No 3rd party candidates will be accepted + +It is D-Wave Systems Inc. policy to provide equal employment opportunity (EEO) to all persons regardless of race, color, religion, sex, national origin, age, sexual orientation, gender identity, genetic information, physical or mental disability, protected veteran status, or any other characteristic protected by federal, state/provincial, local law. diff --git a/jobs/imported/rippling/rippling-mozn-ai-adfc5e29-09bf-4a51-8ac8-a4b55b716bda-senior-cybersecurity-grc-specialist.md b/jobs/imported/rippling/rippling-mozn-ai-adfc5e29-09bf-4a51-8ac8-a4b55b716bda-senior-cybersecurity-grc-specialist.md new file mode 100644 index 0000000..086a5e5 --- /dev/null +++ b/jobs/imported/rippling/rippling-mozn-ai-adfc5e29-09bf-4a51-8ac8-a4b55b716bda-senior-cybersecurity-grc-specialist.md @@ -0,0 +1,77 @@ +--- +title: "Senior Cybersecurity GRC Specialist " +company: "MOZN ARTIFICIAL INTELLIGENCE SYSTEMS LLC" +slug: "rippling-mozn-ai-adfc5e29-09bf-4a51-8ac8-a4b55b716bda-senior-cybersecurity-grc-specialist" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/mozn-ai/jobs" +role_url: "https://ats.rippling.com/mozn-ai/jobs/adfc5e29-09bf-4a51-8ac8-a4b55b716bda" +apply_url: "https://ats.rippling.com/mozn-ai/jobs/adfc5e29-09bf-4a51-8ac8-a4b55b716bda" +posted_date: "2025-10-08" +expires_date: "2025-11-07" +location: "Riyadh, Saudi Arabia" +work_modes: + - "Hybrid / On-site" +job_types: + - "FT Perm" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "ISO 27001" + - "GDPR" +languages: + - "Rust" +compensation: "" +summary: "About Mozn MOZN is a leading Enterprise AI company enabling organizations to make informed decisions in two critical domains: Financial Crime Prevention and Enterprise Knowledge..." +--- + +About Mozn + +MOZN is a leading Enterprise AI company enabling organizations to make informed decisions in two critical domains: Financial Crime Prevention and Enterprise Knowledge Intelligence. We’re a diverse, collaborative team of innovators united by a shared purpose: to build AI that delivers tangible business value, builds trust, and empowers people and organizations with augmented intelligence. Our culture is built on the relentless pursuit of excellence and meaningful impact. If you’re passionate about working alongside exceptional talent on world-class AI, and you want the autonomy and runway to do the best work of your career, join us in shaping the future of intelligent enterprises. + +About the role + +We are seeking a highly skilled and motivated Cybersecurity GRC Specialist to join our Governance, Risk, and Compliance (GRC) team. This role is pivotal in ensuring our cybersecurity practices align with both Saudi regulatory frameworks and international standards. The ideal candidate will possess hands-on experience in conducting risk assessments, demonstrate expertise in compliance, and have a solid understanding of cloud environments and their associated risks. + +Please note: In line with the Saudization (Nitaqat) initiative, this role is open to Saudi nationals only. + +What you'll do + +- Conduct comprehensive cybersecurity risk assessments across business units and IT systems. +- Ensure compliance with Saudi regulatory frameworks including NCA ECC, SAMA CSF, and PDPL. +- Support audits and assessments related to regulatory and international standards. +- Develop, review, and update cybersecurity policies, procedures, and control mappings. +- Collaborate with internal stakeholders to ensure effective implementation and monitoring of security controls. +- Assist in implementing data privacy controls and breach notification procedures in line with PDPL and GDPR. +- Track and manage risk treatment plans, exceptions, and compliance gaps using GRC platforms. +- Evaluate and monitor security controls in cloud environments to ensure compliance and risk mitigation. +- Stay informed on AI technologies and assess their impact on cybersecurity posture, including risks related to data leakage, model integrity, and regulatory compliance. + +Qualifications + +- Bachelor’s degree in Information Security, Computer Science, or a related field. +- 3–5 years of experience in cybersecurity risk management, compliance, or audit. +- Strong knowledge of NCA ECC, SAMA CSF, PDPL, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and GDPR. +- Relevant certifications such as ISO 27001 Lead Auditor, CISA, CISM, CIPM, or CRISC are preferred. +- Proficiency in English is required for documentation, communication, and collaboration across teams. +- Understanding of cloud environments and related security and compliance considerations is essential. +- Awareness of AI technologies and their associated risks + +Preferred Attributes + +- Strong analytical and problem-solving skills. +- Excellent communication and documentation abilities. +- Ability to work independently and collaboratively in a fast-paced environment. + +Benefits + +- You will be at the forefront of an exciting time for the Middle East, joining a high-growth rocket-ship in an exciting space. +- You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a function are given the freedom to do what they think is best. +- The fundamentals will be taken care of: competitive compensation, top-tier health insurance, and an enabling culture so that you can focus on what you do best +- You will enjoy a fun and dynamic workplace working alongside some of the greatest minds in AI. +- We believe strength lies in difference, embracing all for who they are and empowered to be the best version of themselves diff --git a/jobs/imported/rippling/rippling-nesto-442fafec-c2fe-4c1d-8695-5a81d359e176-senior-security-analyst-grc-audit.md b/jobs/imported/rippling/rippling-nesto-442fafec-c2fe-4c1d-8695-5a81d359e176-senior-security-analyst-grc-audit.md new file mode 100644 index 0000000..eb6ba58 --- /dev/null +++ b/jobs/imported/rippling/rippling-nesto-442fafec-c2fe-4c1d-8695-5a81d359e176-senior-security-analyst-grc-audit.md @@ -0,0 +1,88 @@ +--- +title: "Senior Security Analyst GRC (Audit)" +company: "nesto" +slug: "rippling-nesto-442fafec-c2fe-4c1d-8695-5a81d359e176-senior-security-analyst-grc-audit" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/nesto/jobs" +role_url: "https://ats.rippling.com/nesto/jobs/442fafec-c2fe-4c1d-8695-5a81d359e176" +apply_url: "https://ats.rippling.com/nesto/jobs/442fafec-c2fe-4c1d-8695-5a81d359e176" +posted_date: "2026-02-05" +expires_date: "2026-03-07" +location: "Remote (Canada)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Security Operations" +frameworks: + - "SOC 2" + - "ISO 27001" +languages: + - "Python" + - "SQL" + - "Bash" + - "PowerShell" + - "Rust" +compensation: "" +summary: "Join nesto — proudly named Canadian Rocketship 2025*. A Deloitte Fast 50 company evolving alongside Canada’s top tech innovators and disrupting a 2.1 Trillion-dollar mortgage..." +--- + +Join nesto — proudly named Canadian Rocketship 2025*. A Deloitte Fast 50 company evolving alongside Canada’s top tech innovators and disrupting a 2.1 Trillion-dollar mortgage industry at light speed by building the mortgage ecosystem of the future. + +BUILD lending technology with the best developers, AI engineers, and mortgage experts in the country. Work on a modern tech stack and a development framework designed to unlock your full potential and accelerate your career. + +### Why join us + +- Hypergrowth: Deloitte Fast 50 — 3 years in a row +- Tech community credibility: TechTO Canadian Rocketship 2025* +- Industry leadership: CLA Lending Company of the Year — 4 consecutive years +- Talent magnet: CMP Top Mortgage Employer 2025 +- Trusted technology: powering major financial institutions across Canada +- An entrepreneurial culture built on trust, speed, uncomfortable ambition, being stronger together, and a relentless obsession with our clients. + +About the team + +We’re looking for a Senior Security GRC Analyst reporting to the GRC manager. This role is ideal for someone who enjoys operational excellence, audit leadership, and building scalable compliance practices in a cloud-first company. + +What you'll be doing + +- Own day-to-day and strategic operation of the compliance automation platform (Vanta), including integrations, control mappings, evidence hygiene, and continuous monitoring +- Automate evidence collection and reporting workflows using scripts/APIs where applicable +- Lead external audits end-to-end for SOC 2, SOC 1, ISO 27001 and future certifications (ISO 27017, ISO 27018) +- Coordinate audit timelines, control walkthroughs, evidence requests, and stakeholder follow-ups +- Ensure policies, standards, and processes are written in a clear, actionable, audit-ready format and remain aligned with real practices +- Build and operate an internal audit and internal control self-assessment program (testing methodology, sampling, reporting, corrective actions) +- Track audit findings and remediation plans, ensuring timely closure and clear accountability +- Improve audit efficiency and reduce operational burden through repeatable frameworks and automation + +Who we are looking for + +- 5–8 years of experience in Security GRC, IT audit, internal audit, security compliance, or risk assurance +- Strong hands-on experience leading audits and certifications (SOC 2, SOC 1, ISO 27001); ISO 27017 / ISO 27018 experience is a plus +- Proven ability to build or mature internal audit / internal controls practices +- Strong experience with compliance automation tools (Vanta, Drata, Anecdotes, Tugboat Logic) +- Excellent ability to write and maintain policies, standards, and processes that teams can follow +- Strong organizational skills and attention to detail +- Strong stakeholder management skills and ability to drive remediation to closure +- Scripting/automation experience (Python, PowerShell, Bash, APIs, SQL) is a strong plus +- English is required for writing and documentation. French speaking and reading is a strong plus. + +### The Reward + +- The A-Team: Work alongside high-performing talent in the industry. +- Accelerated Growth: The slope of your learning curve here will be vertical. You will touch more production systems in one year than you would in five years at a bank. +- Top-Tier Coverage: Premium benefits plan fully paid by nesto, including comprehensive insurance and unlimited access to telemedicine and mental health services for you and your family. +- Rest & Recharge: 4 weeks of vacation to ensure you stay at peak performance. +- Best-in-Class Tools: Access to the resources and tech you need to execute without friction. +- Working framework: The environment that makes you productive and enables teamwork (Hybrid model). + +### Diversity and Inclusion + +At nesto, we believe that creativity and collaboration are the result of a diverse team. We are committed to fostering a culture of diversity, equity, inclusion, and belonging, and we strongly encourage women, people of color, LGBTQIA+ individuals, and individuals with disabilities to apply. We are committed to creating a workplace that is inclusive and welcoming to all. diff --git a/jobs/imported/rippling/rippling-nesto-583e9db5-ff9f-46af-bcc4-4beb43cdd3bd-analyste-s-curit-s-nior-grc-audit.md b/jobs/imported/rippling/rippling-nesto-583e9db5-ff9f-46af-bcc4-4beb43cdd3bd-analyste-s-curit-s-nior-grc-audit.md new file mode 100644 index 0000000..cc36989 --- /dev/null +++ b/jobs/imported/rippling/rippling-nesto-583e9db5-ff9f-46af-bcc4-4beb43cdd3bd-analyste-s-curit-s-nior-grc-audit.md @@ -0,0 +1,91 @@ +--- +title: "Analyste sécurité sénior GRC (Audit)" +company: "nesto" +slug: "rippling-nesto-583e9db5-ff9f-46af-bcc4-4beb43cdd3bd-analyste-s-curit-s-nior-grc-audit" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/nesto/jobs" +role_url: "https://ats.rippling.com/nesto/jobs/583e9db5-ff9f-46af-bcc4-4beb43cdd3bd" +apply_url: "https://ats.rippling.com/nesto/jobs/583e9db5-ff9f-46af-bcc4-4beb43cdd3bd" +posted_date: "2026-02-17" +expires_date: "2026-03-19" +location: "Remote (Canada)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Audit & Assurance" + - "Security Operations" +frameworks: + - "SOC 2" + - "ISO 27001" +languages: + - "Python" + - "SQL" + - "Bash" + - "PowerShell" +compensation: "" +summary: "Notre mission est d’offrir une expérience de financement hypothécaire positive, et transparente, simplifiée du début à la fin. Notre équipe se compose d'experts en technologie..." +--- + +Notre mission est d’offrir une expérience de financement hypothécaire positive, et transparente, simplifiée du début à la fin. Notre équipe se compose d'experts en technologie qualifiés, de spécialistes en prêts hypothécaires attentionnés et d'une équipe de marketing diversifiée, travaillant tous ensemble pour mener le changement dans l'industrie hypothécaire. + +Chez nesto, nous sommes fiers de + +- Nos clients apprécient notre expérience positive, transparente et simplifiée en matière de financement hypothécaire. +- Nos avis 4,5 étoiles sur Google parlent d'eux-mêmes ! +- Nous avons remporté le prix CLA du prêteur hypothécaire de l’année 2023 et 2024, qui reconnaît notre excellence en matière de services de prêt. +- Nous sommes une organisation certifiée B Corp, soulignant notre engagement à avoir un impact positif sur notre société et notre planète. +- Notre équipe hautement qualifiée, diversifiée et collaborative, qui rend tout possible. +- Notre plateforme Mortgage Cloud qui offre aux institutions financières un accès complet à la technologie exclusive de nesto, améliorant ainsi l’expérience du client, du début à la fin. + +## À propos du rôle + +Nous recherchons un.e Analyste principal.e sécurité GRC , relevant du gestionnaire GRC. Ce rôle est idéal pour une personne qui aime l’excellence opérationnelle, le leadership en audit et la mise en place de pratiques de conformité moderne dans un environnement infonuagique. + +Ce que vous ferez + +- Assurer l’exploitation quotidienne et stratégique de la plateforme d’automatisation de conformité (Vanta), incluant les intégrations, la cartographie des contrôles, l’hygiène des évidences et le suivi continu +- Automatiser la collecte d’évidences et l'intégration via scripts/APIs +- Organiser et diriger les audits externes de bout en bout (SOC 2, SOC 1, ISO 27001), et soutenir les certifications futures (ISO 27017, ISO 27018) +- Coordonner les échéanciers d’audit, les ateliers de contrôles, les demandes de preuves et le suivi des parties prenantes +- Assurer que les politiques, normes et processus soient clairs, applicables, prêts pour les audits et alignés avec les meilleures pratiques +- Mettre en place et opérer un programme d’audit interne et d’autoévaluation des contrôles (méthodologie de tests, échantillonnage, rapports, actions correctives) +- Suivre les constats d’audit et les plans de remédiation, en assurant une fermeture rapide et une responsabilité claire +- Améliorer l’efficacité des audits et réduire la charge opérationnelle via des cadres reproductibles et l’automatisation + +Qui nous recherchons + +- 5 à 8 ans d’expérience en sécurité technique GRC, audit TI, audit interne, conformité sécurité ou assurance des risques +- Expérience solide dans la gestion d’audits et de certifications (SOC 2, SOC 1, ISO 27001); expérience ISO 27017 / ISO 27018 est un atout +- Expérience démontrée dans la mise en place ou l’évolution d’une capacité d’audit interne / contrôles internes +- Expérience avec des outils d’automatisation de conformité (Vanta, Drata, Anecdotes, Tugboat Logic) +- Excellente capacité à rédiger et maintenir des politiques, normes et processus que les équipes peuvent réellement appliquer +- Excellentes compétences organisationnelles et souci du détail +- Capacité à collaborer et à assurer la fermeture des remédiations avec plusieurs équipes +- Expérience en scripting/automatisation (Python, PowerShell, Bash, APIs, SQL) est un atout important +- L’anglais est requis pour la rédaction et la documentation. Le français parlé et lu est un atout important. + +Ce que nous offrons + +- Programme hypothécaire pour les employés : taux préférentiels exclusifs. +- Couverture santé complète : couverture étendue de premier ordre (santé, dentaire, vision) avec couverture des médicaments à 100 %. +- Accès à un régime d'épargne-retraite collectif REER/RPDB avec des contributions de contrepartie compétitives de l'entreprise. +- Télémédecine et soutien familial (programmes de complément pour les congés de maternité/parentaux). +- Lieu de travail flexible : entièrement à distance ou dans l'un de nos bureaux (Montréal, Québec, Toronto, etc.). + +Pourquoi nous rejoindre + +- Contribuez à moderniser l'industrie hypothécaire canadienne. +- Entreprise certifiée B Corp, soulignant notre engagement social et environnemental. +- Nous avons remporté le prix CLA du prêteur hypothécaire de l’année 2023, 2024 et 2025, qui reconnaît notre excellence en matière de services de prêt. + +Diversité et Inclusion + +Chez nesto, nous croyons que la créativité et la collaboration sont le résultat d'une équipe diversifiée. Nous sommes engagés à favoriser une culture de la diversité, de l'équité, de l'inclusion et de l'appartenance, et nous encourageons fortement les femmes, les personnes de couleur, les membres de la communauté LGBTQIA+ et les personnes en situation de handicap à postuler. Nous nous engageons à créer un environnement de travail inclusif et accueillant pour tous. Ce poste est ouvert à tous les candidats et candidates et peut être occupé à distance depuis n'importe où au Canada. + +#nestoposition diff --git a/jobs/imported/rippling/rippling-nesto-7966103b-3609-42fa-8e7d-e99c5735d392-senior-security-grc-analyst-risk-management-tprm-and-resilience.md b/jobs/imported/rippling/rippling-nesto-7966103b-3609-42fa-8e7d-e99c5735d392-senior-security-grc-analyst-risk-management-tprm-and-resilience.md new file mode 100644 index 0000000..0cb8551 --- /dev/null +++ b/jobs/imported/rippling/rippling-nesto-7966103b-3609-42fa-8e7d-e99c5735d392-senior-security-grc-analyst-risk-management-tprm-and-resilience.md @@ -0,0 +1,99 @@ +--- +title: "Senior Security GRC Analyst — Risk Management, TPRM & Resilience" +company: "nesto" +slug: "rippling-nesto-7966103b-3609-42fa-8e7d-e99c5735d392-senior-security-grc-analyst-risk-management-tprm-and-resilience" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/nesto/jobs" +role_url: "https://ats.rippling.com/nesto/jobs/7966103b-3609-42fa-8e7d-e99c5735d392" +apply_url: "https://ats.rippling.com/nesto/jobs/7966103b-3609-42fa-8e7d-e99c5735d392" +posted_date: "2026-02-09" +expires_date: "2026-03-11" +location: "Remote (Canada)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: [] +languages: + - "Python" + - "SQL" + - "Bash" + - "PowerShell" + - "Rust" +compensation: "" +summary: "Join nesto — proudly named Canadian Rocketship 2025*. A Deloitte Fast 50 company evolving alongside Canada’s top tech innovators and disrupting a 2.1 Trillion-dollar mortgage..." +--- + +Join nesto — proudly named Canadian Rocketship 2025*. A Deloitte Fast 50 company evolving alongside Canada’s top tech innovators and disrupting a 2.1 Trillion-dollar mortgage industry at light speed by building the mortgage ecosystem of the future. + +BUILD lending technology with the best developers, AI engineers, and mortgage experts in the country. Work on a modern tech stack and a development framework designed to unlock your full potential and accelerate your career. + +### Why join us + +- Hypergrowth: Deloitte Fast 50 — 3 years in a row +- Tech community credibility: TechTO Canadian Rocketship 2025* +- Industry leadership: CLA Lending Company of the Year — 4 consecutive years +- Talent magnet: CMP Top Mortgage Employer 2025 +- Trusted technology: powering major financial institutions across Canada +- An entrepreneurial culture built on trust, speed, uncomfortable ambition, being stronger together, and a relentless obsession with our clients. + +## About the team + +We’re looking for a driven and passionate Senior Security GRC Analyst , reporting to the GRC manager. This role will focus on security risk management, third-party risk assurance, and resilience practices, ensuring risks are actively managed and mitigated in a cloud-first environment. + +## What you'll be doing + +- Own and operate the security risk management lifecycle: identification, assessment, treatment, acceptance, tracking, and closure +- Maintain and continuously improve risk registers, issues tracking, control gaps, audit findings, and remediation plans with strong governance +- Partner with Engineering, Product, IT, Legal, Risk, Security and Operations teams to define realistic risk treatments that support business delivery +- Propose and drive cloud-native mitigation strategies (preventive, detective, corrective, compensating controls) aligned with best practices and business context +- Build and mature Business Continuity and Disaster Recovery (BCP/DR) capabilities: +- define recovery objectives (RTO/RPO) with stakeholders +- support DR planning and documentation +- coordinate DR testing and tabletop exercises +- track improvements and lessons learned + +- Develop and operate a structured Third-Party Risk Management (TPRM) program: +- security questionnaires for RFPs and tier-1 strategic partners +- vendor risk tiering and ongoing monitoring +- risk-based security requirements and follow-ups + +- Conduct deep-dive third-party security reviews (architecture, data flows, access models, maturity, incident history, compliance posture) +- Clearly assess and communicate third-party risk (inherent risk, residual risk, key gaps, recommended mitigations) to enable business decisions +- Recommend and drive technical and procedural controls to reduce third-party risks (security requirements, contractual safeguards, monitoring expectations, access constraints, encryption/logging requirements) +- Produce clear reporting for leadership on risk posture, remediation progress, and key risk indicators + +## Who we are looking for + +- 5–10 years of experience in Security GRC, risk management, IT audit, internal audit, compliance, or risk assurance +- Strong experience operating a risk register and driving remediation across multiple teams +- Strong experience with Third-Party Risk Management (TPRM), including deep vendor reviews and RFP security questionnaires +- Ability to evaluate risk in context (business criticality, data sensitivity, integration scope) and propose pragmatic mitigation strategies +- Experience supporting or leading Business Continuity / Disaster Recovery planning and testing is a strong plus +- Strong understanding of cloud security and cloud-first controls (GCP) +- Strong stakeholder management skills and ability to influence in a collaborative way +- Strong ability to write clear, structured, and practical documentation and risk assessments +- Strong organization skills and attention to detail +- Scripting or automation experience (Python, PowerShell, Bash, APIs, SQL) is a strong plus +- English is required for writing and documentation. French speaking and reading is a strong plus. + +### The Reward + +- The A-Team: Work alongside high-performing talent in the industry. +- Accelerated Growth: The slope of your learning curve here will be vertical. You will touch more production systems in one year than you would in five years at a bank. +- Top-Tier Coverage: Premium benefits plan fully paid by nesto, including comprehensive insurance and unlimited access to telemedicine and mental health services for you and your family. +- Rest & Recharge: 4 weeks of vacation to ensure you stay at peak performance. +- Best-in-Class Tools: Access to the resources and tech you need to execute without friction. +- Working framework: The environment that makes you productive and enables teamwork (Hybrid model). + +### Diversity and Inclusion + +At nesto, we believe that creativity and collaboration are the result of a diverse team. We are committed to fostering a culture of diversity, equity, inclusion, and belonging, and we strongly encourage women, people of color, LGBTQIA+ individuals, and individuals with disabilities to apply. We are committed to creating a workplace that is inclusive and welcoming to all. diff --git a/jobs/imported/rippling/rippling-nesto-8b9e0106-3903-4d29-8f45-efc8a35fa8f7-analyste-principal-e-s-curit-grc-gestion-des-risques-tprm-and-r-sili.md b/jobs/imported/rippling/rippling-nesto-8b9e0106-3903-4d29-8f45-efc8a35fa8f7-analyste-principal-e-s-curit-grc-gestion-des-risques-tprm-and-r-sili.md new file mode 100644 index 0000000..597bb18 --- /dev/null +++ b/jobs/imported/rippling/rippling-nesto-8b9e0106-3903-4d29-8f45-efc8a35fa8f7-analyste-principal-e-s-curit-grc-gestion-des-risques-tprm-and-r-sili.md @@ -0,0 +1,98 @@ +--- +title: "Analyste principal.e sécurité GRC — Gestion des risques, TPRM & résilience" +company: "nesto" +slug: "rippling-nesto-8b9e0106-3903-4d29-8f45-efc8a35fa8f7-analyste-principal-e-s-curit-grc-gestion-des-risques-tprm-and-r-sili" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/nesto/jobs" +role_url: "https://ats.rippling.com/nesto/jobs/8b9e0106-3903-4d29-8f45-efc8a35fa8f7" +apply_url: "https://ats.rippling.com/nesto/jobs/8b9e0106-3903-4d29-8f45-efc8a35fa8f7" +posted_date: "2026-02-09" +expires_date: "2026-03-11" +location: "Remote (Canada)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Audit & Assurance" + - "Cloud Security" + - "Security Operations" +frameworks: [] +languages: + - "Python" + - "SQL" + - "Bash" + - "PowerShell" +compensation: "" +summary: "Notre mission est d’offrir une expérience de financement hypothécaire positive, et transparente, simplifiée du début à la fin. Notre équipe se compose d'experts en technologie..." +--- + +Notre mission est d’offrir une expérience de financement hypothécaire positive, et transparente, simplifiée du début à la fin. Notre équipe se compose d'experts en technologie qualifiés, de spécialistes en prêts hypothécaires attentionnés et d'une équipe de marketing diversifiée, travaillant tous ensemble pour mener le changement dans l'industrie hypothécaire. + +Chez nesto, nous sommes fiers de + +- Nos clients apprécient notre expérience positive, transparente et simplifiée en matière de financement hypothécaire. +- Nos avis 4,5 étoiles sur Google parlent d'eux-mêmes ! +- Nous avons remporté le prix CLA du prêteur hypothécaire de l’année 2023 et 2024, qui reconnaît notre excellence en matière de services de prêt. +- Nous sommes une organisation certifiée B Corp, soulignant notre engagement à avoir un impact positif sur notre société et notre planète. +- Notre équipe hautement qualifiée, diversifiée et collaborative, qui rend tout possible. +- Notre plateforme Mortgage Cloud qui offre aux institutions financières un accès complet à la technologie exclusive de nesto, améliorant ainsi l’expérience du client, du début à la fin. + +## À propos de l’équipe + +Nous sommes à la recherche d’un.e Analyste principal.e sécurité GRC , motivé.e et passionné.e, relevant du gestionnaire GRC. Ce rôle se concentrera sur la gestion des risques de sécurité, l’assurance liée aux risques fournisseurs (TPRM) et les pratiques de résilience, afin de s’assurer que les risques sont activement gérés et réduits dans un environnement infonuagique (cloud-first) . + +## Ce que vous accomplirez dans ce rôle : + +- Prendre en charge et opérer le cycle de vie complet de la gestion des risques de sécurité : identification, évaluation, traitement, acceptation, suivi et résolution +- Maintenir et améliorer en continu le registre des risques, le suivi des enjeux, les écarts de contrôles, les constats d’audit et les plans de remédiation, avec une gouvernance structurée et un suivi rigoureux +- Collaborer avec les équipes Ingénierie, Produit, TI, Juridique, Risques, Sécurité et Opérations afin de définir une gestion des risques réalistes qui soutiennent la livraison et les objectifs d’affaires +- Proposer et faire avancer des stratégies de mitigation ingénieuse incluant des contrôles préventifs, détectifs, correctives et compensatoires, alignés sur les meilleures pratiques et le contexte opérationnel +- Développer et faire évoluer les capacités de continuité des affaires et de reprise après sinistre (BC/DR) : +- définir les objectifs de reprise (RTO/RPO) avec les parties prenantes +- soutenir la planification et la documentation BC/DR +- coordonner les tests de reprise et les exercices “tabletop” +- assurer le suivi des améliorations et des leçons apprises + +- Développer et opérer un programme structuré de gestion des risques fournisseurs (TPRM) : +- questionnaires de sécurité pour les RFP et partenaires stratégiques +- classification des fournisseurs selon le risque et suivi continu +- exigences de sécurité basées sur le risque et suivis appropriés. + +- Réaliser des revues approfondies de sécurité des fournisseurs (architecture, flux de données, modèles d’accès, maturité, historique d’incidents, posture de conformité) +- Évaluer et communiquer clairement le risque lié aux tiers (risque inhérent, risque résiduel, écarts clés, mitigations recommandées) afin de soutenir la prise de décision +- Recommander et faire avancer des contrôles techniques et procéduraux pour réduire les risques tiers (exigences de sécurité, clauses contractuelles, attentes de surveillance, contraintes d’accès, exigences de chiffrement et de journalisation) +- Produire des rapports clairs pour la direction sur la posture de risque, l’avancement des remédiations et les indicateurs clés de risques + +## Profil recherché : + +- 5 à 10 ans d’expérience en sécurité GRC, gestion des risques, audit TI, audit interne, conformité ou assurance des risques +- Expérience solide dans l’exploitation d’un registre des risques et la fermeture de remédiations avec plusieurs équipes +- Expérience forte en gestion des risques fournisseurs (TPRM), incluant revues approfondies et questionnaires de sécurité pour RFP +- Capacité à évaluer les risques dans leur contexte (criticité d’affaires, sensibilité des données, niveau d’intégration) et à proposer des mitigations pragmatiques +- Expérience en continuité des affaires / reprise après sinistre (BC/DR) et tests est un atout important +- Bonne compréhension de la sécurité infonuagique et des contrôles cloud-first (GCP) +- Excellente capacité à gérer les parties prenantes et à influencer de manière collaborative +- Excellente capacité à rédiger de la documentation et des évaluations de risques claires, structurées et pragmatiques +- Excellentes compétences organisationnelles et souci du détail +- Expérience en scripting ou automatisation (Python, PowerShell, Bash, APIs, SQL) est un atout important + +*L’anglais est requis pour la rédaction et la documentation. Le français parlé et lu est un atout important. + +## Nous vous offrons + +- Contribuez directement à façonner l’expérience qui modernise le secteur hypothécaire canadien +- Évoluez grâce aux multiples opportunités de croissance au sein de l’entreprise +- Profitez du programme hypothécaire de nesto qui offre à nos employé(e)s des taux exclusifs et préférentiels +- Bénéficiez d'une politique généreuse en matière de congés, incluant 4 semaines de vacances par année +- Disposez d'un plan d’avantages sociaux de premier ordre entièrement payé par nesto, comprenant un plan d'assurance complet et un accès illimité à un service de télé-médecine et de santé mentale pour vous et votre famille. +- Accédez à un budget annuel consacré à la santé et au bien-être. +- Saisissez la possibilité de travailler dans un mode hybride. Nous avons de magnifiques bureaux situés au centre-ville de Montréal (métro Peel) et nos espaces sont ouverts aux chiens! + +Diversité et inclusion + +Chez nesto, nous croyons fermement que la créativité et la collaboration sont le fruit de la diversité. Nous sommes engagés à favoriser, à cultiver et à préserver une culture de diversité, d’équité, d’inclusion et d’appartenance, et sommes fiers d’assurer des pratiques impartiales et inclusives pour accéder à l’emploi et à la croissance professionnelle. Tous les candidats qualifiés seront pris en considération sans égard à leur âge, leur couleur, leur handicap, leur origine ethnique, l’état familial ou matrimonial, l’identité ou l’expression de genre, leur langue, leur capacité physique et mentale, leur affiliation politique, leur religion, leur orientation sexuelle, leur situation sociale, leur statut de vétéran et toutes autres caractéristiques qui rendent nos employés uniques. diff --git a/jobs/imported/rippling/rippling-saliense-087fce94-63a0-4cf4-bf34-1fa35764cb99-grc-engineer.md b/jobs/imported/rippling/rippling-saliense-087fce94-63a0-4cf4-bf34-1fa35764cb99-grc-engineer.md new file mode 100644 index 0000000..5a1860d --- /dev/null +++ b/jobs/imported/rippling/rippling-saliense-087fce94-63a0-4cf4-bf34-1fa35764cb99-grc-engineer.md @@ -0,0 +1,76 @@ +--- +title: "GRC Engineer" +company: "Saliense Consulting LLC" +slug: "rippling-saliense-087fce94-63a0-4cf4-bf34-1fa35764cb99-grc-engineer" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/saliense/jobs" +role_url: "https://ats.rippling.com/saliense/jobs/087fce94-63a0-4cf4-bf34-1fa35764cb99" +apply_url: "https://ats.rippling.com/saliense/jobs/087fce94-63a0-4cf4-bf34-1fa35764cb99" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "McLean, VA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "NIST RMF" +languages: [] +compensation: "" +summary: "About Saliense At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and..." +--- + +About Saliense + +At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including: + +- 20 Days PTO + 40 Hours of Paid Sick & Safe Time +- 11 Federal Holidays + 2 Corporate Holidays +- Health, Vision, Dental, and Life Insurance +- 401(k) with Tiered Match & 100% Vesting +- Parental Leave for Birthing and Non-Birthing Parents +- Professional Development Reimbursement Program + +We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com (http://www.saliense.com/) to learn more. + +There are many more - connect with us to get a preview of the full benefits package. + +About the role + +The GRC Engineer supports the implementation, operation, and modernization of the organization’s Governance, Risk, and Compliance (GRC) platform. This role works closely with the GRC Lead Engineer and Innovation Team as well as development and security teams to maintain secure, compliant, and well‑documented GRC environment aligned with federal security mandates and government policies. The GRC Engineer contributes to system configuration, integrations, reporting related to RMF activities, and supports system migrations and continuous monitoring through automation, documentation, and evidence collection. + +What you'll do + +- Install, configure, operate, and maintain GRC systems across production and non‑production environments in accordance with approved configuration baselines and change control procedures. +- Support releases, upgrades, and patches by executing regression testing, validating configurations, and assisting with rollback strategies. +- Develop and maintain integrations between the GRC platform and enterprise tools such as asset management systems, SIEM solutions, and cloud platforms (AWS, Azure, and Google Cloud). +- Implement and maintain APIs or other automated interfaces to synchronize data between GRC systems and related enterprise security tools. +- Create and administer GRC user and service accounts, supporting RBAC implementation and least‑privilege access, and integrating with approved identity and SSO services. +- Assist in defining and enforcing data quality, synchronization, and validation rules; maintain logging and auditable evidence to support compliance, records management, and internal audits. +- Create, maintain, and update standardized documentation templates (e.g., SSPPs, POA&Ms, Risk Acceptance Requests, FISMA questionnaires) and support associated approval workflows. +- Contribute to a centralized knowledge repository by developing and maintaining runbooks, SOPs, workflow documentation, and integration guides. + +Qualifications + +- Minimum three (3)+ years of experience required in listed tasks +- Bachelor's degree + +- Experience administering and supporting GRC solutions in a federal or highly regulated environment. +- Hands‑on experience supporting system migrations or enhancements within GRC platforms, including assisting with control mappings and data transformation. +- Experience developing or supporting automated data integrations using APIs or similar mechanisms. +- Familiarity with cloud‑native security and compliance tooling across AWS, Azure, and GCP environments. +- Experience developing reports and dashboards that translate technical risk and compliance data into actionable insights for stakeholders. +- Experience supporting cybersecurity compliance activities and RMF authorization processes for federal information systems. +- Working knowledge of NIST RMF, NIST SP 800‑53 Rev. 5, and FISMA requirements. +- Experience supporting audits by maintaining accurate configurations, documentation, and evidence. +- Experience working with GRC platforms such as CSAM and/or RegScale (administration or operational support). +- Strong collaboration skills and a customer‑focused mindset. +- Background in systems engineering, security engineering, or related technical disciplines preferred. diff --git a/jobs/imported/rippling/rippling-saliense-4ce606d6-cdaa-42d3-b558-48bf61657840-grc-tool-administrator.md b/jobs/imported/rippling/rippling-saliense-4ce606d6-cdaa-42d3-b558-48bf61657840-grc-tool-administrator.md new file mode 100644 index 0000000..7de8321 --- /dev/null +++ b/jobs/imported/rippling/rippling-saliense-4ce606d6-cdaa-42d3-b558-48bf61657840-grc-tool-administrator.md @@ -0,0 +1,77 @@ +--- +title: "GRC Tool Administrator" +company: "Saliense Consulting LLC" +slug: "rippling-saliense-4ce606d6-cdaa-42d3-b558-48bf61657840-grc-tool-administrator" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/saliense/jobs" +role_url: "https://ats.rippling.com/saliense/jobs/4ce606d6-cdaa-42d3-b558-48bf61657840" +apply_url: "https://ats.rippling.com/saliense/jobs/4ce606d6-cdaa-42d3-b558-48bf61657840" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "McLean, VA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "NIST 800-53" + - "NIST RMF" +languages: [] +compensation: "" +summary: "About Saliense At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and..." +--- + +About Saliense + +At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including: + +- 20 Days PTO + 40 Hours of Paid Sick & Safe Time +- 11 Federal Holidays + 2 Corporate Holidays +- Health, Vision, Dental, and Life Insurance +- 401(k) with Tiered Match & 100% Vesting +- Parental Leave for Birthing and Non-Birthing Parents +- Professional Development Reimbursement Program + +We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com (http://www.saliense.com/) to learn more. + +There are many more - connect with us to get a preview of the full benefits package. + +About the role + +The GRC RegScale Administrator is responsible for the administration, configuration, optimization, and lifecycle support of the organization’s RegScale GRC platform. This role provides hands-on technical and functional support for Governance, Risk, and Compliance (GRC) operations, including system migrations, data integrity management, RMF workflows, integrations, and audit readiness. The Administrator serves as a key technical liaison between cybersecurity, compliance, IT operations, and system owners to ensure GRC processes are scalable, secure, and aligned with federal mandates and government policies. + +What you'll do + +- Administer, configure, and maintain the RegScale GRC platform across production, staging, and development environments. +- Support releases, upgrades, patches, regression testing, rollback planning, and post-deployment validation. +- Ensure platform health, audit logging, access controls, and configuration baselines. +- Configure and maintain RMF workflows, POA&Ms, risk acceptance, and authorization packages. +- Maintain SSPs, FISMA artifacts, and continuous monitoring documentation. +- Support ATO, reauthorization, and audit readiness activities. +- Support migrations from legacy GRC platforms, spreadsheets, or manual tracking solutions into RegScale. +- Perform data mapping, normalization, cleansing, validation, and reconciliation. +- Develop migration runbooks, cutover strategies, rollback plans, and post-migration validation. +- Coordinate migration activities with system owners, ISSOs, auditors, and vendors. +- Develop and maintain integrations with SIEM, asset management, vulnerability scanning, IAM, and cloud platforms (AWS, Azure, GCP). +- Implement APIs and automated data feeds to synchronize compliance and risk data. + +Qualifications + +- Minimum five (5) years of experience in listed tasks +- Bachelor’s degree + +- Experience administering multiple GRC platforms including RegScale and CSAM. +- Experience supporting RMF authorization, ATO, and continuous monitoring. +- Demonstrated experience supporting GRC system migrations or platform enhancements. +- Strong knowledge of NIST RMF, NIST SP 800-53 Rev. 5, and FISMA. +- Familiarity with AWS, Azure, and GCP compliance tooling. +- Experience with APIs, integrations, and compliance automation. +- Dtrong documentation, collaboration, and communication skills. diff --git a/jobs/imported/rippling/rippling-saliense-4ff3a2fe-6c4f-4f6c-8039-d6d5c6ef8334-lead-grc-engineer.md b/jobs/imported/rippling/rippling-saliense-4ff3a2fe-6c4f-4f6c-8039-d6d5c6ef8334-lead-grc-engineer.md new file mode 100644 index 0000000..5c47023 --- /dev/null +++ b/jobs/imported/rippling/rippling-saliense-4ff3a2fe-6c4f-4f6c-8039-d6d5c6ef8334-lead-grc-engineer.md @@ -0,0 +1,78 @@ +--- +title: "Lead GRC Engineer" +company: "Saliense Consulting LLC" +slug: "rippling-saliense-4ff3a2fe-6c4f-4f6c-8039-d6d5c6ef8334-lead-grc-engineer" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/saliense/jobs" +role_url: "https://ats.rippling.com/saliense/jobs/4ff3a2fe-6c4f-4f6c-8039-d6d5c6ef8334" +apply_url: "https://ats.rippling.com/saliense/jobs/4ff3a2fe-6c4f-4f6c-8039-d6d5c6ef8334" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "McLean, VA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "NIST 800-53" + - "NIST RMF" +languages: [] +compensation: "" +summary: "About Saliense At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and..." +--- + +About Saliense + +At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including: + +- 20 Days PTO + 40 Hours of Paid Sick & Safe Time +- 11 Federal Holidays + 2 Corporate Holidays +- Health, Vision, Dental, and Life Insurance +- 401(k) with Tiered Match & 100% Vesting +- Parental Leave for Birthing and Non-Birthing Parents +- Professional Development Reimbursement Program + +We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com (http://www.saliense.com/) to learn more. + +There are many more - connect with us to get a preview of the full benefits package. + +About the role + +The Lead GRC Engineer serves as the primary technical POC for our Governance, Risk, and Compliance (GRC) migration team and environment, ensuring high availability, performance, and alignment with federal security mandates and government policies and practices. This role is responsible for the full lifecycle of GRC tool deployment, configuration, operations and modernization, including environment management, release control, and the implementation of least-privilege access via SSO. The Lead GRC Engineer will both plan and manage the migration of systems from the existing GRC system to a new platform, developing automated bi-directional API integrations between them, and guiding the development and deployment of actionable custom reporting, dashboards, and user interfaces. + +What you'll do + +- Install, configure, operate, and maintain the GRC system across production and non-production environments, establishing configuration baselines and executing releases with documented change control, regression testing, and rollback strategies. +- Design and secure integrations between the GRC tool and enterprise tools including asset management, SIEM, AWS tools, and equivalent capabilities within Azure and Google Cloud. +- Design, test, and deploy APIs or automated interface means to synchronize data between GRC systems. +- Create and administer GRC user/service accounts and RBAC; implementing least-privilege access and integrate with approved identity services for SSO. +- Define and enforce data quality checks, lineage, and synchronization rules; maintain comprehensive logging and evidence to support internal audits and records management. +- Create and maintain standardized document templates (SSPPs, POA&Ms, Risk Acceptance Requests, FISMA Questionnaires, etc.) and associated workflows for drafting, review, and approval. +- Maintain a centralized, approved knowledge repository for runbooks, SOPs, workflow specifications, and integration guides to ensure content remains current with GRC tool release cycles. + +Qualifications + +- Eight (8)+ years of experience in listed tasks +- Master’s degree + +- Significant experience in the deployment, administration, and optimization of GRC solutions within a federal or highly regulated context. +- Proven track record of migrating systems and common control programs between GRC platforms, including the transformation logic for control implementation statements and inheritance configurations. +- Hands-on experience using APIs or other automated integrations to synchronize data between GRC systems and other enterprise security solutions. +- Experience leveraging cloud-native tools (AWS/Azure/GCP) to provide security, privacy, and risk insights. +- Background in designing custom reporting, dashboards, and custom user interfaces that translate technical information into actionable insights for executives and system teams. +- Hands-on experience supporting cybersecurity compliance and RMF authorization activities for information systems. Supporting implementation of the NIST Risk Management Framework (RMF) for federal information systems, including documentation, control implementation, and authorization support. +- Advanced experience leading cybersecurity risk management and authorization activities for federal information systems, lifecycle, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring. +- Knowledgeable of the Risk Management Framework NIST Special Publication 800-53 Rev5, FISMA, and its implementation through NIST and other government standards. +- Experience supporting internal reviews and audits by maintaining auditable configurations and automated evidence collection. +- Advanced experience deploying, migrating systems, and operating both CSAM and RegScale GRC solutions +- Excellent customer service mindset and reputatio n +- Prior architecture and systems engineering experience. +- Prior network, cloud system, and application development experience diff --git a/jobs/imported/rippling/rippling-saliense-70eb832c-9f2a-4017-bffe-ea82d27c0f8b-grc-cybersecurity-automation-sme.md b/jobs/imported/rippling/rippling-saliense-70eb832c-9f2a-4017-bffe-ea82d27c0f8b-grc-cybersecurity-automation-sme.md new file mode 100644 index 0000000..de7a558 --- /dev/null +++ b/jobs/imported/rippling/rippling-saliense-70eb832c-9f2a-4017-bffe-ea82d27c0f8b-grc-cybersecurity-automation-sme.md @@ -0,0 +1,73 @@ +--- +title: "GRC Cybersecurity Automation SME" +company: "Saliense Consulting LLC" +slug: "rippling-saliense-70eb832c-9f2a-4017-bffe-ea82d27c0f8b-grc-cybersecurity-automation-sme" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/saliense/jobs" +role_url: "https://ats.rippling.com/saliense/jobs/70eb832c-9f2a-4017-bffe-ea82d27c0f8b" +apply_url: "https://ats.rippling.com/saliense/jobs/70eb832c-9f2a-4017-bffe-ea82d27c0f8b" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "Arlington, VA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Privacy" +frameworks: [] +languages: [] +compensation: "" +summary: "About Saliense At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and..." +--- + +About Saliense + +At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including: + +- 20 Days PTO + 40 Hours of Paid Sick & Safe Time +- 11 Federal Holidays + 2 Corporate Holidays +- Health, Vision, Dental, and Life Insurance +- 401(k) with Tiered Match & 100% Vesting +- Parental Leave for Birthing and Non-Birthing Parents +- Professional Development Reimbursement Program + +We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com (http://www.saliense.com/) to learn more. + +There are many more - connect with us to get a preview of the full benefits package. + +About the role + +- The GRC Cybersecurity Automation Subject Matter Expert (SME) is responsible for identifying, designing, and implementing automation solutions that enhance cybersecurity and privacy operations across government environments. This role works closely with government leadership, technical teams, and business stakeholders to streamline processes, improve efficiency and accuracy, and ensure compliance with security, privacy, and accessibility requirements. The SME plays a key role in modernizing cybersecurity workflows through iterative automation and continuous improvement. + +What you'll do + +- Design, create, and maintain dynamic dashboards using tools like SharePoint, Power BI, Power Automate, and ServiceNow. These dashboards will provide visualizations and metrics on cybersecurity status across the enterprise, systems, and individual programs. You will leverage data from various sources, including the agency's GRC (Governance, Risk, and Compliance) tools, to present clear and concise security information. +- Collaborate with cross-functional teams to gather and analyze requirements +- Produce and deliver recurring weekly and monthly reports on the security status of all existing and new systems. These reports will include key metrics such as system authorization status, POA&M (Plan of Action and Milestones) details, and risk acceptance status. You will also be responsible for creating ad-hoc reports as requested by leadership. +- Work closely with various stakeholders, including data providers, end-users, and leadership, to understand their reporting needs. You will present proposed dashboards and reports for review and approval, incorporating feedback to ensure all deliverables are accurate and effective. +- Identify opportunities for automation to reduce manual reporting efforts. You will continuously update and improve dashboards and reports to ensure they are integrated with the agency’s initiatives and technology infrastructure, thereby increasing efficiency and minimizing the time required to generate reports. +- Ensure solutions are scalable, secure, and maintainable +- Participate in Agile Development processes, including sprint planning, daily stand-ups, and retrospectives + +Qualifications + +- Four (4)+ years of experience in listed tasks +- Master’s degree + +- Demonstrated proficiency in developing, designing, and maintaining dashboards and reports using data visualization tools such as Power BI. +- Experience with Power Automate for automating workflows and data collection. +- Familiarity with the ServiceNow platform, particularly its reporting and dashboarding capabilities. +- Proficiency in collecting, analyzing, and interpreting data from various sources to produce actionable reports. +- Proven experience in a role focused on cybersecurity, IT, or a related field, with a strong emphasis on reporting and metrics. +- Solid understanding of cybersecurity concepts, terminology, and frameworks, including system authorization status, POA&Ms, and risk acceptance. +- Experience working with common GRC tools and understanding how to extract and utilize data from them. +- Excellent collaboration and communication skills, with the ability to work effectively with technical and non-technical stakeholders, including senior leadership. +- Strong analytical and problem-solving skills to identify reporting needs and translate them into effective dashboard and report designs. +- Attention to detail and a commitment to producing accurate and high-quality deliverables diff --git a/jobs/imported/rippling/rippling-saliense-7ae9e68d-5f9f-41d8-a6bc-61baec79ce88-grc-integration-specialist.md b/jobs/imported/rippling/rippling-saliense-7ae9e68d-5f9f-41d8-a6bc-61baec79ce88-grc-integration-specialist.md new file mode 100644 index 0000000..260df4a --- /dev/null +++ b/jobs/imported/rippling/rippling-saliense-7ae9e68d-5f9f-41d8-a6bc-61baec79ce88-grc-integration-specialist.md @@ -0,0 +1,77 @@ +--- +title: "GRC Integration Specialist" +company: "Saliense Consulting LLC" +slug: "rippling-saliense-7ae9e68d-5f9f-41d8-a6bc-61baec79ce88-grc-integration-specialist" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/saliense/jobs" +role_url: "https://ats.rippling.com/saliense/jobs/7ae9e68d-5f9f-41d8-a6bc-61baec79ce88" +apply_url: "https://ats.rippling.com/saliense/jobs/7ae9e68d-5f9f-41d8-a6bc-61baec79ce88" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "McLean, VA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "NIST 800-53" + - "NIST RMF" +languages: [] +compensation: "" +summary: "About Saliense At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and..." +--- + +About Saliense + +At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including: + +- 20 Days PTO + 40 Hours of Paid Sick & Safe Time +- 11 Federal Holidays + 2 Corporate Holidays +- Health, Vision, Dental, and Life Insurance +- 401(k) with Tiered Match & 100% Vesting +- Parental Leave for Birthing and Non-Birthing Parents +- Professional Development Reimbursement Program + +We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com (http://www.saliense.com/) to learn more. + +There are many more - connect with us to get a preview of the full benefits package. + +About the role + +The GRC Integration Specialist focuses on designing, implementing, and maintaining secure, reliable integrations between Governance, Risk, and Compliance (GRC) platforms and enterprise systems. This role serves as a technical specialist supporting GRC modernization and migration initiatives, ensuring data integrity, interoperability, and alignment with federal security mandates, government policies, and organizational risk management practices. The specialist is responsible for developing and operating automated integrations, supporting reporting and analytics, and ensuring that integrated GRC data effectively supports compliance, audit, and authorization activities. + +What you'll do + +- Design, build, test, and maintain secure integrations between GRC platforms and enterprise tools such as asset management systems, SIEMs, cloud platforms (AWS, Azure, GCP), and other security and IT systems. +- Develop and operate automated, bi-directional APIs or data exchange mechanisms to synchronize data between multiple GRC systems during migrations or coexistence periods. +- Support GRC system deployments across production and non-production environments by implementing configuration baselines, integration standards, and controlled release processes. +- Implement and maintain least-privilege access for integrated services and APIs, including service accounts, RBAC, and SSO integration with approved identity providers. +- Define and enforce data quality, validation, lineage, and synchronization rules to ensure accuracy and consistency of integrated GRC data. +- Implement logging, monitoring, and evidence collection for integrations to support audits, compliance reviews, and records management requirements. +- Develop and support custom reporting, dashboards, and data feeds that translate integrated GRC data into actionable insights for compliance teams, system owners, and leadership. +- Assist with the creation and maintenance of standardized GRC documentation templates and workflows (e.g., SSPs, POA&Ms, risk acceptance requests, and questionnaires) as they relate to integrated data sources. +- Maintain technical documentation, runbooks, SOPs, and integration guides to ensure integrations remain current with GRC platform and enterprise system changes. + +Qualifications + +- Minimum five (5)+ years of experience with listed tasks +- Bachelor’s degree + +- Experience designing and supporting integrations for GRC platforms within federal or highly regulated environments. +- Hands-on experience developing APIs, data pipelines, or automated interfaces to exchange data between GRC systems and other enterprise security or IT tools. +- Experience supporting GRC system migrations or data transformations, including mapping control, risk, and assessment data between platforms. +- Working knowledge of cloud-native services and tools within AWS, Azure, and/or GCP used to support security, compliance, and data integration use cases. +- Experience supporting cybersecurity compliance and RMF authorization activities, including the use of integrated data to support control implementation, assessment, and continuous monitoring. +- Knowledge of NIST Risk Management Framework (RMF), NIST SP 800-53 Rev. 5, FISMA, and related federal standards. +- Experience supporting internal reviews and audits by providing traceable, auditable integration configurations and automated evidence. +- Familiarity with enterprise GRC solutions such as CSAM, RegScale, or equivalent platforms. +- Strong documentation, collaboration, and customer service skills, with the ability to work effectively with engineers, security teams, and compliance stakeholders. +- Background in systems engineering, cloud engineering, or application development is preferred. diff --git a/jobs/imported/rippling/rippling-saliense-9cc52a4c-fd89-4268-8da7-fbeca41ded10-grc-reporting-and-metrics-specialist.md b/jobs/imported/rippling/rippling-saliense-9cc52a4c-fd89-4268-8da7-fbeca41ded10-grc-reporting-and-metrics-specialist.md new file mode 100644 index 0000000..a3d1b19 --- /dev/null +++ b/jobs/imported/rippling/rippling-saliense-9cc52a4c-fd89-4268-8da7-fbeca41ded10-grc-reporting-and-metrics-specialist.md @@ -0,0 +1,73 @@ +--- +title: "GRC Reporting and Metrics Specialist " +company: "Saliense Consulting LLC" +slug: "rippling-saliense-9cc52a4c-fd89-4268-8da7-fbeca41ded10-grc-reporting-and-metrics-specialist" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/saliense/jobs" +role_url: "https://ats.rippling.com/saliense/jobs/9cc52a4c-fd89-4268-8da7-fbeca41ded10" +apply_url: "https://ats.rippling.com/saliense/jobs/9cc52a4c-fd89-4268-8da7-fbeca41ded10" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "McLean, VA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" +frameworks: [] +languages: [] +compensation: "" +summary: "About Saliense At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and..." +--- + +- About Saliense + +At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including: + +- 20 Days PTO + 40 Hours of Paid Sick & Safe Time +- 11 Federal Holidays + 2 Corporate Holidays +- Health, Vision, Dental, and Life Insurance +- 401(k) with Tiered Match & 100% Vesting +- Parental Leave for Birthing and Non-Birthing Parents +- Professional Development Reimbursement Program + +We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com (http://www.saliense.com/) to learn more. + +There are many more - connect with us to get a preview of the full benefits package. + +About the role + +- The GRC Reporting and Metrics Specialist is responsible for developing, maintaining, and enhancing governance, risk, and compliance reporting that provides clear visibility into the organization’s cybersecurity posture. This role designs and delivers automated dashboards and recurring reports using GRC platforms, Power BI, Power Automate, ServiceNow, and other enterprise data sources to track key metrics such as system authorization status, POA&M performance, risk acceptance, and compliance trends. The specialist works closely with technical teams, data owners, and leadership to translate complex security and compliance data into accurate, actionable insights. A core focus of the role is reducing manual reporting through automation, ensuring data quality and consistency, and continuously improving metrics and dashboards to support informed decision‑making and organizational cybersecurity initiatives. + +What you'll do + +- Design, create, and maintain dynamic dashboards using tools like SharePoint, Power BI, Power Automate, and ServiceNow. These dashboards will provide visualizations and metrics on cybersecurity status across the enterprise, systems, and individual programs. You will leverage data from various sources, including the agency's GRC (Governance, Risk, and Compliance) tools, to present clear and concise security information. +- Collaborate with cross-functional teams to gather and analyze requirements +- Produce and deliver recurring weekly and monthly reports on the security status of all existing and new systems. These reports will include key metrics such as system authorization status, POA&M (Plan of Action and Milestones) details, and risk acceptance status. You will also be responsible for creating ad-hoc reports as requested by leadership. +- Work closely with various stakeholders, including data providers, end-users, and leadership, to understand their reporting needs. +- You will present proposed dashboards and reports for review and approval, incorporating feedback to ensure all deliverables are accurate and effective. +- Identify opportunities for automation to reduce manual reporting efforts. You will continuously update and improve dashboards and reports to ensure they are integrated with the agency’s initiatives and technology infrastructure, thereby increasing efficiency and minimizing the time required to generate reports. +- Ensure solutions are scalable, secure, and maintainable +- Participate in Agile Development processes, including sprint planning, daily stand-ups, and retrospectives + +Qualifications + +- Four (4)+ years of experience in listed tasks +- Master’s degree + +- Demonstrated proficiency in developing, designing, and maintaining dashboards and reports using data visualization tools such as Power BI. +- Experience with Power Automate for automating workflows and data collection. +- Familiarity with the ServiceNow platform, particularly its reporting and dashboarding capabilities. +- Proficiency in collecting, analyzing, and interpreting data from various sources to produce actionable reports. +- Proven experience in a role focused on cybersecurity, IT, or a related field, with a strong emphasis on reporting and metrics. +- Solid understanding of cybersecurity concepts, terminology, and frameworks, including system authorization status, POA&Ms, and risk acceptance. +- Experience working with common GRC tools and understanding how to extract and utilize data from them. +- Excellent collaboration and communication skills, with the ability to work effectively with technical and non-technical stakeholders, including senior leadership. +- Strong analytical and problem-solving skills to identify reporting needs and translate them into effective dashboard and report designs. +- Attention to detail and a commitment to producing accurate and high-quality deliverables diff --git a/jobs/imported/rippling/rippling-saliense-9e79e246-0026-4832-a24e-0a54433855d1-rmf-subject-matter-expert-sme.md b/jobs/imported/rippling/rippling-saliense-9e79e246-0026-4832-a24e-0a54433855d1-rmf-subject-matter-expert-sme.md new file mode 100644 index 0000000..5f30b9c --- /dev/null +++ b/jobs/imported/rippling/rippling-saliense-9e79e246-0026-4832-a24e-0a54433855d1-rmf-subject-matter-expert-sme.md @@ -0,0 +1,70 @@ +--- +title: "RMF Subject Matter Expert (SME) " +company: "Saliense Consulting LLC" +slug: "rippling-saliense-9e79e246-0026-4832-a24e-0a54433855d1-rmf-subject-matter-expert-sme" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/saliense/jobs" +role_url: "https://ats.rippling.com/saliense/jobs/9e79e246-0026-4832-a24e-0a54433855d1" +apply_url: "https://ats.rippling.com/saliense/jobs/9e79e246-0026-4832-a24e-0a54433855d1" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "McLean, VA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "NIST 800-53" + - "NIST RMF" +languages: [] +compensation: "" +summary: "About Saliense At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and..." +--- + +About Saliense + +At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including: + +- 20 Days PTO + 40 Hours of Paid Sick & Safe Time +- 11 Federal Holidays + 2 Corporate Holidays +- Health, Vision, Dental, and Life Insurance +- 401(k) with Tiered Match & 100% Vesting +- Parental Leave for Birthing and Non-Birthing Parents +- Professional Development Reimbursement Program + +We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com (http://www.saliense.com/) to learn more. + +There are many more - connect with us to get a preview of the full benefits package. + +About the role + +The RMF Subject Matter Expert (SME) provides technical and functional leadership for the implementation, operation, and modernization of Governance, Risk, and Compliance (GRC) platforms, with a primary focus on CSAM and RegScale. This role supports federal Risk Management Framework (RMF) activities by ensuring GRC tools are properly configured, maintained, and aligned with NIST and FISMA requirements. The RMF SME partners with cybersecurity, engineering, and compliance stakeholders to support system authorizations, continuous monitoring, tool migrations, and data integrations while ensuring audit-ready documentation and evidence is maintained throughout the system lifecycle. + +What you'll do + +- Provide RMF subject matter expertise for the configuration, operation, and sustainment of GRC platforms (CSAM and/or RegScale) authorization and continuous monitoring activities. +- Support GRC platform implementations and system migrations, including data mapping, control inheritance alignment, workflow configuration, and validation of migrated RMF artifacts. +- Perform independent quality assurance reviews of RMF artifacts (SSPPs, POA&Ms, risk assessments, and authorization packages) managed within the GRC tool to ensure accuracy, completeness, and compliance with federal requirements. +- Provide RMF SME support and guidance on GRC integrations with enterprise systems such as asset inventories, vulnerability management tools, SIEM platforms, and cloud service providers (AWS, Azure, GCP). +- Develop and maintain standardized RMF workflows, templates, and approval processes within the GRC platform. +- Support from a requirements perspective user and service account management, implementing RBAC, least-privilege access, and SSO integration. +- Support the development of SOPs, runbooks, and migration documentation related to RMF and GRC operations. + +Qualifications + +- Minimum four (4) years of experience required +- Bachelors Degree required +- Very strong working knowledge of NIST RMF, NIST SP 800-53 Rev. 5, and FISMA. +- Experience using CSAM and/or RegScale in a federal or regulated environment. +- Experience supporting RMF system migrations and tool modernizations. +- Experience supporting audits and system authorizations. +- Ability to translate RMF and compliance data into actionable insights. +- Strong collaboration and stakeholder engagement skills. diff --git a/jobs/imported/rippling/rippling-saliense-bb95f524-4aa0-43a6-81e7-d211fe066bb1-grc-cloud-integration-specialist.md b/jobs/imported/rippling/rippling-saliense-bb95f524-4aa0-43a6-81e7-d211fe066bb1-grc-cloud-integration-specialist.md new file mode 100644 index 0000000..1f39fa6 --- /dev/null +++ b/jobs/imported/rippling/rippling-saliense-bb95f524-4aa0-43a6-81e7-d211fe066bb1-grc-cloud-integration-specialist.md @@ -0,0 +1,77 @@ +--- +title: "GRC Cloud Integration Specialist" +company: "Saliense Consulting LLC" +slug: "rippling-saliense-bb95f524-4aa0-43a6-81e7-d211fe066bb1-grc-cloud-integration-specialist" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/saliense/jobs" +role_url: "https://ats.rippling.com/saliense/jobs/bb95f524-4aa0-43a6-81e7-d211fe066bb1" +apply_url: "https://ats.rippling.com/saliense/jobs/bb95f524-4aa0-43a6-81e7-d211fe066bb1" +posted_date: "2026-04-03" +expires_date: "2026-05-03" +location: "McLean, VA" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "NIST 800-53" + - "NIST RMF" +languages: [] +compensation: "" +summary: "About Saliense At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and..." +--- + +About Saliense + +At Saliense, we are committed to fostering a culture of continuous learning and professional growth. Our employees are encouraged to take on challenging and meaningful work, with ample opportunities for career advancement. We offer competitive compensation and benefits, including: + +- 20 Days PTO + 40 Hours of Paid Sick & Safe Time +- 11 Federal Holidays + 2 Corporate Holidays +- Health, Vision, Dental, and Life Insurance +- 401(k) with Tiered Match & 100% Vesting +- Parental Leave for Birthing and Non-Birthing Parents +- Professional Development Reimbursement Program + +We believe in empowering our team members to achieve their professional goals while contributing to impactful projects that make a difference. Join us at Saliense and be part of a growing organization dedicated to innovation, collaboration, and excellence. Visit www.saliense.com (http://www.saliense.com/) to learn more. + +There are many more - connect with us to get a preview of the full benefits package. + +About the role + +The GRC Cloud Integration Specialist will design, implement secure automated integrations between the RegScale GRC platform, AWS, Azure, or Google cloud environments, and key enterprise security and IT tools. This role enables continuous controls monitoring, automated evidence collection, and real-time compliance visibility by integrating cloud, identity, asset, vulnerability, and security event data into RegScale. The specialist ensures that security, risk, and compliance data is traceable, auditable, and aligned with federal security requirements and organizational risk management practices. + +What you'll do + +- Design, develop, test, and maintain secure integrations between RegScale and AWS services including AWS Config, AWS Security Hub, Amazon GuardDuty, AWS CloudTrail, Amazon Inspector, and AWS IAM. +- Configure and operate RegScale integrations to ingest AWS security findings, asset inventory, and compliance data to support continuous controls monitoring and risk-based decision making. +- Integrate enterprise identity and access management data from Okta to support least-privilege enforcement, access reviews, and identity-related control evidence within RegScale. +- Integrate asset inventory and exposure data from enterprise tools like Axonius to establish an authoritative asset baseline and support asset-related compliance and risk controls. +- Ingest vulnerability and scan results from tools like Tenable Security Center into RegScale to support vulnerability management workflows, risk scoring, and POA&M generation. +- Integrate security event and alert data from SIEM platforms (e.g., Splunk, Elastic, or comparable solutions) to support continuous monitoring, incident tracking, and audit evidence. +- Map AWS, identity, asset, vulnerability, and SIEM data to RegScale controls, risks, and compliance artifacts aligned with NIST RMF and NIST SP 800-53 Rev. 5. +- Support automated evidence collection in RegScale to maintain continuously updated SSPs, POA&Ms, and authorization artifacts using integrated data sources. +- Implement least-privilege access for integrations using AWS IAM roles, secure API authentication, and cross-account access patterns. +- Create and maintain integration documentation, runbooks, and SOPs covering AWS, RegScale, identity, asset, vulnerability, and SIEM integrations. + +Qualifications + +- 5+ years of experience in listed tasks +- Bachelor’s degree + +- Hands-on experience integrating RegScale with AWS cloud security and compliance services in federal or highly regulated environments. +- Experience working with identity platforms such as Okta to support access control, access reviews, and identity-related compliance requirements. +- Experience with integrating asset inventory platforms such as Axonius to support asset management, exposure visibility, and audit readiness. +- Experience integrating vulnerability management platforms such as Tenable Security Center to support vulnerability tracking and remediation workflows. +- Experience integrating SIEM platforms (e.g., Splunk, Elastic, or similar) to support continuous monitoring and incident-related compliance evidence. +- Hands-on experience with AWS Security Hub, AWS Config, Amazon GuardDuty, AWS CloudTrail, and AWS IAM. +- Experience supporting AWS-based system authorizations using NIST RMF and RegScale-managed evidence. +- Experience mapping integrated security data to NIST SP 800-53 Rev. 5 and FISMA requirements within a GRC platform. +- Strong documentation, collaboration, and customer service skills, with the ability to work across cloud engineering, security, and compliance teams. diff --git a/jobs/imported/rippling/rippling-workstreet-188dc651-2e8c-4308-ba63-2e1fed90a744-senior-manager-grc-engineering.md b/jobs/imported/rippling/rippling-workstreet-188dc651-2e8c-4308-ba63-2e1fed90a744-senior-manager-grc-engineering.md new file mode 100644 index 0000000..5e58ea6 --- /dev/null +++ b/jobs/imported/rippling/rippling-workstreet-188dc651-2e8c-4308-ba63-2e1fed90a744-senior-manager-grc-engineering.md @@ -0,0 +1,111 @@ +--- +title: "Senior Manager, GRC Engineering " +company: "Workstreet" +slug: "rippling-workstreet-188dc651-2e8c-4308-ba63-2e1fed90a744-senior-manager-grc-engineering" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/workstreet/jobs" +role_url: "https://ats.rippling.com/workstreet/jobs/188dc651-2e8c-4308-ba63-2e1fed90a744" +apply_url: "https://ats.rippling.com/workstreet/jobs/188dc651-2e8c-4308-ba63-2e1fed90a744" +posted_date: "2026-03-16" +expires_date: "2026-04-15" +location: "Remote (United States)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST 800-171" +languages: + - "Rust" +compensation: "" +summary: "About Workstreet At Workstreet , we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a..." +--- + +About Workstreet + +At Workstreet , we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. + +## The Opportunity + +We are seeking a Sr. Manager, GRC Engineering who leads with a client-first philosophy and brings a proven track record of managing high-stakes client relationships with professionalism, care, and strategic insight. The ideal candidate is an experienced client relationship leader who understands that exceptional service is the foundation of everything we do — and who pairs that client focus with 8+ years of deep expertise in cybersecurity compliance frameworks such as SOC 2, ISO 27001, and NIST CSF. + +The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 15 days. You will serve as the primary point of contact for a portfolio of clients, leading engagements end-to-end, managing escalations with composure and urgency, and ensuring every client interaction reflects the highest standard of service. + +## What You'll Do + +Client Relationship Management (Primary Focus) + +- Own Executive-Level Client Relationships: Serve as the senior point of contact for a portfolio of strategic accounts, building long-term trust and ensuring clients receive an exceptional, high-touch experience at every stage of the engagement. +- Lead and Guide Client Engagements: Provide strategic oversight across multiple compliance engagements, ensuring clients are well-informed, prepared, and confident throughout audits, certifications, and assessments. +- Manage Escalations at the Executive Level: Address complex, high-stakes client concerns with professionalism, urgency, and composure — turning challenging situations into opportunities to reinforce trust and loyalty. +- Be a Strategic Trusted Advisor: Understand the broader business goals of each client and deliver compliance guidance that is not just technically sound, but strategically aligned with their objectives. +- Ensure Quality Across All Client Touchpoints: Conduct regular reviews of client communications, deliverables, and quality metrics to maintain consistency and excellence across all engagements. +- Engage Directly with US-Based Clients: Communicate proactively via phone, email, and meetings to address compliance concerns and deliver expert, personalized guidance. + +Team Leadership + +- Lead and Develop a High-Performing Team: Supervise and mentor managers and analysts across various accounts, fostering a culture of performance, accountability, collaboration, and professional growth. +- Drive Resource Strategy: Guide staffing, hiring, and resource allocation to optimize delivery efficiency and support department scalability as the business grows. +- Set and Uphold Standards: Establish and enforce quality benchmarks across the team, ensuring every client-facing output meets Workstreet's high standards. + +GRC & Compliance Execution + +- Oversee Compliance Programs: Manage and coordinate multiple cybersecurity compliance engagements simultaneously, ensuring timely completion and adherence to relevant standards and frameworks. +- Implement Compliance Policies: Develop, execute, and maintain cybersecurity compliance policies and procedures aligned with industry best practices. +- Collaborate on Risk Mitigation: Partner with internal and external teams to identify, assess, and remediate cybersecurity risks. +- Interpret Regulatory Frameworks: Analyze and apply cybersecurity regulations and standards including SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HiTRUST, and NIST 800-171/CMMC. + +## Who You Are + +Required + +- Demonstrated experience managing client relationships at a senior or executive level — you are skilled at owning high-complexity accounts, navigating escalations, and delivering a consistently outstanding client experience +- Exceptional professionalism in all client-facing communication, with outstanding written and verbal English skills +- 5+ years of proven experience leading and developing mid-sized teams in a fast-paced, results-driven environment +- 8+ years of experience in cybersecurity compliance, including SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HiTRUST, and NIST 800-171/CMMC frameworks +- 8+ years of experience creating and enforcing cybersecurity policies +- Strong strategic thinking skills with experience driving cross-functional collaboration and aligning team goals with business objectives +- Strong organizational skills with the ability to manage multiple compliance projects concurrently +- Experience working in a tech company with a focus on cybersecurity +- Thrives in a fast-paced startup environment + +## Nice to Have + +- Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacity +- Experience managing GRC functions within a managed security services or consulting environment +- Certifications such as CISA, CISSP, CISM, ISO 27001 Lead Implementer, or CRISC +- Familiarity with compliance automation platforms such as Vanta, Drata, or Secureframe +- Exposure to risk management or audit methodologies across multiple regulatory frameworks + +## What We Offer + +- Career Development: Clear growth path with mentorship and training opportunities +- Technical Training: Comprehensive onboarding on security and compliance frameworks +- Competitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunities +- Growth Opportunity: Early-stage company with significant room for career advancement +- Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team + +## Work Environment Requirements + +- Reliable high-speed internet connection +- Quiet, professional home office setup +- Must be amenable to working US Eastern Time zone hours +- Fluency in written and verbal English communication skills + +Workstreet Is An Equal Opportunity Employer + +As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. + +Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws. diff --git a/jobs/imported/rippling/rippling-workstreet-1e0c3e19-a329-441d-a6c2-8dd01a46f675-manager-grc-engineering.md b/jobs/imported/rippling/rippling-workstreet-1e0c3e19-a329-441d-a6c2-8dd01a46f675-manager-grc-engineering.md new file mode 100644 index 0000000..524eae8 --- /dev/null +++ b/jobs/imported/rippling/rippling-workstreet-1e0c3e19-a329-441d-a6c2-8dd01a46f675-manager-grc-engineering.md @@ -0,0 +1,108 @@ +--- +title: "Manager, GRC Engineering " +company: "Workstreet" +slug: "rippling-workstreet-1e0c3e19-a329-441d-a6c2-8dd01a46f675-manager-grc-engineering" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/workstreet/jobs" +role_url: "https://ats.rippling.com/workstreet/jobs/1e0c3e19-a329-441d-a6c2-8dd01a46f675" +apply_url: "https://ats.rippling.com/workstreet/jobs/1e0c3e19-a329-441d-a6c2-8dd01a46f675" +posted_date: "2026-03-31" +expires_date: "2026-04-30" +location: "Remote (United States)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST 800-171" +languages: + - "Rust" +compensation: "" +summary: "About Workstreet At Workstreet, we're on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a..." +--- + +About Workstreet + +At Workstreet, we're on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks — including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP — empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. + +## The Opportunity + +We are seeking a Manager, GRC Engineering who leads with a client-first mindset and brings exceptional relationship management skills to every engagement. The ideal candidate is an experienced client manager who knows how to build trust, navigate complex accounts, and deliver an outstanding client experience — while also bringing deep expertise in cybersecurity compliance frameworks such as SOC 2, ISO 27001, and NIST CSF. + +The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 15 days. You will serve as the primary point of contact for a portfolio of clients, leading engagements end-to-end, managing escalations with composure and urgency, and ensuring every client interaction reflects the highest standard of service. This role requires working US Pacific Time (PST) hours. + +## What You'll Do + +Client Relationship Management (Primary Focus) + +- Own the Client Experience: Serve as the primary point of contact for a portfolio of client accounts, building strong, trusted relationships and ensuring clients feel supported, informed, and valued throughout every engagement. +- Lead Client Engagements: Guide clients through compliance initiatives end-to-end — from kickoff through certification — providing clear communication, proactive updates, and expert guidance at every milestone. +- Handle Escalations with Professionalism: Resolve complex client issues and requests with urgency, composure, and a solution-oriented approach that reinforces confidence and long-term retention. +- Be a Trusted Advisor: Understand each client's unique business context and deliver compliance guidance that is practical, actionable, and tailored to their needs. +- Collaborate Cross-Functionally: Partner with internal teams and client stakeholders to embed security and compliance best practices and resolve issues quickly. + +Team Leadership + +- Manage and Develop a Pod of Analysts: Lead a team of 3–5 analysts through coaching, mentorship, and performance management, fostering accountability, quality, and professional growth. +- Drive Consistent Delivery: Ensure the team meets deadlines and delivers high-quality work across all active client engagements, stepping in to support where needed. + +GRC & Compliance Execution + +- Develop and Maintain Compliance Frameworks: Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards. +- Lead Compliance Certifications: Oversee and execute SOC 2 and ISO 27001 implementation and certification projects across multi-cloud environments (AWS, GCP, Azure). +- Conduct Risk and Security Audits: Perform regular risk assessments and audits to identify vulnerabilities and enhance overall security posture. +- Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls. +- Leverage Compliance Automation Tools: Utilize platforms such as Drata, Vanta, and SecureFrame to track compliance metrics and ensure continuous audit readiness. + +## Who You Are + +Required + +- Demonstrated experience managing client relationships directly — you are comfortable owning accounts, leading difficult conversations, and being the trusted face of an engagement +- Exceptional professionalism in all client-facing communication, with outstanding written and verbal English skills +- 5+ years of experience managing or leading a team +- Proven experience managing compliance programs with hands-on familiarity with SOC 2 and ISO 27001 frameworks +- Strong knowledge of technical control implementation in cloud platforms (AWS, GCP, Azure) +- Ability to manage multiple compliance projects simultaneously without sacrificing client experience or quality +- Bachelor's degree in Information Technology, Cybersecurity, or a related field +- Ability to work independently with a strong sense of initiative + +## Nice to Have + +- Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacity +- Relevant certifications (e.g., CISA, CISSP, CISM) +- Consulting experience +- Familiarity with additional frameworks and regulations (e.g., HiTRUST, PCI DSS, NIST, GDPR, HIPAA) + +## What We Offer + +- Career Development: Clear growth path with mentorship and training opportunities +- Technical Training: Comprehensive onboarding on security and compliance frameworks +- Competitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunities +- Growth Opportunity: Early-stage company with significant room for career advancement +- Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team + +## Work Environment Requirements + +- Reliable high-speed internet connection +- Quiet, professional home office setup +- This role requires working US Pacific Time (PST) hours. +- Fluency in written and verbal English communication skills + +## Workstreet Is An Equal Opportunity Employer + +As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. + +Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws. diff --git a/jobs/imported/rippling/rippling-workstreet-2aecb64c-d5f8-4197-84ef-46e18c082f4c-grc-engineer-i.md b/jobs/imported/rippling/rippling-workstreet-2aecb64c-d5f8-4197-84ef-46e18c082f4c-grc-engineer-i.md new file mode 100644 index 0000000..4cca196 --- /dev/null +++ b/jobs/imported/rippling/rippling-workstreet-2aecb64c-d5f8-4197-84ef-46e18c082f4c-grc-engineer-i.md @@ -0,0 +1,91 @@ +--- +title: "GRC Engineer I " +company: "Workstreet" +slug: "rippling-workstreet-2aecb64c-d5f8-4197-84ef-46e18c082f4c-grc-engineer-i" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/workstreet/jobs" +role_url: "https://ats.rippling.com/workstreet/jobs/2aecb64c-d5f8-4197-84ef-46e18c082f4c" +apply_url: "https://ats.rippling.com/workstreet/jobs/2aecb64c-d5f8-4197-84ef-46e18c082f4c" +posted_date: "2026-01-27" +expires_date: "2026-02-26" +location: "Remote (India)" +work_modes: + - "Remote" +job_types: + - "Contractor / 1099" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST 800-171" +languages: [] +compensation: "" +summary: "About Workstreet At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a..." +--- + +About Workstreet + +At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. + +## The Opportunity + +We are seeking a highly motivated and detail-oriented GRC Engineer I to join our fast-growing team. The ideal candidate will have a solid background in cybersecurity compliance frameworks such as SOC 2, ISO 27001, and NIST CSF. + +This role requires strong communication skills and the ability to manage multiple cybersecurity compliance projects simultaneously. The successful candidate will also have experience overseeing or managing a small team, while ensuring client engagements are delivered effectively and aligned with Workstreet’s security objectives. + +## What You'll Do + +- Support Compliance Initiatives : Assist in implementing and maintaining cybersecurity compliance programs aligned with SOC 2, ISO 27001, and other regulatory standards. +- Maintain Documentation : Develop and update cybersecurity policies, procedures, and control evidence to support audits and assessments. +- Assist in Risk Mitigation : Work with internal and external teams to identify, track, and help remediate cybersecurity risks and control gaps. +- Coordinate Project Tasks: Support multiple compliance projects by managing documentation, timelines, and deliverables under senior guidance. +- Communicate with Clients : Engage with clients via email, chat, and calls to gather evidence, clarify compliance requirements, and provide timely updates. +- Perform Control Testing : Conduct basic control checks and assist in readiness reviews to ensure continuous compliance with internal and external standards. +- Collaborate Cross-Functionally : Partner with IT, security, and operations teams to implement corrective actions and strengthen compliance posture. +- Learn and Grow : Receive mentorship from senior team members and contribute to improving processes, templates, and playbooks for compliance delivery. + +## Who You Are + +- Strong organizational skills with the ability to manage multiple cybersecurity compliance projects concurrently +- Exceptional written and verbal English communication skills +- Proven ability to work directly with clients in the US +- Experience working in cybersecurity compliance, including SOC 2, ISO 27001, or NIST CSF frameworks +- Familiarity with creating and enforcing cybersecurity policies +- Experience working in a tech company with a focus on cybersecurity +- Thrives in a fast-paced startup environment + +## Nice to Have + +- Familiarity with Vanta or similar compliance automation platforms +- Additional experience with frameworks such as GDPR, HIPAA, or PCI DSS +- Certifications such as ISO 27001 Lead Implementer, CISA, or Security+ + +## What We Offer + +- Career Development : Clear path with mentorship and training opportunities +- Technical Training : Comprehensive onboarding on security and compliance frameworks +- Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities. +- Growth Opportunity : Early-stage company with significant room for career advancement. +- Remote-First Culture : Flexibility to work from anywhere while collaborating with a global team. + +## Work Environment Requirements + +- Reliable high-speed internet connection. +- Quiet, professional home office setup. +- Must be amenable to work US Eastern Time zone hours. +- Fluency in written and verbal English communication skills. + +### Workstreet Is An Equal Opportunity Employer + +As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. + +Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws. diff --git a/jobs/imported/rippling/rippling-workstreet-5e53a5ec-1c06-4c28-aef5-e2b7817a96f1-grc-engineer-i.md b/jobs/imported/rippling/rippling-workstreet-5e53a5ec-1c06-4c28-aef5-e2b7817a96f1-grc-engineer-i.md new file mode 100644 index 0000000..b65fda0 --- /dev/null +++ b/jobs/imported/rippling/rippling-workstreet-5e53a5ec-1c06-4c28-aef5-e2b7817a96f1-grc-engineer-i.md @@ -0,0 +1,91 @@ +--- +title: "GRC Engineer I" +company: "Workstreet" +slug: "rippling-workstreet-5e53a5ec-1c06-4c28-aef5-e2b7817a96f1-grc-engineer-i" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/workstreet/jobs" +role_url: "https://ats.rippling.com/workstreet/jobs/5e53a5ec-1c06-4c28-aef5-e2b7817a96f1" +apply_url: "https://ats.rippling.com/workstreet/jobs/5e53a5ec-1c06-4c28-aef5-e2b7817a96f1" +posted_date: "2026-03-24" +expires_date: "2026-04-23" +location: "Remote (United States)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST 800-171" +languages: [] +compensation: "" +summary: "About Workstreet At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a..." +--- + +About Workstreet + +At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. + +## The Opportunity + +We are seeking a highly motivated and detail-oriented GRC Engineer I to join our fast-growing team. The ideal candidate will have a solid background in cybersecurity compliance frameworks such as SOC 2, ISO 27001, and NIST CSF. + +This role requires strong communication skills and the ability to manage multiple cybersecurity compliance projects simultaneously. The successful candidate will also have experience overseeing or managing a small team, while ensuring client engagements are delivered effectively and aligned with Workstreet’s security objectives. + +## What You'll Do + +- Support Compliance Initiatives : Assist in implementing and maintaining cybersecurity compliance programs aligned with SOC 2, ISO 27001, and other regulatory standards. +- Maintain Documentation : Develop and update cybersecurity policies, procedures, and control evidence to support audits and assessments. +- Assist in Risk Mitigation : Work with internal and external teams to identify, track, and help remediate cybersecurity risks and control gaps. +- Coordinate Project Tasks: Support multiple compliance projects by managing documentation, timelines, and deliverables under senior guidance. +- Communicate with Clients : Engage with clients via email, chat, and calls to gather evidence, clarify compliance requirements, and provide timely updates. +- Perform Control Testing : Conduct basic control checks and assist in readiness reviews to ensure continuous compliance with internal and external standards. +- Collaborate Cross-Functionally : Partner with IT, security, and operations teams to implement corrective actions and strengthen compliance posture. +- Learn and Grow : Receive mentorship from senior team members and contribute to improving processes, templates, and playbooks for compliance delivery. + +## Who You Are + +- Strong organizational skills with the ability to manage multiple cybersecurity compliance projects concurrently +- Exceptional written and verbal English communication skills +- Proven ability to work directly with clients in the US +- Experience working in cybersecurity compliance, including SOC 2, ISO 27001, or NIST CSF frameworks +- Familiarity with creating and enforcing cybersecurity policies +- Experience working in a tech company with a focus on cybersecurity +- Thrives in a fast-paced startup environment + +## Nice to Have + +- Familiarity with Vanta or similar compliance automation platforms +- Additional experience with frameworks such as GDPR, HIPAA, or PCI DSS +- Certifications such as ISO 27001 Lead Implementer, CISA, or Security+ + +## What We Offer + +- Career Development : Clear path with mentorship and training opportunities +- Technical Training : Comprehensive onboarding on security and compliance frameworks +- Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities. +- Growth Opportunity : Early-stage company with significant room for career advancement. +- Remote-First Culture : Flexibility to work from anywhere while collaborating with a global team. + +## Work Environment Requirements + +- Reliable high-speed internet connection. +- Quiet, professional home office setup. +- Must be amenable to work US Eastern Time zone hours. +- Fluency in written and verbal English communication skills. + +### Workstreet Is An Equal Opportunity Employer + +As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. + +Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws. diff --git a/jobs/imported/rippling/rippling-workstreet-6b3c14c9-2f49-4c19-947c-66d9ba32fd4f-senior-grc-engineer.md b/jobs/imported/rippling/rippling-workstreet-6b3c14c9-2f49-4c19-947c-66d9ba32fd4f-senior-grc-engineer.md new file mode 100644 index 0000000..3feb754 --- /dev/null +++ b/jobs/imported/rippling/rippling-workstreet-6b3c14c9-2f49-4c19-947c-66d9ba32fd4f-senior-grc-engineer.md @@ -0,0 +1,107 @@ +--- +title: "Senior GRC Engineer " +company: "Workstreet" +slug: "rippling-workstreet-6b3c14c9-2f49-4c19-947c-66d9ba32fd4f-senior-grc-engineer" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/workstreet/jobs" +role_url: "https://ats.rippling.com/workstreet/jobs/6b3c14c9-2f49-4c19-947c-66d9ba32fd4f" +apply_url: "https://ats.rippling.com/workstreet/jobs/6b3c14c9-2f49-4c19-947c-66d9ba32fd4f" +posted_date: "2025-10-15" +expires_date: "2025-11-14" +location: "Remote (India) | Remote (Philippines)" +work_modes: + - "Remote" +job_types: + - "Contractor / 1099" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Identity & Access Management" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST 800-171" +languages: + - "Rust" +compensation: "" +summary: "About Workstreet At Workstreet , we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a..." +--- + +# About Workstreet + +At Workstreet , we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. + +## The Opportunity + +We are seeking a highly motivated, client-focused Sr. GRC Engineer to join our fast-growing team. The ideal candidate is a seasoned client relationship manager who brings deep expertise in cybersecurity compliance and a proven track record of leading high-complexity client engagements with professionalism and care. This role is first and foremost about delivering an exceptional client experience — managing accounts, building trust, and driving successful outcomes — while overseeing a pod of analysts and applying expertise across frameworks such as SOC 2, ISO 27001, and NIST CSF. + +The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 15 days. You will serve as the primary point of contact for a portfolio of clients, leading engagements end-to-end, managing escalations with composure and urgency, and ensuring every client interaction reflects the highest standard of service. + +## What You'll Do + +Client Relationship Management (Primary Focus) + +- Own the Client Experience: Serve as the dedicated primary contact for a portfolio of high-complexity, long-term client accounts, ensuring consistent delivery, proactive communication, and strong relationships at every stage of the engagement. +- Lead Client Engagements: Conduct regular client meetings, deliver progress updates, set expectations, and guide clients through audits, assessments, and compliance milestones with clarity and confidence. +- Communicate with Care: Engage directly with U.S.-based clients via phone, email, and text to address compliance concerns, provide expert guidance, and ensure clients always feel supported and informed. +- Handle Escalations: Resolve complex client issues swiftly and professionally, applying a solution-oriented approach that reinforces client trust and satisfaction. +- Be a Trusted Advisor: Build long-term relationships by understanding each client's unique business context and delivering compliance guidance that is practical, relevant, and actionable. + +Team Leadership + +- Manage and Develop a Pod of Analysts: Provide day-to-day direction, constructive feedback, and professional development support to a small team of junior analysts, fostering a high-performance and collaborative culture. +- Drive Accountability: Ensure the pod delivers high-quality work on time across all active client engagements, stepping in to support and coach where needed. + +GRC & Compliance Execution + +- Interpret Regulatory Frameworks: Analyze and apply cybersecurity compliance requirements under SOC 2, ISO 27001, HIPAA, NIST CSF, and related standards. +- Lead Compliance Projects: Oversee multiple client engagements simultaneously, including audits, evidence collection, control mapping, and due diligence or incident response activities. +- Develop Compliance Programs: Create, implement, and maintain cybersecurity policies, procedures, and supporting documentation to meet audit and certification objectives. +- Collaborate on Risk Management: Work with internal and external teams to identify, assess, and mitigate cybersecurity and compliance risks. +- Drive Process Improvement: Enhance standard operating procedures, playbooks, and compliance frameworks to strengthen operational effectiveness. + +## Who You Are + +Required + +- Demonstrated experience managing client relationships directly — you are comfortable owning accounts, navigating difficult conversations, and being the face of the engagement +- Exceptional professionalism in all client-facing communication, with outstanding written and verbal English skills +- 3+ years of experience managing or leading a small team (pod, squad, or similar structure) +- 3+ years of experience in cybersecurity compliance, including hands-on work with SOC 2, ISO 27001, or NIST CSF frameworks +- Proven ability to manage multiple compliance projects concurrently without sacrificing quality or client experience +- Strong organizational skills and the ability to thrive in a fast-paced startup environment +- Familiarity with creating and enforcing cybersecurity policies +- Experience working in a tech company with a cybersecurity focus + +## Nice to Have + +- Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacity +- Experience with HIPAA, PCI DSS, or additional compliance frameworks +- Familiarity with Vanta or similar compliance automation platforms +- Certifications such as CISA, CISSP, ISO 27001 Lead Implementer, or Security+ +- Prior experience handling audit coordination or third-party assessments + +## What We Offer + +- Career Development: Clear growth path with mentorship and training opportunities +- Technical Training: Comprehensive onboarding on security and compliance frameworks +- Competitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunities +- Growth Opportunity: Early-stage company with significant room for career advancement +- Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team + +## Work Environment Requirements + +- Reliable high-speed internet connection. +- Quiet, professional home office setup. +- Must be amenable to work US Eastern Time zone hours. +- Fluency in written and verbal English communication skills. + +### Workstreet Is An Equal Opportunity Employer + +As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. diff --git a/jobs/imported/rippling/rippling-workstreet-782540c1-4f54-4527-85b6-4d56223c39be-grc-engineer-i.md b/jobs/imported/rippling/rippling-workstreet-782540c1-4f54-4527-85b6-4d56223c39be-grc-engineer-i.md new file mode 100644 index 0000000..19af6fc --- /dev/null +++ b/jobs/imported/rippling/rippling-workstreet-782540c1-4f54-4527-85b6-4d56223c39be-grc-engineer-i.md @@ -0,0 +1,91 @@ +--- +title: "GRC Engineer I" +company: "Workstreet" +slug: "rippling-workstreet-782540c1-4f54-4527-85b6-4d56223c39be-grc-engineer-i" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/workstreet/jobs" +role_url: "https://ats.rippling.com/workstreet/jobs/782540c1-4f54-4527-85b6-4d56223c39be" +apply_url: "https://ats.rippling.com/workstreet/jobs/782540c1-4f54-4527-85b6-4d56223c39be" +posted_date: "2026-01-27" +expires_date: "2026-02-26" +location: "Remote (Philippines)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Cloud Security" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST 800-171" +languages: [] +compensation: "" +summary: "About Workstreet At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a..." +--- + +About Workstreet + +At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. + +## The Opportunity + +We are seeking a highly motivated and detail-oriented GRC Engineer I to join our fast-growing team. The ideal candidate will have a solid background in cybersecurity compliance frameworks such as SOC 2, ISO 27001, and NIST CSF. + +This role requires strong communication skills and the ability to manage multiple cybersecurity compliance projects simultaneously. The successful candidate will also have experience overseeing or managing a small team, while ensuring client engagements are delivered effectively and aligned with Workstreet’s security objectives. + +## What You'll Do + +- Support Compliance Initiatives : Assist in implementing and maintaining cybersecurity compliance programs aligned with SOC 2, ISO 27001, and other regulatory standards. +- Maintain Documentation : Develop and update cybersecurity policies, procedures, and control evidence to support audits and assessments. +- Assist in Risk Mitigation : Work with internal and external teams to identify, track, and help remediate cybersecurity risks and control gaps. +- Coordinate Project Tasks: Support multiple compliance projects by managing documentation, timelines, and deliverables under senior guidance. +- Communicate with Clients : Engage with clients via email, chat, and calls to gather evidence, clarify compliance requirements, and provide timely updates. +- Perform Control Testing : Conduct basic control checks and assist in readiness reviews to ensure continuous compliance with internal and external standards. +- Collaborate Cross-Functionally : Partner with IT, security, and operations teams to implement corrective actions and strengthen compliance posture. +- Learn and Grow : Receive mentorship from senior team members and contribute to improving processes, templates, and playbooks for compliance delivery. + +## Who You Are + +- Strong organizational skills with the ability to manage multiple cybersecurity compliance projects concurrently +- Exceptional written and verbal English communication skills +- Proven ability to work directly with clients in the US +- Experience working in cybersecurity compliance, including SOC 2, ISO 27001, or NIST CSF frameworks +- Familiarity with creating and enforcing cybersecurity policies +- Experience working in a tech company with a focus on cybersecurity +- Thrives in a fast-paced startup environment + +## Nice to Have + +- Familiarity with Vanta or similar compliance automation platforms +- Additional experience with frameworks such as GDPR, HIPAA, or PCI DSS +- Certifications such as ISO 27001 Lead Implementer, CISA, or Security+ + +## What We Offer + +- Career Development : Clear path with mentorship and training opportunities +- Technical Training : Comprehensive onboarding on security and compliance frameworks +- Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities. +- Growth Opportunity : Early-stage company with significant room for career advancement. +- Remote-First Culture : Flexibility to work from anywhere while collaborating with a global team. + +## Work Environment Requirements + +- Reliable high-speed internet connection. +- Quiet, professional home office setup. +- Must be amenable to work US Eastern Time zone hours. +- Fluency in written and verbal English communication skills. + +### Workstreet Is An Equal Opportunity Employer + +As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. + +Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws. diff --git a/jobs/imported/rippling/rippling-workstreet-abb6a0c7-e280-4af5-afb2-cb0580ab416f-grc-engineer-cmmc-fedramp.md b/jobs/imported/rippling/rippling-workstreet-abb6a0c7-e280-4af5-afb2-cb0580ab416f-grc-engineer-cmmc-fedramp.md new file mode 100644 index 0000000..7a12f70 --- /dev/null +++ b/jobs/imported/rippling/rippling-workstreet-abb6a0c7-e280-4af5-afb2-cb0580ab416f-grc-engineer-cmmc-fedramp.md @@ -0,0 +1,87 @@ +--- +title: "GRC Engineer (CMMC/FedRAMP)" +company: "Workstreet" +slug: "rippling-workstreet-abb6a0c7-e280-4af5-afb2-cb0580ab416f-grc-engineer-cmmc-fedramp" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/workstreet/jobs" +role_url: "https://ats.rippling.com/workstreet/jobs/abb6a0c7-e280-4af5-afb2-cb0580ab416f" +apply_url: "https://ats.rippling.com/workstreet/jobs/abb6a0c7-e280-4af5-afb2-cb0580ab416f" +posted_date: "2026-02-03" +expires_date: "2026-03-05" +location: "Remote (United States)" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Cloud Security" + - "Identity & Access Management" + - "Privacy" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" + - "NIST 800-171" +languages: [] +compensation: "" +summary: "About Workstreet At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a..." +--- + +About Workstreet + +At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. + +## The Opportunity + +We are seeking a GRC Engineer who is highly motivated, detail-oriented, and has foundational knowledge of FedRAMP Moderate and High baseline requirements, with complementary experience supporting CMMC and NIST SP 800-171-based programs. The ideal candidate brings strong client-facing communication skills and the ability to contribute to multiple compliance initiatives simultaneously . + +This role is focused on guiding clients through federal compliance frameworks, supporting both SaaS providers and federal contractors through the FedRAMP authorization lifecycle—including readiness assessment, authorization support, and continuous monitoring—as well as advising defense contractors on CMMC Level 1 and Level 2 compliance and related NIST 800-171 requirements. The successful candidate will play a critical role in helping clients achieve and sustain federal and DoD compliance while leading high-quality delivery across all engagements. + +## What You'll Do + +- Interpret and Apply FedRAMP Requirements: Analyze and apply NIST SP 800-53 controls, FedRAMP baselines, and agency-specific requirements to ensure client compliance. +- Develop and Maintain FedRAMP Documentation: Develop and maintain System Security Plans (SSPs), control implementation narratives, POA&Ms, SAPs, SARs, and continuous monitoring artifacts. +- Conduct FedRAMP Readiness Assessments: Perform gap analyses and readiness reviews to prepare organizations for JAB or Agency ATO pathways. +- Support Authorization and Assessment Activities: Coordinate with Third-Party Assessment Organizations (3PAOs), cloud service providers, and government stakeholders throughout the FedRAMP lifecycle. +- Boundary Definition & Scoping: Perform CMMC/FedRAMP authorization boundary definition and system scoping activities, including identification of in-scope components, interconnections, data flows, and shared responsibility models to ensure alignment with FedRAMP PMO and agency expectations. +- Support Continuous Monitoring Programs: Conduct monthly, quarterly, and annual FedRAMP continuous monitoring requirements, including vulnerability management, incident response reporting, and change control. +- Support FedRAMP Engagements: Assist on multiple concurrent client projects, ensuring milestones, deliverables, and quality standards are consistently met or exceeded. +- Support CMMC and NIST 800-171 Compliance Efforts: Assist defense contractors with interpreting CMMC 2.0 and NIST SP 800-171 controls and implementing compliant security programs. +- Develop CMMC Documentation: Contribute to SSPs, POA&Ms, and supporting artifacts required for CMMC Level 1 and Level 2 readiness. + +## Who You Are + +- Strong organizational and project management skills with the ability to manage multiple engagements concurrently +- 2+ years of experience in GRC, with exposure to FedRAMP, NIST SP 800-53, and federal compliance programs +- Working knowledge of CMMC 2.0 and NIST SP 800-171 requirements +- Experience authoring and reviewing SSPs, POA&Ms, and assessment artifacts +- Familiarity with federal cloud environments (AWS GovCloud, Azure Government, GCC High) +- Experience working with SaaS providers, federal contractors, or regulated technology organizations +- Ability to thrive in a fast-paced, consulting, or startup environment + +## Nice to Have + +- FedRAMP-specific experience supporting JAB or Agency ATOs +- CMMC Registered Practitioner (RP), CCP, or CCA certification +- CISSP, CISM, or Security+ certification +- Experience with DFARS clauses and CUI handling requirements +- Familiarity with SPRS reporting and DoD assessment workflows +- Prior experience working directly with 3PAOs or C3PAOs + +## Work Environment Requirements + +- Reliable high-speed internet connection. +- Quiet, professional home office setup. +- Must be amenable to work US Eastern Time zone hours. +- Fluency in written and verbal English communication skills. + +### Workstreet Is An Equal Opportunity Employer + +As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. + +Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws. diff --git a/jobs/imported/rippling/rippling-wwwcarbon3aicareers-9c0d8cc1-250a-487f-8f8e-49cf4d096254-grc-manager.md b/jobs/imported/rippling/rippling-wwwcarbon3aicareers-9c0d8cc1-250a-487f-8f8e-49cf4d096254-grc-manager.md new file mode 100644 index 0000000..b143c34 --- /dev/null +++ b/jobs/imported/rippling/rippling-wwwcarbon3aicareers-9c0d8cc1-250a-487f-8f8e-49cf4d096254-grc-manager.md @@ -0,0 +1,103 @@ +--- +title: "GRC Manager" +company: "Era4" +slug: "rippling-wwwcarbon3aicareers-9c0d8cc1-250a-487f-8f8e-49cf4d096254-grc-manager" +status: "published" +source: "Rippling" +sources: + - "Rippling" +source_url: "https://ats.rippling.com/wwwcarbon3aicareers/jobs" +role_url: "https://ats.rippling.com/wwwcarbon3aicareers/jobs/9c0d8cc1-250a-487f-8f8e-49cf4d096254" +apply_url: "https://ats.rippling.com/wwwcarbon3aicareers/jobs/9c0d8cc1-250a-487f-8f8e-49cf4d096254" +posted_date: "2026-03-10" +expires_date: "2026-04-09" +location: "London (Hybrid) | United Kingdom - Hybrid (Visit to London office required) " +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "PCI-DSS" + - "HIPAA" + - "GDPR" +languages: [] +compensation: "" +summary: "Era4 develops, owns and operates AI infrastructure across the UK, powered by renewable energy. Converting legacy industrial and energy sites into modern data-centre facilities,..." +--- + +Era4 develops, owns and operates AI infrastructure across the UK, powered by renewable energy. Converting legacy industrial and energy sites into modern data-centre facilities, Era4 is combining brownfield regeneration opportunities with cleaner, efficient, scalable compute capacity for healthcare, research, finance, enterprise, and public-sector organisations + +Role Summary: + +This role is responsible for building and operationalising our governance, quality, risk, security, and regulatory compliance programme, ensuring our platform meets UK and global regulatory standards (e.g., EU AI Act, GDPR, HIPAA, CCPA, DORA) and the specialised needs of regulated and public‑sector clients with strict regulatory, security and sovereignty requirements. + +This role blends regulatory intelligence, AI governance, corporate risk management, and cloud infrastructure compliance, you will collaborate deeply across engineering, security, legal, product, and operations teams to embed robust GRC controls across data centre, energy generation, GPU cluster environments, and customer onboarding and delivery models. + +You will be instrumental in ensuring Era4 meets these high standards, and can provide credible assurance to customers, auditors and regulators. This is an opportunity to join a mission-led AI business that is redefining infrastructure, intelligence, and impact for enterprise customers. + +Key Responsibilities: + +Governance and frameworks: + +- Maintain governance, risk, and compliance frameworks, including regulatory horizon scanning (EU AI Act, ATAA, GDPR, CCPA, HIPAA, DORA). +- Keep policies, standards, and procedures up to date and aligned with operational realities. +- Document ownership, accountability, and escalation paths for GRC matters and support reporting for operational leadership. + +Corporate risk management: + +- Operate the corporate risk management process, including risk identification and assessment with operational teams. +- Maintain the corporate risk register and track mitigations and actions. +- Escalate material risks and support risk input into operational change initiatives. + +Compliance and assurance: + +- Support the ISMS, BMS, EMS and other management systems with ISO 27001 as a baseline. +- Coordinate internal and external audits and manage audit evidence. +- Track remediation actions and support responses to customer security and compliance requests. + +Operational collaboration: + +- Act as a day‑to‑day GRC partner to Operations, Facilities, Engineering, Security and IT. +- Provide practical guidance on risk and compliance expectations. +- Support incident reviews, business continuity, and operational resilience assurance. + +Continuous improvement: + +- Identify opportunities to improve GRC processes, tooling, reporting, and documentation. +- Monitor regulatory and standards changes and highlight operational impacts. +- Help embed a risk‑aware culture across Operations and the wider business. + +Essential Experience: + +- Expertise working in a governance, risk, compliance, or assurance role within IT/cloud services for a regulated, operational, or infrastructure heavy environment. +- Hands on experience supporting ISO 27001, ISO9001, or other ISO certifications live operational settings. +- Strong understanding of UK an EU regulatory frameworks as they apply to Era4 and it’s customers (GDPR, UK GDPR, NIS, NIS2, DORA etc). +- Familiarity with UK government high‑assurance security requirements and Critical National Infrastructure requirements. +- Experience participating in external audits and assurance activities. +- Understanding of operational risk in technical or facilities based environments. +- Comfortable establishing cyber incident response playbooks. + +One or more would be an advantage: + +- Led or significantly shaped parts of a GRC or compliance programme. +- Exposure to multiple frameworks or assurance models such as SOC 2, PCI DSS, or similar. +- Experience in high performance computing, data centres, cloud infrastructure, telecommunications, or other high availability environments. +- Experience supporting large customer assurance or due diligence processes. +- Exposure to physical security, operational resilience, or critical facilities risk. +- Experience scaling or maturing GRC processes in a growing organisation. +- Familiarity with UK government high‑assurance security requirements. + +Why Join Era4: + +You’ll be joining a mission-driven start-up building critical national infrastructure, where operational excellence directly enables growth. This role offers high visibility with leadership, real autonomy, and the chance to shape how a next-generation company operates at scale. + +Diversity & Inclusion : + +Era4 is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. diff --git a/jobs/imported/workable/workable-1kosmos-fdd95a847d-it-and-information-security-compliance-manager-automation-and-certifications.md b/jobs/imported/workable/workable-1kosmos-fdd95a847d-it-and-information-security-compliance-manager-automation-and-certifications.md new file mode 100644 index 0000000..89ccb94 --- /dev/null +++ b/jobs/imported/workable/workable-1kosmos-fdd95a847d-it-and-information-security-compliance-manager-automation-and-certifications.md @@ -0,0 +1,103 @@ +--- +title: "IT & Information Security Compliance Manager (Automation & Certifications)" +company: "1kosmos" +slug: "workable-1kosmos-fdd95a847d-it-and-information-security-compliance-manager-automation-and-certifications" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/1kosmos" +role_url: "https://apply.workable.com/j/FDD95A847D" +apply_url: "https://apply.workable.com/j/FDD95A847D/apply" +posted_date: "2025-11-13" +expires_date: "2025-12-13" +location: "Edison, New Jersey, United States" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "ISO 27001" + - "NIST 800-53" +languages: + - "Rust" +compensation: "" +summary: "Are you ready to shape the future of authentication? Join 1Kosmos and help lead the next wave in identity assurance and passwordless innovation. 1Kosmos is driving the future of..." +--- + +Are you ready to shape the future of authentication? Join 1Kosmos and help lead the next wave in identity assurance and passwordless innovation. + +1Kosmos is driving the future of identity security, empowering organizations to eliminate passwords and establish trust at every step of the identity lifecycle. As a vibrant team of innovators, we develop advanced authentication solutions trusted by some of the world’s leading brands. Join us as we create a passwordless world and set new standards for digital identity assurance. + +We are seeking an IT & Information Security Compliance Manager to own and strengthen our company’s security and compliance posture across frameworks such as SOC 2, ISO 27001, FedRAMP High, and NIST. + +This is a hands-on operational leadership role (not a CISO), focused on ensuring audit readiness, control implementation, IT governance, and continuous improvement of our security programs. The ideal candidate will combine a strong understanding of infrastructure and security controls with experience automating compliance workflows using tools like Drata or Vanta. + +Requirements + +Key Responsibilities + +- Lead and maintain enterprise security and compliance programs aligned with SOC 2, ISO 27001/27002, FedRAMP High, and NIST 800-53/171 frameworks. + +- Build and manage automated compliance monitoring and evidence collection through Drata, Vanta, or equivalent platforms; integrate these with internal systems (ticketing, HRIS, cloud providers, etc.). + +- Prepare for and manage SOC 2 Type I/II, ISO audits, and FedRAMP readiness assessments: gap analysis, documentation, remediation, and control testing. + +- Partner with IT Operations and Engineering to ensure security controls are embedded in infrastructure, cloud, network, and identity systems. + +- Maintain and update security policies, SSPs, POA&Ms, and other audit documentation. + +- Oversee incident response, change management, and vendor risk programs to ensure consistent compliance coverage. + +- Manage relationships with external auditors and compliance assessors. + +- Define and track metrics for audit readiness, risk posture, and compliance automation efficiency. + +- Stay current with evolving compliance frameworks and technologies that can improve assurance automation. + +- Champion security awareness, training, and continuous improvement across the organization. + +Qualifications + +Must-Have + +- 6 + years of experience in IT security, compliance, or risk management within a SaaS or regulated technology environment. + +- Proven experience managing SOC 2 and ISO 27001 programs end-to-end; exposure to FedRAMP High or NIST 800-53 is a plus. + +- Hands-on use and administration of Drata, Vanta, Tugboat Logic, or equivalent compliance automation platforms. + +- Familiarity with AWS/Azure/GCP cloud environments, identity & access management, and IT operations. + +- Strong technical understanding of security controls: network, endpoint, access, configuration management, logging/monitoring, vulnerability management. + +- Excellent documentation and communication skills — able to translate control requirements into clear operational actions. + +- Experience leading internal or external audits and managing evidence collection efficiently. + +- Based in (or willing to relocate to) Edison, NJ and work on-site with our leadership and operations teams. + +Preferred + +- Certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, or FedRAMP Practitioner. + +- Experience managing or improving IT operations processes with a compliance lens. + +- Familiarity with compliance automation APIs or integration scripting is a bonus. + +Benefits + +- Benefits: + +- Comprehensive health, dental, and vision coverage +- 401(k) +- Paid time off +- Professional development budget +- Certification reimbursement diff --git a/jobs/imported/workable/workable-aretum-da85ad5c47-security-rmf-engineer.md b/jobs/imported/workable/workable-aretum-da85ad5c47-security-rmf-engineer.md new file mode 100644 index 0000000..86fe324 --- /dev/null +++ b/jobs/imported/workable/workable-aretum-da85ad5c47-security-rmf-engineer.md @@ -0,0 +1,95 @@ +--- +title: "Security / RMF Engineer" +company: "Aretum" +slug: "workable-aretum-da85ad5c47-security-rmf-engineer" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/aretum" +role_url: "https://apply.workable.com/j/DA85AD5C47" +apply_url: "https://apply.workable.com/j/DA85AD5C47/apply" +posted_date: "2026-04-06" +expires_date: "2026-05-06" +location: "McLean, Virginia, United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Cloud Security" + - "Identity & Access Management" +frameworks: + - "FedRAMP" + - "NIST 800-53" + - "HIPAA" +languages: + - "Rust" +compensation: "" +summary: "Public Trust Eligibility Required About Aretum Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across..." +--- + +Public Trust Eligibility Required + +About Aretum + +Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront. + +Job Summary + +Aretum is seeking a skilled and highly motivated Security / RMF Engineer. As a Security / RMF Engineer, you will ensure compliance with VA security requirements and manage the ATO lifecycle. + +Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements. + +Responsibilities + +- Develop and maintain RMF documentation (SSP, POA&M, SAR inputs) +- Map and implement security controls across system layers +- Coordinate with VA security stakeholders +- Support vulnerability scanning and remediation +- Enable continuous monitoring and compliance + +Requirements + +- RMF Framework: NIST 800-53, control families, tailoring +- ATO Process: SSP development, POA&M management, authorization workflows +- ServiceNow GRC (or similar): Documentation and tracking +- Cloud Security: AWS security controls, shared responsibility model +- Identity & Access Management: RBAC, least privilege, federation concepts +- Encryption: TLS, data-at-rest encryption, key management (KMS) +- Vulnerability Management: Scanning tools, remediation workflows +- Logging & Monitoring: SIEM integration (Splunk, Datadog concepts) +- Network Security: Segmentation, ingress/egress control, TIC awareness +- Compliance Standards: HIPAA awareness, FISMA/FEDRAMP basics +- DevSecOps Integration: Security in CI/CD pipelines +- Risk Assessment: Identifying and documenting system risks and mitigations + +Travel Requirements This is a remote position; however, occasional travel may be required based on project needs, client meetings, team collaboration events, or training sessions. Travel is expected to be less than 10% and will be communicated in advance whenever possible. + +EEO Statement + +Aretum is committed to fostering a workplace rooted in excellence, integrity, and equal opportunity for all. We adhere to merit-based hiring practices, ensuring that all employment decisions are made based on qualifications, skills, and ability to perform the job, without preference or consideration of factors unrelated to job performance. + +As an Equal Opportunity Employer, Aretum complies with all applicable federal, state, and local employment laws. + +We are proud to support our nation’s veterans and military families, providing career opportunities that honor their service and experience. + +If you require reasonable accommodation during the hiring process due to a disability, please contact hr@aretum.com (mailto:hr@aretum.com) for assistance. + +Equal Opportunity Employer/Veterans/Disabled + +U.S. Work Authorization + +Due to federal contract requirements, only U.S. citizens are eligible for this position. This position supports a federal government contract and requires the ability to obtain and maintain a Public Trust or Suitability Determination, depending on the agency’s background investigation requirements. + +Benefits + +- Health Care Plan (Medical, Dental & Vision) +- Retirement Plan (401k) +- Life Insurance (Basic, Voluntary & AD&D) +- Paid Time Off +- Family Leave (Maternity, Paternity) +- Short Term & Long-Term Disability +- Training & Development diff --git a/jobs/imported/workable/workable-assurity-trusted-solutions-7299dbfee8-cybersecurity-engineer-grc-manager.md b/jobs/imported/workable/workable-assurity-trusted-solutions-7299dbfee8-cybersecurity-engineer-grc-manager.md new file mode 100644 index 0000000..e31cd12 --- /dev/null +++ b/jobs/imported/workable/workable-assurity-trusted-solutions-7299dbfee8-cybersecurity-engineer-grc-manager.md @@ -0,0 +1,143 @@ +--- +title: "Cybersecurity Engineer (GRC Manager)" +company: "Assurity Trusted Solutions" +slug: "workable-assurity-trusted-solutions-7299dbfee8-cybersecurity-engineer-grc-manager" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/assurity-trusted-solutions" +role_url: "https://apply.workable.com/j/7299DBFEE8" +apply_url: "https://apply.workable.com/j/7299DBFEE8/apply" +posted_date: "2026-03-03" +expires_date: "2026-04-02" +location: "Singapore, Singapore, Singapore" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: [] +languages: + - "Rust" +compensation: "" +summary: "Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade. ATS offers a comprehensive..." +--- + +Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade. ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, governance and assurance services as well as managed processes. In a dynamic digital & cyber landscape where trust & collaboration is key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures. + +Responsibilities: + +GRC leadership & 2nd line of defence + +- Act as the de facto lead for GRC , shaping how we govern risk and compliance across managed products and platforms within the team’s remit. +- Operate as 2nd line of defence for ICT risk and controls providing independent challenge on risk, control design, and effectiveness. +- Partner closely with Product team to embed pragmatic security and compliance into day-to-day delivery. + +Security Plan governance and automation + +- Own the governance and standards for Security Plan submissions across CIOO and product teams – including templates, minimum evidence expectations, and quality benchmarks. +- Review Security Plans and supporting evidence , assess control coverage and implementation maturity, and Recommendation of Security Plan approvals to the stakeholders . +- Treat automation as an “always-on audit” : + +- Collaborate with product and platform teams to define the Security Plan evidence that should be checked automatically. +- Use automated checks to surface gaps, anomalies, and missing evidence, and drive remediation with product teams. + +- Track and report KPIs for Security Plan (e.g. coverage and consistency of controls, Security Plan cycle time, defect rates) across CIOO and product teams. + +ICT audit and evidence management + +- Design, implement, and own workflows for ICT audit, risk, and findings management. +- Structure and maintain knowledge and documentation spaces as the source of truth for: + +- ICT audit plans, scopes, and procedures +- Control descriptions and standard evidence templates +- Central repositories of audit evidence and Security Plan artefacts + +- Plan and execute thematic and product-level ICT audits under the CISO’s direction, independently assessing: + +- Whether required work has been completed +- Whether evidence provided by product teams is sufficient and reliable + +- Coordinate with internal audit (3rd line) on ICT/security audit engagements, facilitate evidence collection, and track closure of findings in the issue-tracking system. +- Provide regular management reporting on audit status, key risks, and trends to CIOO leadership and the CISO. + +Security policy ownership + +- Serve as author and custodian for key GovTech-wide security and technology policies under CIOO’s remit, for example: + +- Sandbox usage (development / test environments) +- AI coding practices and guardrails +- SaaS usage, onboarding, and clearance requirements + +- Own the policy lifecycle : drafting, stakeholder consultation, impact assessment, approval routing, publication, and periodic review. +- Translate policy into clear, practical guidance for product teams (e.g. how to comply in the issue-tracking and collaboration platforms, what “good” evidence looks like, what patterns and exceptions are acceptable). +- Monitor policy adoption and escalate material non-compliance or risk acceptances to the CISO where necessary. + +Security Education, Training and Awareness (SeTA) + +- Lead SeTA for GovTech HQ in alignment with CIOO’s cyber strategy and policies. +- Design and run targeted SeTA campaigns , including: + +- Phishing simulations and follow-up actions +- Security newsletters tailored to different audiences (e.g. tech vs non-tech) +- Brown-bag sessions / clinics to deep-dive into topics like SaaS usage, sandboxing, secure coding, and incident reporting. + +- Define and track SeTA KPIs (e.g. phishing susceptibility, completion rates, engagement metrics) and use insights to continually refine content and focus areas. + +Change management & stakeholder engagement + +- Champion a “new way of doing audit and GRC” using: + +- standard issue-tracking and collaboration tools as the primary systems of record for audit and evidence +- automated controls and analytics for continuous, data-driven assurance + +- Influence and negotiate with senior stakeholders (Product Directors, Application Owners, central functions) to adopt and sustain these new practices. +- Communicate complex policy and risk topics in clear, outcome-focused language , tailored to both technical and non-technical audiences. +- Provide clear, actionable recommendations to the CISO and CIOO leadership on risk, remediation priorities, and structural improvements. + +Requirements + +- At least 5 years of experience in Cybersecurity , preferably in a regulated or public-sector environment. +- Strong understanding of: + +- ICT governance and security controls across applications, infrastructure, and SaaS +- How product teams work (SDLC, agile delivery, cloud/SaaS usage) and where to embed controls without blocking delivery. + +- Comfortable acting as 2nd line of defence – providing independent challenge, validating evidence, and working constructively with 1st line teams and 3rd line internal audit. +- Practical experience with enterprise issue-tracking and collaboration platforms : + +- Designing or maintaining workflows, issue types, and dashboards for audit, risk, or compliance +- Structuring spaces/pages for policies, standards, and evidence repositories + +- Strong policy writing skills – able to draft clear, concise policies and standards, and translate them into playbooks, checklists, and working-level guidance. +- Experience in security awareness and training : + +- Designing or running phishing simulations +- Producing newsletters or comms +- Delivering talks or briefings is a plus. + +- Comfortable working with automation and AI-enabled tools (such as enterprise search platforms) to scale GRC and audit work. +- Excellent stakeholder management, influencing, and negotiation skills, with a track record of: + +- Leading change in how teams work (e.g. moving to issue-tracking- and collaboration-based evidence and audit) +- Challenging assumptions respectfully +- Finding pragmatic, risk-aware compromises. + +Join us and discover a meaningful and exciting career with Assurity Trusted Solutions! + +The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now". + +We thank you for your interest and please note that only shortlisted candidates will be notified. + +By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at: https://www.assurity.sg/ (https://www.assurity.sg/) or such other successor site. + +Benefits + +- A wholly-owned subsidiary of GovTech. +- We promote a learning culture and encourage you to grow and learn. +- Contract Staff enjoys the same benefits as Permanent Employees. diff --git a/jobs/imported/workable/workable-avint-6b8227b03e-senior-assessor-cybersecurity-compliance-lead-rmf-sme.md b/jobs/imported/workable/workable-avint-6b8227b03e-senior-assessor-cybersecurity-compliance-lead-rmf-sme.md new file mode 100644 index 0000000..ca1828a --- /dev/null +++ b/jobs/imported/workable/workable-avint-6b8227b03e-senior-assessor-cybersecurity-compliance-lead-rmf-sme.md @@ -0,0 +1,50 @@ +--- +title: "Senior Assessor (Cybersecurity Compliance Lead / RMF SME)" +company: "Avint" +slug: "workable-avint-6b8227b03e-senior-assessor-cybersecurity-compliance-lead-rmf-sme" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/avint" +role_url: "https://apply.workable.com/j/6B8227B03E" +apply_url: "https://apply.workable.com/j/6B8227B03E/apply" +posted_date: "2026-03-18" +expires_date: "2026-04-17" +location: "United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Identity & Access Management" +frameworks: + - "NIST CSF" + - "NIST RMF" +languages: [] +compensation: "" +summary: "Avint is hiring a Senior ISSO (Cybersecurity Compliance Lead / RMF SME) to support and protect critical federal systems within the HACS program. In this role, you’ll be part of a..." +--- + +Avint is hiring a Senior ISSO (Cybersecurity Compliance Lead / RMF SME) to support and protect critical federal systems within the HACS program. In this role, you’ll be part of a high-performing team leading Risk Management Framework (RMF) and Authority to Operate (ATO) efforts across mission-critical systems. You’ll work at the intersection of cybersecurity, compliance, and mission operations, ensuring systems are secure, authorized, and aligned with federal requirements + +Requirements + +- Minimum 8 years of experience in cybersecurity, information assurance, or compliance +- Extensive experience with NIST RMF, ATO processes, and system authorization +- Strong knowledge of federal cybersecurity frameworks and documentation (SSP, POA&M, SAR) +- Experience leading or overseeing security efforts across multiple systems +- Bachelor’s degree or equivalent work experience + +Benefits + +Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, a unique 401K plan, and generous PTO and Federal Holidays. + +Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development! + +Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. + +Salary $ based on experience diff --git a/jobs/imported/workable/workable-avint-70baeebd77-senior-controls-assessor-rmf-ato-expert.md b/jobs/imported/workable/workable-avint-70baeebd77-senior-controls-assessor-rmf-ato-expert.md new file mode 100644 index 0000000..a33648f --- /dev/null +++ b/jobs/imported/workable/workable-avint-70baeebd77-senior-controls-assessor-rmf-ato-expert.md @@ -0,0 +1,48 @@ +--- +title: "Senior Controls Assessor (RMF / ATO Expert)" +company: "Avint" +slug: "workable-avint-70baeebd77-senior-controls-assessor-rmf-ato-expert" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/avint" +role_url: "https://apply.workable.com/j/70BAEEBD77" +apply_url: "https://apply.workable.com/j/70BAEEBD77/apply" +posted_date: "2026-03-18" +expires_date: "2026-04-17" +location: "United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Identity & Access Management" +frameworks: + - "NIST RMF" +languages: [] +compensation: "" +summary: "Avint is hiring a Senior Cybersecurity Controls Assessor (RMF / ATO Expert) to support and protect critical federal systems within the HACS program. In this role, you’ll be part..." +--- + +Avint is hiring a Senior Cybersecurity Controls Assessor (RMF / ATO Expert) to support and protect critical federal systems within the HACS program. In this role, you’ll be part of a high-performing team responsible for assessing, validating, and authoring security controls in accordance with federal compliance frameworks. You’ll work at the intersection of cybersecurity, risk management, and compliance, helping ensure systems meet stringent security requirements and authorization standards. + +Requirements + +- Minimum 6 years of experience in cybersecurity, risk management, or security control assessment +- Experience conducting security control assessments and authorization activities (e.g., NIST RMF) +- Strong understanding of federal compliance standards and documentation +- Ability to develop and review security assessment reports and artifacts +- Bachelor’s degree or equivalent work experience + +Benefits + +Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, a unique 401K plan, and generous PTO and Federal Holidays. + +Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development! + +Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. + +Salary $ based on experience diff --git a/jobs/imported/workable/workable-avint-ef6b3035a9-assessor-cybersecurity-compliance-specialist-rmf.md b/jobs/imported/workable/workable-avint-ef6b3035a9-assessor-cybersecurity-compliance-specialist-rmf.md new file mode 100644 index 0000000..d9e86f0 --- /dev/null +++ b/jobs/imported/workable/workable-avint-ef6b3035a9-assessor-cybersecurity-compliance-specialist-rmf.md @@ -0,0 +1,47 @@ +--- +title: "Assessor (Cybersecurity Compliance Specialist / RMF)" +company: "Avint" +slug: "workable-avint-ef6b3035a9-assessor-cybersecurity-compliance-specialist-rmf" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/avint" +role_url: "https://apply.workable.com/j/EF6B3035A9" +apply_url: "https://apply.workable.com/j/EF6B3035A9/apply" +posted_date: "2026-03-18" +expires_date: "2026-04-17" +location: "United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" + - "Identity & Access Management" +frameworks: [] +languages: [] +compensation: "" +summary: "Avint is hiring an ISSO (Cybersecurity Compliance Specialist / RMF) to support cybersecurity compliance and risk management efforts within the HACS program. In this role, you’ll..." +--- + +Avint is hiring an ISSO (Cybersecurity Compliance Specialist / RMF) to support cybersecurity compliance and risk management efforts within the HACS program. In this role, you’ll help maintain system authorization, develop security documentation, and ensure systems meet federal cybersecurity standards. + +Requirements + +- Minimum 6 years of experience in cybersecurity, information assurance, or compliance +- Experience with RMF, ATO processes, and security documentation +- Strong understanding of federal cybersecurity standards +- Bachelor’s degree or equivalent work experience + +Benefits + +Joining Avint is a win-win proposition! You will feel the personal touch of a small business and receive BIG business benefits. From competitive salaries, full health, a unique 401K plan, and generous PTO and Federal Holidays. + +Additionally, we encourage every Avint employee to further their professional development. To assist you in achieving your goals, we offer reimbursement for courses, exams, and tuition. Interested in a class, conference, program, or degree? Avint will invest in YOU and your professional development! + +Avint is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity and Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. + +Salary $ based on experience diff --git a/jobs/imported/workable/workable-classwallet-90191c5d53-director-of-security-and-compliance.md b/jobs/imported/workable/workable-classwallet-90191c5d53-director-of-security-and-compliance.md new file mode 100644 index 0000000..e0eecfa --- /dev/null +++ b/jobs/imported/workable/workable-classwallet-90191c5d53-director-of-security-and-compliance.md @@ -0,0 +1,92 @@ +--- +title: "Director of Security and Compliance" +company: "Classwallet" +slug: "workable-classwallet-90191c5d53-director-of-security-and-compliance" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/classwallet" +role_url: "https://apply.workable.com/j/90191C5D53" +apply_url: "https://apply.workable.com/j/90191C5D53/apply" +posted_date: "2026-02-27" +expires_date: "2026-03-29" +location: "United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "NIST 800-53" +languages: [] +compensation: "" +summary: "ClassWallet, a leading financial technology company in the United States, is seeking to hire a Director of Security and Compliance to join our team. ClassWallet is a financial..." +--- + +ClassWallet, a leading financial technology company in the United States, is seeking to hire a Director of Security and Compliance to join our team. + +ClassWallet is a financial technology company serving agencies delegated responsibility to manage public funds. Agencies use ClassWallet to get public funds to the right people, and ensure the funds are used for the right purpose. ClassWallet’s suite of products and services empowers agency administrators to dramatically increase efficiency of funds distribution and spend compliance, reduce programmatic costs, maximize the full potential impact of the program, and satisfy the needs and expectations of policymakers, constituents and public reporting. ClassWallet has processed over $3.5 Billion to date and serves public agencies across 33 states. + +The Company has developed an industry-defining digital wallet solution which has gained rapid traction among state and local agencies and school districts across America. ClassWallet ranks as the 61st fastest growing software company on the prestigious Inc. 5000 list of fastest-growing private companies and the 21st fastest growing financial technology company on the Deloitte Technology Fast 500 in 2023. + +While the Company delivers immense business value, the social impact of ClassWallet is a fabric that runs through its mission and corporate culture. As a result of ClassWallet’s innovation, public programs run with exponentially more efficiency and the impact and breadth of the programs for the individuals they serve is dramatically higher. This mission compliments the Company mission-based culture with focus on gratitude and work-life balance. + +About the Role + +The Director of Security and Compliance is a critical role reporting directly to the Chief Legal Counsel. This individual will be the organization's expert in government security frameworks, responsible for achieving and maintaining high-level government certifications. This role uniquely blends legal compliance, rigorous security operations, and direct partnership with the Product and Engineering teams to ensure our solutions meet the stringent FedRAMP/GovRamp requirements from inception through deployment. + +Responsibilities + +Government Compliance Leadership (FedRAMP/GovRamp Critical) + +- FedRAMP Ownership: Own the entire process for maintaining and managing FedRAMP/GovRamp authorizations, including control implementation, documentation (e.g., System Security Plan - SSP), continuous monitoring, and annual audits (A&A). +- Audit Management: Serve as the primary point of contact for all external security and compliance audits (including SOC 2 Type II), coordinating efforts between auditors, legal counsel, and technical teams to ensure successful outcomes and high-quality evidence collection. +- Compliance Program Management: Design, implement, and lead the corporate security compliance program, ensuring adherence to the specific controls required by all key frameworks. + +Product Security & Implementation Review + +- Security-by-Design Review: Collaborate closely with the Product Management and Engineering teams, reviewing product roadmaps, features, and architectures to ensure security and government compliance (especially FedRAMP/GovRamp controls) are integrated from the initial design phase (Security-by-Design). +- Product Requirements Translation: Translate complex regulatory and certification controls into clear, actionable technical requirements and user stories for product development teams. +- Risk Mitigation: Conduct risk assessments on product features, third-party integrations, and new technologies to proactively identify and mitigate compliance and security risks before product launch. + +Legal, Policy & Governance Support + +- Contractual Review: Support the Legal Team by critically reviewing and negotiating security and privacy clauses in customer contracts, RFPs, vendor agreements, and data processing addendums (DPAs), specifically pertaining to government and regulated clients. +- Policy & Training: Develop, document, and enforce comprehensive security, privacy, and data governance policies. Conduct targeted training for teams involved in government-facing products. +- Executive Reporting: Provide regular, executive-level reports to the Chief Legal Counsel on the status of compliance efforts, identified risks, and strategic security posture. + +Requirements + +- 5+ years of progressive experience in Information Security and IT Audit/Compliance. +- Extensive, hands-on experience successfully managing, documenting, and maintaining FedRAMP/GovRamp authorizations (preferably Moderate or High baselines). +- Proven expertise in managing other core compliance frameworks, including SOC 2 Type II. +- Demonstrated experience in a product-focused environment, directly influencing security requirements and architecture during the software development lifecycle (SDLC). +- Experience working in a regulated industry or supporting highly sensitive data environments. + +Desired Certifications + +- CISSP (Certified Information Systems Security Professional) +- CISM (Certified Information Security Manager) +- CRISC (Certified in Risk and Information Systems Control) +- CISA (Certified Information Systems Auditor) + +Core Competencies + +- Regulatory Mastery: Deep, current understanding of security standards (NIST SP 800-53, CSF) and relevant government regulations. +- Influence & Partnership: Exceptional ability to work cross-functionally, influencing Product and Engineering without direct reporting authority over those teams. +- Executive Communication: Superior ability to distill complex technical and compliance issues into clear business and legal risks for executive-level decision-makers. + +Benefits + +ClassWallet is a positive, family-oriented team environment. Our focus is on encouragement, positive reinforcement, and gratitude. We work hard and are highly motivated to win but with a healthy perspective on life. + +We offer an excellent salary and benefits commensurate with experience. + +ClassWallet.com is proud to be an Equal Opportunity Employer. Applicants are considered for all positions without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, marital or veteran status. diff --git a/jobs/imported/workable/workable-emergent-group-5d30cd4527-risk-and-compliance-engineer-lead-senior-experienced-full-time-or-part-time.md b/jobs/imported/workable/workable-emergent-group-5d30cd4527-risk-and-compliance-engineer-lead-senior-experienced-full-time-or-part-time.md new file mode 100644 index 0000000..b9583e3 --- /dev/null +++ b/jobs/imported/workable/workable-emergent-group-5d30cd4527-risk-and-compliance-engineer-lead-senior-experienced-full-time-or-part-time.md @@ -0,0 +1,99 @@ +--- +title: "Risk and Compliance Engineer - Lead/Senior/Experienced - Full time or Part Time" +company: "Emergent Group" +slug: "workable-emergent-group-5d30cd4527-risk-and-compliance-engineer-lead-senior-experienced-full-time-or-part-time" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/emergent-group" +role_url: "https://apply.workable.com/j/5D30CD4527" +apply_url: "https://apply.workable.com/j/5D30CD4527/apply" +posted_date: "2026-02-11" +expires_date: "2026-03-13" +location: "Greater Newcastle, New South Wales, Australia" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Audit & Assurance" +frameworks: [] +languages: [] +compensation: "" +summary: "About Us Advitech, part of Emergent Group, has delivered engineering excellence for nearly 40 years. We value integrity, respect, and collaboration—working across diverse..." +--- + +About Us + +Advitech, part of Emergent Group, has delivered engineering excellence for nearly 40 years. We value integrity, respect, and collaboration—working across diverse industries to deliver outstanding outcomes. Joining us means access to complex projects, multidisciplinary expertise, and opportunities to grow your career. + +The Opportunity - Risk and Compliance Engineer + +Advitech is expanding our risk and compliance capability to support our strong and growing pipeline of work. As a Risk and Compliance Engineer, you’ll work with clients in manufacturing, renewables, mining and local government, delivering audits, hazard assessments, and regulatory reports. Reporting to our Risk and Functional Safety Group Lead, you’ll manage projects end-to-end, ensuring technical quality, compliance, and commercial success. Getting out from behind the desk, you’ll have the opportunity to interact with a diverse range of customers, as you help them meet their compliance goals. You’ll contribute to business development and continuous improvement, while being supported in your professional growth. + +About You + +You’re an experienced Engineer with a strong background in manufacturing, resources, auditing and/or consulting. You excel at solving technical challenges that improve safety and productivity, and you’re skilled in managing projects and resources. Your expertise spans design, safety, hazard assessments, and compliance. You’re eager to keep learning and contribute to the success of the Advitech. + +Key Responsibilities - What you'll be doing + +- Delivering risk and compliance projects to a high technical standard +- Participating in technical appraisals, reviews and project audits +- Preparing cost estimates and/or proposals +- Managing project budgets, risks, resources and profitability +- Supporting job performance and provide input for project performance reviews +- Supporting business development, quality, performance and staff development strategies +- Communicating effectively with leadership team, colleagues, customers and key stakeholders, including translating complex engineering into simple language +- Managing relationships with existing clients and identify opportunities to grow our business + +Requirements + +We're looking for a Lead, Senior or Experienced Engineer with the following: + +- Tertiary engineering qualification recognised by Engineers Australia +- Chartered Professional Engineer (CPEng) or eligibility to attain CPEng +- Experience working in a manufacturing, mining or risk management role +- Existing qualifications in hazardous areas, functional safety, auditing or interest in attaining such qualifications +- Proven track record in delivering risk, compliance and auditing projects to a high technical standard, with adherence to engineering principles, legal requirements and industry standards +- Demonstrated critical thinking and analytical skills with strong attention to detail +- Demonstrated project management skills including budget, risk management and reporting, and the ability to manage conflicting priorities whilst delivering on key milestones and deadlines +- Highly developed interpersonal, verbal and written communication skills including the ability to work effectively, collaboratively and positively within a close team +- Proficient in MS Office and project reporting systems +- Current unrestricted drivers licence (motor vehicle) + +Engineers meeting the following desirable criteria will be highly regarded: + +- Relevant engineering experience in, manufacturing, mining, oil and gas, chemical processing industry or other +- Experience in the application or auditing of equipment against machinery safety and Functional Safety standards +- Experience or interest in real world application of cybersecurity for Operational Technology (OT) or AI systems +- Experience and formal training competencies in facilitating workshops (risk assessments, process improvement) + +About the Position + +Position Type: Permanent - Full Time or Part Time – you decide! Reports To: Group Leader - Risk and Functional Safety Start Date: flexible Location: Advitech office, located in the Emergent Group Headquarters, Newcastle. Flexible work practices apply for this role. Salary : base salary plus superannuation and generous income protection insurance, wellbeing vouchers, employee referral program bonus, overtime options, professional membership training, and more. + +Benefits + +The wellbeing of our people is our highest priority. When you join us, you become part of Emergent Group Australia, which means you’ll be surrounded by people who help you achieve a meaningful career. + +We've designed our benefits to support your wellbeing, lifestyle and career goals. + +- Flexibility is built in. Whether it’s flexible start/finish times, a 4-day week or one day from home, you’ll be able to balance work to support your personal life. +- Wellbeing vouchers every year – for gym or swimming pool membership, fitness equipment or relaxation therapies to help you stay healthy and energised. +- Access to training, mentoring, and support to help you grown your skills and advance your career. +- 24/7 confidential Employee Assistance Program for you and your immediate family to help you maintain your emotional and psychological wellbeing. + +Make a Real Impact + +We are tackling complex challenges that require smart, connected teams. Integrity, collaboration, and purpose drive everything we do—because solving real world problems starts with the right people. + +Interested? Apply Now + +If you have the legal right to live and work in Australia, and want to be part of our dynamic team, submit your resume and cover letter addressing how you meet the requirements for this role. + +We are a Responsive Employer. We appreciate the time and effort it takes to prepare and submit your application, and in return we carefully consider and provide responses to each and every applicant. We don’t just contact the short-listed candidates, or leave you wondering. If you are not suitable for this role, we will keep your details on file for future roles. + +We are proud to be a Veteran Employer of Choice. diff --git a/jobs/imported/workable/workable-euronet-aca65535c8-security-grc-senior-analyst.md b/jobs/imported/workable/workable-euronet-aca65535c8-security-grc-senior-analyst.md new file mode 100644 index 0000000..1d0881c --- /dev/null +++ b/jobs/imported/workable/workable-euronet-aca65535c8-security-grc-senior-analyst.md @@ -0,0 +1,95 @@ +--- +title: "Security GRC Senior Analyst" +company: "Euronet" +slug: "workable-euronet-aca65535c8-security-grc-senior-analyst" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/euronet" +role_url: "https://apply.workable.com/j/ACA65535C8" +apply_url: "https://apply.workable.com/j/ACA65535C8/apply" +posted_date: "2026-02-02" +expires_date: "2026-03-04" +location: "Leawood, Kansas, United States" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "ISO 27001" + - "NIST CSF" + - "PCI-DSS" +languages: + - "Rust" +compensation: "" +summary: "Euronet facilitates the movement of payments around the world and serves as a critical link between our partners – financial institutions, retailers, service providers – and their..." +--- + +Euronet facilitates the movement of payments around the world and serves as a critical link between our partners – financial institutions, retailers, service providers – and their end consumers, both locally and globally. + +We’re looking for a Security GRC Senior Analyst to help lead and mature our security governance, risk, and compliance programs across multiple business units, including CoreCard, EUSA, EFT Americas, and Euronet Services LLC. + +This is asenior individual contributor role for someone who enjoys rolling up their sleeves, partnering with the business, and keeping security programs audit-ready, customer-aligned, and operationally effective. + +This role will be based in Atalanta on-site or in Leawood, KS. + +### What You’ll Do + +- Own and continuously improve security governance and compliance programs across assigned entities +- Lead audit and certification efforts (PCI DSS, ISO 27001, SOC, SOX ITGC, Internal Audit), including readiness, evidence, and remediation tracking +- Act as the primary liaison for auditors, control owners, and leadership +- Identify and manage entity-level security risks, contributing directly to Enterprise Risk Assessments (ERA) +- Coordinate third-party and vendor security risk activities using OneTrust +- Own customer security compliance, ensuring contractual requirements align to internal controls and evidence +- Maintain dashboards, metrics, and reporting in GRC tools (Hyperproof, OneTrust, Fence) +- Partner cross-functionally with IT, Engineering, Legal, Privacy, Procurement, and Audit teams +- Collaborate withglobal GRC leadership on shared initiatives + +### What Success Looks Like + +- Continuous audit readiness with minimal fire drills +- Audits completed on time with no coverage gaps +- Clear ownership and timely remediation of control gaps and vendor risks +- Business teams understand and own their compliance responsibilities +- Customer security obligations are consistently met with strong evidence + +Requirements + +- Bachelor’s degree or equivalent GRC/security experience + +- 3+ years in Security GRC, IT audit, or compliance program management +- Working knowledge of PCI DSS, SOX, SOC, ISO 27001, NIST CSF, or similar frameworks +- Experience managing audits, evidence, and control remediation +- Strong communication skills across technical and non-technical teams +- Ability to juggle priorities in a multi-entity, distributed environment +- Up to 30% domestic US travel and could include minimal international travel + +Nice to Have + +- Experience with OneTrust, Hyperproof, or similar GRC platforms +- Background in financial services, payments, or regulated industries +- Vendor risk management experience + +Benefits + +- 401(k) Plan +- Health/Dental/Vision Insurance +- Employee Stock Purchase Plan +- Company-paid Life Insurance +- Company-paid disability insurance +- Tuition Reimbursement +- Paid Time Off +- Paid Volunteer Days +- Paid Holidays +- Casual Office Attire +- Plus many more employee perks & incentives! + +We are an Equal Opportunity Employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, or national origin, age, disability status, genetic information, protected veteran status, or any other characteristic protected by law. + +All application materials including that which is submitted on our applicant tracking system, including resumes, cover letters, and responses, must accurately reflect your own qualifications and experience. The use of any false or misleading content - including any information that is created through the use of AI that is not a true and accurate description of your skills, qualifications, or experience - is strictly prohibited. By submitting your application, you certify that all information provided is truthful and created by you. Any violation may result in disqualification from the recruitment process. If your employment has already begun and it is later discovered that you misrepresented your skills or qualifications, whether through false information or AI‑generated content, this may result in disciplinary action toward you, including but not limited to the termination of your employment. diff --git a/jobs/imported/workable/workable-luminance-1-f43d2c4e53-compliance-analyst.md b/jobs/imported/workable/workable-luminance-1-f43d2c4e53-compliance-analyst.md new file mode 100644 index 0000000..e1e907f --- /dev/null +++ b/jobs/imported/workable/workable-luminance-1-f43d2c4e53-compliance-analyst.md @@ -0,0 +1,87 @@ +--- +title: "Compliance Analyst" +company: "Luminance 1" +slug: "workable-luminance-1-f43d2c4e53-compliance-analyst" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/luminance-1" +role_url: "https://apply.workable.com/j/F43D2C4E53" +apply_url: "https://apply.workable.com/j/F43D2C4E53/apply" +posted_date: "2026-02-19" +expires_date: "2026-03-21" +location: "Cambridge, England, United Kingdom" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "NIST RMF" + - "CMMC" +languages: + - "Rust" +compensation: "" +summary: "This is a fantastic opportunity to join Luminance, the pioneer of Legal-Grade™ AI for enterprise. Backed by internationally renowned VCs and named in both the Forbes AI 50 list of..." +--- + +This is a fantastic opportunity to join Luminance, the pioneer of Legal-Grade™ AI for enterprise. Backed by internationally renowned VCs and named in both the Forbes AI 50 list of ‘Most Promising Private AI Companies in the World’ and Inc. 5000’s ‘Fastest Growing Companies in America’, Luminance is disrupting the legal profession around the globe. + +Luminance is seeking a hands-on Compliance Analyst to support the operation and continuous improvement of our information security compliance programmes, including ISO/IEC 27001:2022, SOC 2 (Type I & II), and CMMC Level 1. + +This role is responsible for maintaining audit defensibility while ensuring compliance processes are proportionate, scalable, and aligned with business growth. The successful candidate will work closely with Security, Procurement, Legal, and Engineering teams to embed structured, pragmatic, and repeatable compliance practices across the organisation. + +Responsibilities + +Compliance Programme Management + +- Maintain and operate the ISO/IEC 27001:2022 ISMS. +- Support ongoing SOC 2 (Type II) and CMMC Level 1 compliance programmes. +- Manage compliance calendars, testing cycles, and control monitoring activities. +- Coordinate external audits (ISO surveillance/recertification, SOC 2, CMMC). + +Control Monitoring & Evidence Management + +- Perform periodic control checks and collect, validate, and organise audit evidence. +- Track nonconformities, findings, and corrective actions through to closure. +- Escalate material control gaps or risks to the Information Security Manager. + +Third-Party Risk & Supplier Due Diligence + +- Define and operate a proportionate, tiered supplier due diligence model. +- Work with Procurement to ensure appropriate questionnaires and documentation are issued and completed. +- Perform contextual risk assessments and provide compliance sign-off. +- Partner with Legal where contractual or regulatory review is required. + +Process Design & Scalability + +- Formalise structured, repeatable compliance workflows that scale with business growth. +- Identify opportunities to reduce manual effort through automation or process improvement. +- Maintain and evolve the risk register and remediation tracking processes. +- Support awareness and training initiatives to improve organisational compliance maturity. + +Requirements + +- Demonstrable experience in information security compliance, IT audit, or Governance, Risk & Compliance (GRC). + +- Working knowledge of ISO/IEC 27001:2022 and/or SOC 2 Trust Services Criteria. +- Experience supporting audits and managing evidence collection. +- Strong organisational, documentation, and stakeholder coordination skills. +- Ability to interpret regulatory and control requirements and translate them into practical business processes. +- Excellent written and verbal communication skills. + +Desirable (but not essential) + +- ISO 27001 Internal Auditor certification. +- Experience in SaaS or cloud-based environments. +- Familiarity with CMMC and NIST SP 800 frameworks. +- Working knowledge of risk management frameworks (ISO 31000, NIST RMF, FAIR). +- Experience with GRC platforms (e.g., Drata, Vanta, Secureframe). +- Exposure to AWS security controls. diff --git a/jobs/imported/workable/workable-mealsuite-b5b13270c4-information-technology-risk-management-specialist.md b/jobs/imported/workable/workable-mealsuite-b5b13270c4-information-technology-risk-management-specialist.md new file mode 100644 index 0000000..d11df1a --- /dev/null +++ b/jobs/imported/workable/workable-mealsuite-b5b13270c4-information-technology-risk-management-specialist.md @@ -0,0 +1,106 @@ +--- +title: "Information Technology Risk Management Specialist" +company: "Mealsuite" +slug: "workable-mealsuite-b5b13270c4-information-technology-risk-management-specialist" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/mealsuite" +role_url: "https://apply.workable.com/j/B5B13270C4" +apply_url: "https://apply.workable.com/j/B5B13270C4/apply" +posted_date: "2025-11-25" +expires_date: "2025-12-25" +location: "Dallas, Texas, United States" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Privacy" +frameworks: + - "NIST RMF" +languages: + - "Rust" +compensation: "CA$78,000 - CA$84,000" +summary: "MealSuite, an Inc. 5000 Fastest-Growing Company , is a privately owned SaaS organization comprising 200+ team members across the globe, with hub locations in Cambridge, ON,..." +--- + +MealSuite, an Inc. 5000 Fastest-Growing Company (https://www.mealsuite.com/press-room/inc-5000-fastest-growing-company) , is a privately owned SaaS organization comprising 200+ team members across the globe, with hub locations in Cambridge, ON, Canada, Dallas, TX, USA, and Ho Chi Minh City, Vietnam. Our suite of end-to-end foodservice technology solutions helps professionals across healthcare and aging services streamline their operations, save time, reduce food waste, and meet regulatory requirements, so they can focus on what matters most: improving the quality of patient and resident care. + +We’re looking for our next keen and innovative Information Technology Risk Management Specialist to join our Security, Privacy & Compliance team. Reporting to the Director, Security, Privacy & Compliance, you’ll be responsible to support ongoing delivery of IT Security, Privacy and Compliance risk management roadmap by acting as the Subject Matter Expert for IT risk management in three key domain areas, e.g. third party IT risk management, user cyber awareness and crypto agility. + +A day in the life as a Information Technology Risk Management Specialist: + +- Manage IT Risks – Promptly identify IT risks, develop appropriate remediation options and ensure effective deployment of IT risk management controls in key domain areas. Conduct IT risk assessments and support proactive ongoing management and compliance with governance frameworks and standards for third parties, cybersecurity tooling, user awareness trends and crypto agility posture. + +- Lead Third Party IT Risk Management Program – Act as the main point of contact for Third Party IT Risk Management, e.g. portfolio risk, control, performance and compliance posture monitoring and reporting. + +- Lead IT Risk Management Awareness and Training – Develop and deliver Cyber Awareness October Program components. Act as the main point of contact for User Cyber Training Program across the organization, e.g. ensure training content relevance and timeliness; support risks and controls alignment to target metrics; monitor and report trends. + +- Lead Crypto Agility Risk Management Program – Create and maintain the Crypto Posture Library across the organization, ensuring ongoing currency, completeness, accuracy and availability. Lead the development and delivery of the Cyrpto Agility Risk Management Program. + +- Ensure IT Risk Compliance – Develop, implement, monitor and track IT risk management controls and metrics to target compliance, timely identify and enable effectively remediation of deviations. + +If the below describe your knowledge, experience and character, this role could be for you: + +- I have knowledge of IT risk management frameworks, compliance standards, techniques, artefacts, and industry best practices. + +- I gained my knowledge through 2-3 years of experience in IT or third-party IT risk management, IT Governance, Risk, and Compliance, user cyber awareness, IT Risk reporting, or IT documentation. + +- I have experience with metrics development, measurement, reporting best practices, governance document management and IT risks and controls domains. + +- I’m familiar with cryptography or am very eager at exploring the emerging field of quantum computing and crypto agility. + +- I’m exceptional at analysing information critically, cross-functional collaboration globally and being adaptable and composed in the light of change management. + +- I’m extra passionate about continuously honing my knowledge, especially within the realm of IT risk management. + +- I have a proven ability to lead multiple projects concurrently, communicate effectively and collaboratively. + +- I’m willing to occasionally travel and have a valid passport and no travel restrictions that limit my ability to cross the border between Canada and the USA (and Vietnam if required for role). + +- I thrive in an agile environment that is constantly changing and encourages team members to collectively collaborate and communicate. + +- I love to be directly involved in projects and initiatives that offer continued learning and endless opportunity to express my ideas and build my leadership skills, + +We know imposter syndrome can be REAL when applying for a new role, but please don't let the confidence gap prevent you from taking a leap and applying for your dream job. Your future self will thank you! + +More to love about working at MealSuite: + +- We are passionate people that care about others. The heart of what we do comes down to our mission to Deliver smiles and satisfaction to the continuum of care through an all-in-one foodservice management technology. Learn more about what we do here (https://www.mealsuite.com/who-we-are). + +- We’ve built a progressive culture that values teamwork and innovation. We listen to all voices and entrust team members with tasks that make a significant impact on the communities we serve. + +- We’re growing sustainably. A career with MealSuite offers the innovation and agility of a startup matched with the stability of an established company in a growing industry. + +- We take care of our employees too! Here are just a few of the great things we offer: + +- Unlimited paid time off – yeah, you read that right! We trust our employees to build their own version of balance so they can feel rejuvenated to bring their best every day. + +- Health benefits – this includes medical, dental, and vision options, life & disability insurance, & paid maternity and parental leave. + +- Hybrid flexibility – we value the collaboration, mentorship and learning that come from physically working next to one another, as well as the benefits that remote work can offer. + +- Work-life balance – this is supported by the fact that more than 90% of current employees agree that their leader supports their wellbeing. + +- An inclusive workplace – women account for 53% of our employees and 58% of people leaders. + +- Participation in our equity program – we’d love for you to share in MealSuite's success as we continue to grow! + +- Opportunities for career development and advancement – we support our employees in pursuing and achieving their professional goals. + +- Purposeful work with a positive community impact – more than 90% of our North American employees agree that the company’s purpose aligns with their personal values. Learn more about our values at MealSuite.com/Careers (https://www.mealsuite.com/careers). + +More than an hour away from the office location? Apply anyway, and we can talk through your options! + +Compensation: $78,000.00–$84,000.00 CAD per year / $70,000 - $75,000 USD + +We want to ensure that every qualified individual has an equal opportunity to work with us. If you require accommodation to our application process, please contact accommodations@mealsuite.com. (mailto:contact%C2%A0accommodations@mealsuite.com.%C2%A0) + +MealSuite uses AI-assisted tools during parts of the hiring process, including screening and workflow automation. All final hiring decisions are made by people. + +This is a current vacancy, and we are actively hiring for this position. diff --git a/jobs/imported/workable/workable-optasia-58729e5a1d-governance-risk-and-compliance-grc-specialist-fintech.md b/jobs/imported/workable/workable-optasia-58729e5a1d-governance-risk-and-compliance-grc-specialist-fintech.md new file mode 100644 index 0000000..4f6de24 --- /dev/null +++ b/jobs/imported/workable/workable-optasia-58729e5a1d-governance-risk-and-compliance-grc-specialist-fintech.md @@ -0,0 +1,88 @@ +--- +title: "Governance, Risk & Compliance (GRC) Specialist, Fintech" +company: "Optasia" +slug: "workable-optasia-58729e5a1d-governance-risk-and-compliance-grc-specialist-fintech" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/optasia" +role_url: "https://apply.workable.com/j/58729E5A1D" +apply_url: "https://apply.workable.com/j/58729E5A1D/apply" +posted_date: "2026-03-31" +expires_date: "2026-04-30" +location: "Cairo, Cairo Governorate, Egypt" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "SOC 2" + - "ISO 27001" + - "GDPR" +languages: + - "Go" +compensation: "" +summary: "Optasia is a fully enabled B2B2X financial technology platform covering scoring, financial decisioning, disbursement and collection. We are committed to enabling financial..." +--- + +Optasia is a fully enabled B2B2X financial technology platform covering scoring, financial decisioning, disbursement and collection. We are committed to enabling financial inclusion for all. We are changing the world our way. + +We are seeking for enthusiastic professionals, with energy, who are results driven and have can-do attitude, who want to be part of a team of likeminded individuals who are delivering solutions in an innovative and exciting environment. + +As a member of the Information Security team in Optasia , your primary objective is to support the ongoing development and maturity of our ISO 27001:2022 and SOC 2 Type II programs as a motivated GRC Specialist. The successful candidate will play a key role in maintaining compliance, preparing for audits, and strengthening our company’s security culture through awareness and continuous improvement initiatives. + +This is a hands-on position, ideal for a professional with experience in governance, risk, and compliance activities within a technology-driven environment. + +What you will do Governance & Compliance + +- Maintain and enhance the company’s Information Security Management System (ISMS) aligned to ISO 27001:2022 . +- Support the planning, execution, and maintenance of SOC 2 Type II controls and evidence collection. +- Prepare and maintain compliance documentation (policies, procedures, guidelines, control matrices, risk registers). +- Coordinate and track compliance across departments, ensuring timely closure of audit findings and corrective actions. + +Audit Coordination + +- Act as the point of contact for internal and external audits (ISO 27001, SOC 2, customer and partner audits). +- Support and manage Customer Audit activities — including responding to security and compliance questionnaires, coordinating input from multiple departments, collecting, and validating evidence, and ensuring timely and accurate responses. +- Prepare structured evidence packages, liaise with control owners, and manage communications with auditors and customers. +- Conduct internal control reviews and readiness assessments ahead of certification or customer audits. + +Risk Management + +- Participate in regular risk assessments and reviews of security controls. +- Assist in maintaining the risk register, monitoring remediation plans, and validating control effectiveness. + +Awareness & Training + +- Coordinate and deliver security awareness initiatives for employees (e-learning, workshops, newsletters). +- Promote a risk-aware culture and support departmental champions to strengthen overall security posture. + +Continuous Improvement + +- Monitor changes in applicable regulations, standards, and best practices (ISO, SOC, GDPR, etc.) and recommend updates. +- Support automation and digitalization of compliance activities through GRC platforms and dashboards. +- Contribute to incident and issue management reviews to ensure lessons learned are captured and controls improved. + +What you will bring + +- At least 3 years of experience in GRC, Information Security, or Audit roles. +- Solid understanding of ISO 27001, SOC 2, and general IT security control frameworks (NIST, COBIT, etc.). +- Strong organizational skills and ability to coordinate across departments. +- Excellent written and verbal communication in English. +- Experience supporting or participating in audits and compliance assessments. +- Strong customer-facing and communication skills, with the ability to interact confidently with clients, auditors, and internal stakeholders. +- Conceptual understanding of key security technologiessuch asEDR, UTM/Firewall, SIEM, and Vulnerability Management systemsso to evaluate related controls and compliance evidence . + +Why you should apply + +What we offer: 💸 Competitive remuneration package 🏝 Extra day off on your birthday 💰 Performance-based bonus scheme 👩🏽‍⚕️ Comprehensive private healthcare insurance 📲 💻 All the tech gear you need to work smart + +Optasia’s Perks: 🎌 Be a part of a multicultural working environment 🎯 Meet a very unique and promising business and industry 🌌 🌠 Gain insights for tomorrow market’s foreground 🎓 A solid career path within our working family is ready for you 📚 Continuous training and access to online training platforms 🥳 CSR activities and festive events within any possible occasion 🍜 Enjoy comfortable open space restaurant with varied meal options every day 🎾 🧘‍♀️ Wellbeing activities access such as free on-site yoga classes, plus available squash court on our premises + +Optasia’s Values 🌟 #1 Drive to Thrive: Fully dedicated to evolving. We welcome all challenges and learning opportunities. #2 Customer-First Mindset: We go above and beyond to meet our partners’ and clients’ expectations. #3 Bridge the Gap: Knowledge is shared, information is exchanged and every opinion counts. #4 Go-Getter Spirit: We are results oriented. We identify any shortcomings that hold us back and step up to do what’s needed. #5 Together we will do it: We are committed to supporting one another and to understanding and respecting different perspectives, as we aim to reach our common goals. diff --git a/jobs/imported/workable/workable-qodeworld-425170d2a5-senior-manager-grc-governance-risk-and-compliance.md b/jobs/imported/workable/workable-qodeworld-425170d2a5-senior-manager-grc-governance-risk-and-compliance.md new file mode 100644 index 0000000..92285e9 --- /dev/null +++ b/jobs/imported/workable/workable-qodeworld-425170d2a5-senior-manager-grc-governance-risk-and-compliance.md @@ -0,0 +1,78 @@ +--- +title: "Senior Manager - GRC (Governance, Risk & Compliance)" +company: "Qodeworld" +slug: "workable-qodeworld-425170d2a5-senior-manager-grc-governance-risk-and-compliance" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/qodeworld" +role_url: "https://apply.workable.com/j/425170D2A5" +apply_url: "https://apply.workable.com/j/425170D2A5/apply" +posted_date: "2026-03-30" +expires_date: "2026-04-29" +location: "Haryana, Haryana, India" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "NIST RMF" +languages: [] +compensation: "" +summary: "Job Title: Senior Manager – GRC (Governance, Risk & Compliance) Location: Delhi / Gurgaon, India Employment Type: Full-Time Compensation: As per industry standards (Negotiable, in..." +--- + +### Job Title: Senior Manager – GRC (Governance, Risk & Compliance) + +### Location: Delhi / Gurgaon, India + +### Employment Type: Full-Time + +### Compensation: As per industry standards (Negotiable, in INR) + +### Job Summary + +We are seeking an experienced and highly skilled Senior Manager – GRC (Governance, Risk & Compliance) to join our team in Delhi/Gurgaon. The ideal candidate will bring strong expertise in risk management, regulatory compliance, and governance frameworks, with the ability to lead and drive enterprise-wide GRC initiatives. + +This role requires a seasoned professional capable of aligning business objectives with compliance requirements, ensuring robust risk mitigation strategies, and enhancing organizational governance practices. + +### Key Responsibilities + +- Lead and manage end-to-end GRC initiatives , including governance frameworks, risk assessments, and compliance programs +- Develop, implement, and maintain risk management frameworks and internal controls +- Ensure adherence to regulatory requirements, industry standards, and corporate policies +- Conduct enterprise risk assessments , identify gaps, and recommend mitigation strategies +- Oversee compliance audits , internal reviews, and remediation plans +- Collaborate with cross-functional teams to integrate GRC practices into business operations +- Provide strategic guidance to senior leadership on risk exposure and compliance posture +- Establish and monitor policies, procedures, and control mechanisms +- Drive continuous improvement in governance and compliance processes +- Manage stakeholder communication and reporting related to GRC activities + +### Required Qualifications & Experience + +- Bachelor's degree in Finance, Risk Management, Business Administration, IT, or a related field +- Master's degree or relevant certifications (e.g., CISA, CRISC, CISSP, CPA, or equivalent ) preferred +- 8–12+ years of experience in Governance, Risk & Compliance, with at least 3–5 years in a leadership role +- Strong understanding of risk frameworks, compliance standards, and audit processes +- Experience working with regulatory requirements and industry best practices +- Proven ability to lead teams and manage large-scale GRC programs +- Excellent analytical, problem-solving, and decision-making skills +- Strong stakeholder management and communication abilities + +### Preferred Skills + +- Experience with GRC tools and platforms +- Exposure to IT risk, cybersecurity, and data protection regulations +- Ability to operate in a fast-paced, dynamic environment +- Strong leadership and team management capabilities + +### Additional Information + +- Candidates must be based in India or willing to relocate to Delhi/Gurgaon diff --git a/jobs/imported/workable/workable-qodeworld-c1cabc85b0-senior-it-grc-auditor.md b/jobs/imported/workable/workable-qodeworld-c1cabc85b0-senior-it-grc-auditor.md new file mode 100644 index 0000000..eefe89c --- /dev/null +++ b/jobs/imported/workable/workable-qodeworld-c1cabc85b0-senior-it-grc-auditor.md @@ -0,0 +1,85 @@ +--- +title: "Senior IT/GRC Auditor" +company: "Qodeworld" +slug: "workable-qodeworld-c1cabc85b0-senior-it-grc-auditor" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/qodeworld" +role_url: "https://apply.workable.com/j/C1CABC85B0" +apply_url: "https://apply.workable.com/j/C1CABC85B0/apply" +posted_date: "2026-03-25" +expires_date: "2026-04-24" +location: "Chile" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Audit & Assurance" + - "Cloud Security" + - "Security Operations" +frameworks: + - "SOC 2" + - "ISO 27001" + - "HIPAA" +languages: [] +compensation: "" +summary: "Senior IT/GRC SOC 2 Auditor Colombia (Remote) *This is a fully remote position and is only available for people located in LATAM* Role Summary As a Senior IT/GRC Auditor, you’ll..." +--- + +Senior IT/GRC SOC 2 Auditor + +Colombia (Remote) + +*This is a fully remote position and is only available for people located in LATAM* + +Role Summary + +As a Senior IT/GRC Auditor, you’ll lead day-to-day activities for SOC 2 and other IT compliance engagements. You will guide staff, engage with clients, and play a key role in the delivery of high-quality audits and readiness assessments. + +Key Responsibilities + +- Lead ITGC and application control testing efforts + +- Guide and review work completed by junior team members + +- Perform walkthroughs, testing, and documentation for SOC 2, SOC 1, and HIPAA engagements + +- Identify control gaps and provide recommendations for remediation + +- Maintain strong client relationships through clear and proactive communication + +- Ensure timely progress updates and escalate issues to management + +Requirements + +- 3–4 years of experience performing IT audits, with a focus on ITGC and application controls + +- Strong working knowledge of SOC 2 and related frameworks + +- Bachelor’s degree in Accounting, MIS, Cybersecurity, or a related field + +- Strong client communication and project management skills + +- Bilingual in English required + +Nice to Have + +- Experience with GRC tools (e.g., Vanta, Drata, Secureframe) + +- Familiarity with cloud environments such as AWS, Azure, or GCP + +- Progress toward CISA, CPA, CISSP, ISO 27001 Lead Auditor + +Perks and Benefits + +- Remote work with flexible hours + +- Paid holidays and time off + +- Growth opportunities in a fast-paced firm + +- Bonus incentives tied to performance diff --git a/jobs/imported/workable/workable-sword-group-65c5d6a7c6-grc-analyst-security-governance-and-configuration.md b/jobs/imported/workable/workable-sword-group-65c5d6a7c6-grc-analyst-security-governance-and-configuration.md new file mode 100644 index 0000000..6183996 --- /dev/null +++ b/jobs/imported/workable/workable-sword-group-65c5d6a7c6-grc-analyst-security-governance-and-configuration.md @@ -0,0 +1,82 @@ +--- +title: "GRC Analyst (Security Governance & Configuration)" +company: "Sword Group" +slug: "workable-sword-group-65c5d6a7c6-grc-analyst-security-governance-and-configuration" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/sword-group" +role_url: "https://apply.workable.com/j/65C5D6A7C6" +apply_url: "https://apply.workable.com/j/65C5D6A7C6/apply" +posted_date: "2026-03-24" +expires_date: "2026-04-23" +location: "Aberdeen, Scotland, United Kingdom" +work_modes: + - "Hybrid / On-site" +job_types: + - "Contract" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "ISO 27001" + - "NIST 800-53" +languages: [] +compensation: "" +summary: "Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven..." +--- + +Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. + +About the role: + +As a GRC Analyst, you’ll play a key role in strengthening governance, risk, and compliance practices across a major energy network programme. This is a hands-on role where you’ll help shape how secure configuration and change management are defined, documented, and embedded across the organisation. + +You’ll be working at the intersection of cyber security, governance, and business change—translating complex security standards into clear, practical processes that teams can understand and adopt. From developing configuration management plans aligned to recognised standards, through to supporting rollout and communication across the business, your work will directly influence how security is applied in real-world operations. + +You’ll collaborate closely with security, change, and business teams, ensuring that governance processes are not only well-designed, but effectively implemented and understood. This is an opportunity to contribute to a high-impact programme, bringing structure, clarity, and consistency to critical security practices. + +As a GRC Analyst, you will: + +- Develop and document a Configuration Management Plan aligned to recognised standards such as NIST. +- Define and document roles and responsibilities across the 2nd Line of Defence, ensuring clarity and accountability. +- Support the rollout of configuration management processes, including communication, stakeholder engagement, and adoption. +- Document secure configuration policy principles, translating technical requirements into clear, accessible guidance. +- Review, refine, and communicate security policies to ensure alignment with organisational and regulatory expectations. +- Gather and interpret configuration compliance reports from monitoring tools to support governance activities. +- Enhance change management processes, including contributing to Change Advisory Board (CAB) inputs. +- Work closely with business change and communications teams to embed new processes effectively. +- Simplify complex security concepts into practical guidance for non-technical stakeholders. +- Maintain clear, structured documentation that supports ongoing governance and audit requirements. + +Requirements + +- Experience working with cyber security standards such as ISO 27001 or NIST frameworks (e.g. NIST 800-53). +- Understanding of secure configuration principles and cyber security policy development. +- Experience writing policies, procedures, or governance documentation within a security context. +- Strong documentation skills, with the ability to produce clear, structured, and usable outputs. +- Ability to understand and map process flows, including defining roles and responsibilities (e.g. RACI models). +- Strong communication skills, with the ability to translate technical concepts into business-friendly language. +- Experience collaborating with cross-functional teams, including security, change, and communications. + +It would be great if you also had: + +- Experience developing or implementing a Configuration Management Plan. +- Exposure to governance within large-scale transformation or regulated environments. +- Familiarity with compliance reporting and monitoring tools. +- Experience supporting change management processes or governance forums such as CAB. + +Benefits + +At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: + +- Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. +- Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. +- A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes. + +At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. + +#LI-PD1 diff --git a/jobs/imported/workable/workable-sword-group-8f9ddaa76f-cyber-security-governance-analyst.md b/jobs/imported/workable/workable-sword-group-8f9ddaa76f-cyber-security-governance-analyst.md new file mode 100644 index 0000000..fe6db3e --- /dev/null +++ b/jobs/imported/workable/workable-sword-group-8f9ddaa76f-cyber-security-governance-analyst.md @@ -0,0 +1,82 @@ +--- +title: "Cyber Security Governance Analyst" +company: "Sword Group" +slug: "workable-sword-group-8f9ddaa76f-cyber-security-governance-analyst" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/sword-group" +role_url: "https://apply.workable.com/j/8F9DDAA76F" +apply_url: "https://apply.workable.com/j/8F9DDAA76F/apply" +posted_date: "2026-03-25" +expires_date: "2026-04-24" +location: "Aberdeen, Scotland, United Kingdom" +work_modes: + - "Hybrid / On-site" +job_types: + - "Contract" +specializations: + - "Compliance Automation" + - "Security Governance" + - "Audit & Assurance" + - "Identity & Access Management" +frameworks: + - "ISO 27001" +languages: [] +compensation: "" +summary: "Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven..." +--- + +Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. + +About the role: + +This role sits at the heart of a major energy network programme, supporting the design and embedding of cyber security governance across the organisation. + +This is not a traditional audit-focused GRC role. Instead, you’ll take a hands-on approach to shaping how security frameworks are translated into real, working processes across the business—particularly in areas such as configuration management, secure configuration standards, and change governance. + +You’ll work closely with security, technology, and business teams to define policies, build governance structures, and ensure these are effectively adopted. This role requires someone who can move beyond theory—bringing clarity to complex security requirements and helping teams apply them in practice. + +As a Cyber Security Governance Analyst, you will: + +- Develop and document a Configuration Management Plan aligned to recognised frameworks such as NIST. +- Define and establish secure configuration principles, translating technical requirements into clear, actionable policy. +- Design and document governance processes, including roles and responsibilities across the 2nd Line of Defence. +- Support the rollout and adoption of governance frameworks, working closely with business change and communications teams. +- Enhance change management processes, including contributing to Change Advisory Board (CAB) inputs and governance controls. +- Work with stakeholders to embed security standards into day-to-day operations across technology and business teams. +- Gather and interpret configuration compliance data to support governance and assurance activities. +- Simplify complex security concepts into practical guidance that can be understood and applied by non-technical stakeholders. +- Maintain high-quality documentation to support audit, compliance, and continuous improvement. + +Requirements + +- Experience working within cyber security governance, policy, or security controls-focused roles. +- Strong understanding of security frameworks such as ISO 27001, NIST, and ideally exposure to CAF / Enhanced CAF. +- Experience writing or contributing to cyber security policies, standards and procedures. +- Ability to translate complex technical security concepts into simple, business-friendly language. +- Experience defining or working with process flows, governance structures and RACI models. +- Strong documentation skills, with a structured and detail-oriented approach. +- Experience working with stakeholders across both technical and non-technical teams. +- Exposure to regulated environments such as energy, utilities, critical infrastructure or financial services. + +It would be great if you also had: + +- Exposure to OT (Operational Technology) or industrial environments. +- Understanding of secure configuration principles or experience supporting configuration standards. +- Experience working with or contributing to a Configuration Management Plan. +- Experience supporting governance forums such as CAB or broader change governance processes. +- Experience supporting the rollout of new policies or governance processes across an organisation. + +Benefits + +At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: + +- Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. +- Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. +- A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes. + +At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. + +#LI-PD1 diff --git a/jobs/imported/workable/workable-sword-group-b70230b9ec-governance-risk-and-compliance-manager.md b/jobs/imported/workable/workable-sword-group-b70230b9ec-governance-risk-and-compliance-manager.md new file mode 100644 index 0000000..f9cb7d0 --- /dev/null +++ b/jobs/imported/workable/workable-sword-group-b70230b9ec-governance-risk-and-compliance-manager.md @@ -0,0 +1,74 @@ +--- +title: "Governance Risk & Compliance Manager" +company: "Sword Group" +slug: "workable-sword-group-b70230b9ec-governance-risk-and-compliance-manager" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/sword-group" +role_url: "https://apply.workable.com/j/B70230B9EC" +apply_url: "https://apply.workable.com/j/B70230B9EC/apply" +posted_date: "2026-03-03" +expires_date: "2026-04-02" +location: "London, England, United Kingdom" +work_modes: + - "Hybrid / On-site" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "ISO 27001" + - "NIST 800-53" + - "NIST CSF" + - "GDPR" +languages: + - "Rust" +compensation: "" +summary: "Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven..." +--- + +Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. + +About the role: + +The Governance Risk & Compliance Manager is primarily an operational role and will be required to operate with high levels of autonomy, effectively managing regulatory requirements, implementing risk management strategies, and promoting a culture of compliance based on continuous improvements. + +Key Responsibilities: + +- Develop and maintain GRC frameworks aligned with ISO 27001, NIST, GDPR, and NIS2 standards. + +- Conduct risk assessments across business units, vendors, and projects +- Monitor regulatory changes and ensure compliance with legal and contractual obligations +- Support business continuity and disaster recovery planning and testing +- Manage internal audits, compliance reporting, and remediation activities +- Coordinate GDPR compliance and data protection processes across the organisation +- Drive improvements in security culture through awareness and training +- Collaborate with stakeholders to identify and address control deficiencies + +Requirements + +Experience and Knowledge: + +- Substantial relevant experience in control management for governance, compliance, IT audits, IS assurance and risk management programmes. +- Understanding of regulatory requirements, including cross-industry regulations (e.g., GDPR, Data Protection Act) and industry-specific regulations. +- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework. +- Knowledge of OneTrust risk management toolset or similar preferred +- Proven ability to communicate with technical teams to elicit information and requirements. +- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk related concepts to technical and nontechnical audiences. +- CISA, CISM or equivalent. +- BSc or equivalent qualification in IT based degree + +Benefits + +At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: + +- Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. +- Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. +- A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes. + +At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. diff --git a/jobs/imported/workable/workable-tecsys-ed9721e73a-security-governance-risk-and-compliance-specialist.md b/jobs/imported/workable/workable-tecsys-ed9721e73a-security-governance-risk-and-compliance-specialist.md new file mode 100644 index 0000000..285a12b --- /dev/null +++ b/jobs/imported/workable/workable-tecsys-ed9721e73a-security-governance-risk-and-compliance-specialist.md @@ -0,0 +1,95 @@ +--- +title: "Security Governance, Risk and Compliance Specialist" +company: "Tecsys" +slug: "workable-tecsys-ed9721e73a-security-governance-risk-and-compliance-specialist" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/tecsys" +role_url: "https://apply.workable.com/j/ED9721E73A" +apply_url: "https://apply.workable.com/j/ED9721E73A/apply" +posted_date: "2026-02-11" +expires_date: "2026-03-13" +location: "Montreal, Quebec, Canada" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "FedRAMP" + - "SOC 2" + - "NIST CSF" + - "NIST RMF" + - "PCI-DSS" +languages: [] +compensation: "" +summary: "Having recognized the advantages of remote work, such as improved employee morale, increased productivity, and positive impacts on both employee wellbeing and the environment, we..." +--- + +Having recognized the advantages of remote work, such as improved employee morale, increased productivity, and positive impacts on both employee wellbeing and the environment, we are proud to be a digital-first company. Our digital-first work environment, combined with our conveniently located offices and collaborative workspaces, provides our team with the freedom and flexibility to work in the most productive way for them. + +### About us + +Tecsys is a fast-growing innovator offering supply chain solutions to industry leading healthcare systems, hospitals, and pharmacy businesses to distributors, retailers, and 3PLs. We work with industry leaders to transform their supply chains through technology. If you thrive on tackling interesting challenges with continuous learning opportunities, then Tecsys could be a good fit for you! + +### About the Role + +We are seeking a Security Governance, Risk and Compliance specialist who will be involved in defining how security can enable business initiatives, and how we should meet security best practices, as well as applicable various contractual and regulatory requirements. The successful candidate will be supporting the implementation of a security risk management framework. The GRC specialist’s role will also encompass the management of vendor risk and business continuity programs. As a security subject matter expert, you will recommend improvements to reduce, contain and mitigate identified risks, as well as partake in various business and security initiatives to improve Tecsys’s security maturity. + +### What you’ll do + +- Support continuous security risk management framework. +- Collaborate with technical teams for the development, implementation and monitoring of required corrective action plans relating to security compliance issues or audit deficiencies. +- Collaborate with stakeholders to define processes, automate and continuously monitor information security controls, exceptions, risks, testing and evidence gathering. +- Develop reporting metrics and dashboards. +- Help identify cyber risks and solve various governance gaps and process inefficiencies. +- Develop, execute and actively partake in internal and external security and compliance assessment initiatives such as SOC 2, PCI-DSS, NIST, FedRAMP +- Review and optimize vendor risk management program. +- Monitor existing controls and conduct periodic audits and reviews to ensure their efficiency and operating effectiveness, and to identify and report on potential issues. +- Collaborate with internal IT and business teams to identify cyber risks and prioritize security compliance-related improvements +- As security subject matter expert, support IT and cyber teams on the implementation of controls to meet security and privacy compliance requirements and best practices +- Support the development, review, update and optimization of security documentation. + +Requirements + +Formal Education & Certification + +- Bachelor’s degree in information systems or equivalent experience +- Minimum 3 years of cumulated hands-on experience + +Knowledge & Experience + +- Experience in the development and implementation of governance, risk and compliance strategy and security control framework. +- Experience in risk assessments and cyber risk management methodology/processes. +- Broad knowledge of defense in depth security concepts and best practices through practical experience. +- Proven experience conducting security audits such as SOC2 or PCI DSS. +- Experience with cybersecurity frameworks such as NIST, CIS. +- Good knowledge of business continuity process and planning. +- Familiarity with IP networking fundamentals and internet protocols. +- Familiarity with Linux, Mac, and Windows operating systems, mobile devices, and the IT application landscape. +- Proven experience with governing the security of public cloud platforms such as AWS and Azure. + +Personal Attributes + +- Ability to work with minimal supervision. +- Strong ability to define problems, collect and analyze data, establish facts and draw valid conclusions. +- Positive attitude and agile mindset. +- Motivated, team, and customer oriented. +- Not afraid to fail. +- Excellent interpersonal skills. +- Ability to plan and deliver on commitment. +- Strong proficiency in both written and verbal English communication essential for effective correspondence with clients, suppliers, business partners, and colleagues beyond the province of Quebec. + +We understand that experience comes in many forms and that careers are not always linear. If you don't meet every requirement in this posting, we still encourage you to apply. + +At Tecsys, we are committed to fostering a diverse and inclusive workplace where all employees feel valued, respected, and empowered. We believe that diversity drives innovation and strengthens our ability to deliver exceptional solutions. We welcome and encourage applicants from all backgrounds, experiences, and perspectives to join our team. + +Tecsys is an equal opportunity employer. Accommodation is available for applicants selected for an interview. + +NB: if you are applying to this position, you must be a Canadian Citizen or a Permanent Resident of Canada, OR , have a valid Canadian work permit. diff --git a/jobs/imported/workable/workable-the-mill-adventure-dff3461d62-senior-grc-specialist.md b/jobs/imported/workable/workable-the-mill-adventure-dff3461d62-senior-grc-specialist.md new file mode 100644 index 0000000..2a5829a --- /dev/null +++ b/jobs/imported/workable/workable-the-mill-adventure-dff3461d62-senior-grc-specialist.md @@ -0,0 +1,76 @@ +--- +title: "Senior GRC Specialist" +company: "The Mill Adventure" +slug: "workable-the-mill-adventure-dff3461d62-senior-grc-specialist" +status: "published" +source: "Workable" +sources: + - "Workable" +source_url: "https://apply.workable.com/the-mill-adventure" +role_url: "https://apply.workable.com/j/DFF3461D62" +apply_url: "https://apply.workable.com/j/DFF3461D62/apply" +posted_date: "2026-04-07" +expires_date: "2026-05-07" +location: "St. Julian's, St. Julian's, Malta" +work_modes: + - "Remote" +job_types: + - "Full-time" +specializations: + - "Compliance Automation" + - "Risk Management" + - "Security Governance" + - "Audit & Assurance" +frameworks: + - "ISO 27001" + - "NIST RMF" + - "PCI-DSS" +languages: + - "Rust" +compensation: "" +summary: "The Mill Adventure is a scale-up with the ultimate mission of building awesome products that will change the way the iGaming industry operates. We started our journey in 2019,..." +--- + +The Mill Adventure is a scale-up with the ultimate mission of building awesome products that will change the way the iGaming industry operates. We started our journey in 2019, with the vision of building a technology driven organisation and creating a team consisting of the best of the best specialists in their respective fields. + +Today, we provide a complete gaming platform, including licences and operations, for rapid deployment and success in iGaming. Our team of 130+ technology and iGaming experts is guided by passion for invention, operational excellence and commitment to improve the inefficient. + +We trust and value our team and we strive to accommodate the right working conditions for each individual, in remote, office based or mixed models. We see the strength in being different and embrace the cultural diversity existing in our group. + +As our business continues to grow, we are looking for a highly autonomous and experienced Senior / Lead GRC Specialist . In this role, you will not just maintain our GRC function—you will own it. Working closely with our CISO and security engineering team, you will be responsible for defining the road ahead: identifying our gaps, selecting the right frameworks, and taking full responsibility for our governance, risk, and compliance posture. We need a mature professional who knows how to listen to engineering teams, build pragmatic policies, and drive security without being a roadblock. + +What You Will Do: + +- Establish the GRC Roadmap: Assess our current environment, identify gaps, and design a clear, actionable GRC roadmap aligned with our business goals. You tell us what we are missing and how to fix it. +- Act as a Business Enabler: Eradicate the "security as a blocker" mentality. Partner actively with product and engineering teams during the design phases to find secure paths to "yes," ensuring our governance supports business velocity rather than slowing it down. +- Lead Framework Implementation: Take full responsibility for managing and maturing our ISO 27001:2022 certification. Drive compliance initiatives for PCI DSS and prepare our posture for NIS2 requirements. +- Drive Risk Management : Autonomously select and implement the most appropriate risk management frameworks. Own the risk register, lead risk assessments, and translate complex technical risks into clear business impacts and mitigation strategies. +- Design Business-Aligned Governance: Design, write, and enforce information security policies and standards. Actively solicit feedback from engineering and business teams to ensure policies are practical and business-enabling. +- Champion Security Culture: Own and evolve our security awareness program. Move us beyond boring, "check-the-box" compliance videos by creating engaging, context-aware training that actually resonates with engineers, product teams, and business operations. +- Lead Audits & Compliance: Take the helm on all internal and external security-focused audits, assessments, and reviews. Act as the definitive subject matter expert for regulatory inquiries. + +Requirements + +You'll be a great fit if you have: + +- 5–8+ years of dedicated experience in Cyber GRC, Information Security, or Technology Risk. +- Framework Expertise: Demonstrated, hands-on experience implementing and managing ISO 27001:2022 (mandatory). Deep knowledge of PCI DSS and familiarity with NIS2 is highly desirable. +- iGaming Experience is a Strong Plus: A deep understanding of the technology-led, highly regulated iGaming environment is highly desirable. (If you don't have this, proven experience in similarly complex, fast-paced, and regulated sectors like fintech, SaaS, or payments is a great substitute). +- An "Enabler" Mindset: The commercial awareness to understand that security exists to protect the business, not to halt it. You excel at finding pragmatic, secure workarounds rather than just throwing up red tape. +- Strategic & Autonomous Execution: You don't need a checklist; you create the checklist. You have a track record of building or significantly maturing GRC functions from the ground up. +- Mature Judgment: You possess the emotional intelligence to work alongside highly technical teams. You leave your ego at the door, listen to feedback, and focus on collaborative problem-solving. +- Exceptional Communication: Strong analytical, risk assessment, and documentation skills, with the ability to articulate complex security concepts to both engineers and executive leadership. +- Alignment with our Values: High integrity, ownership, transparency, and a continuous drive for performance and improvement. + +Benefits + +- A lean, focused company, offering a flexible working environment +- The opportunity to work with and learn form a highly skilled, talented team +- A great company culture, where accountability is innate, transparency is key and competency is virtue +- Being part of a small, tight knit, caring community +- Work equipment of your choice +- Private health insurance +- Learning budget +- Fitness benefit +- Parking/transport or co-working allowance +- Company wide and team based get togethers diff --git a/jobs/jobs.11tydata.js b/jobs/jobs.11tydata.js new file mode 100644 index 0000000..9cf610f --- /dev/null +++ b/jobs/jobs.11tydata.js @@ -0,0 +1,28 @@ +function addDays(dateValue, days) { + const base = dateValue ? new Date(dateValue) : new Date(); + if (Number.isNaN(base.getTime())) return null; + base.setDate(base.getDate() + days); + return base.toISOString().slice(0, 10); +} + +function normalizeList(data, arrayKey, scalarKey) { + if (Array.isArray(data[arrayKey]) && data[arrayKey].length) return data[arrayKey]; + if (data[scalarKey]) return [data[scalarKey]]; + return []; +} + +module.exports = { + layout: "layouts/job.njk", + permalink: (data) => "jobs/" + (data.slug || data.page.fileSlug) + "/index.html", + tags: "jobs-content", + eleventyComputed: { + slug: (data) => data.slug || data.page.fileSlug, + status: (data) => data.status || "published", + sources: (data) => normalizeList(data, "sources", "source"), + work_modes: (data) => normalizeList(data, "work_modes", "work_mode"), + job_types: (data) => normalizeList(data, "job_types", "job_type"), + expires_date: (data) => data.expires_date || addDays(data.posted_date, 30), + description: (data) => data.description || ((data.title && data.company) ? (data.title + " at " + data.company) : "Open governance, risk, and compliance role"), + eleventyExcludeFromCollections: (data) => String(data.page.fileSlug || "").startsWith("_") + } +}; diff --git a/package.json b/package.json index 3862afb..acc89ff 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,8 @@ "private": true, "scripts": { "build": "npx @11ty/eleventy", - "serve": "npx @11ty/eleventy --serve" + "serve": "npx @11ty/eleventy --serve", + "import:jobs": "node scripts/import-jobs.js" }, "devDependencies": { "@11ty/eleventy": "^3.0.0" diff --git a/scripts/import-jobs.js b/scripts/import-jobs.js new file mode 100644 index 0000000..62d8e0f --- /dev/null +++ b/scripts/import-jobs.js @@ -0,0 +1,905 @@ +const fs = require("fs/promises"); +const path = require("path"); +const { greenhouseBoards: catalogGreenhouseBoards, ashbyBoards: catalogAshbyBoards, workableBoards: catalogWorkableBoards, leverBoards: catalogLeverBoards, ripplingBoards: catalogRipplingBoards } = require("./job-board-sources"); + +const ROOT = process.cwd(); +const IMPORT_ROOT = path.join(ROOT, "jobs", "imported"); +const USER_AGENT = "GRC Engineer Directory Job Importer/1.0 (+https://directory.grcengclub.com)"; + +const FRAMEWORK_RULES = [ + ["FedRAMP", ["fedramp", "govramp", "state ramp", "state-ramp"]], + ["SOC 2", ["soc 2", "soc2"]], + ["ISO 27001", ["iso 27001", "iso27001"]], + ["ISO 42001", ["iso 42001", "iso42001"]], + ["NIST 800-53", ["nist 800-53", "800-53"]], + ["NIST 800-171", ["nist 800-171", "800-171"]], + ["NIST CSF", ["nist csf", "cybersecurity framework"]], + ["NIST RMF", ["nist rmf", "risk management framework"]], + ["NIST AI RMF", ["ai rmf", "nist ai rmf"]], + ["PCI-DSS", ["pci", "pci-dss", "payment card industry"]], + ["HIPAA", ["hipaa"]], + ["GDPR", ["gdpr"]], + ["CCPA", ["ccpa"]], + ["CMMC", ["cmmc"]], + ["CJIS", ["cjis"]], + ["HITRUST", ["hitrust"]] +]; + +const LANGUAGE_RULES = [ + ["Python", ["python"]], + ["Terraform", ["terraform"]], + ["OPA/Rego", ["rego", "open policy agent", "opa"]], + ["SQL", ["sql"]], + ["Bash", ["bash", "shell scripting"]], + ["JavaScript", ["javascript", "node.js", "nodejs"]], + ["Go", ["golang", " go ", "go/"]], + ["PowerShell", ["powershell"]], + ["OSCAL", ["oscal"]], + ["Rust", ["rust"]] +]; + +const SPECIALIZATION_RULES = [ + ["Compliance Automation", ["grc", "compliance", "controls", "control testing", "continuous controls", "audit readiness", "security compliance"]], + ["Risk Management", ["risk", "risk register", "risk assessment", "third-party risk"]], + ["Security Governance", ["policy", "governance", "governance risk", "governance, risk", "control framework"]], + ["Audit & Assurance", ["audit", "assurance", "sox", "evidence collection"]], + ["Cloud Security", ["aws", "azure", "gcp", "cloud security", "kubernetes", "container security"]], + ["Identity & Access Management", ["iam", "identity", "access management", "okta", "entra", "sso", "privileged access"]], + ["Privacy", ["privacy", "data protection", "gdpr", "ccpa"]], + ["Security Architecture", ["security architecture", "secure design", "threat modeling"]], + ["Security Operations", ["soc", "security operations", "siem", "detection", "monitoring"]], + ["Incident Response", ["incident response", "forensics", "breach"]], + ["Third-Party Risk", ["vendor risk", "third-party risk", "supplier risk"]], + ["Vulnerability Management", ["vulnerability", "patch management", "exposure management"]], + ["AI Governance", ["ai governance", "model governance", "responsible ai"]], + ["Cloud Governance", ["cloud governance", "cloud controls"]], + ["DevSecOps", ["devsecops", "cicd security", "pipeline security"]] +]; + +function envFlag(name, defaultValue) { + const value = process.env[name]; + if (value === undefined) return defaultValue; + return !["0", "false", "no"].includes(String(value).toLowerCase()); +} + +function splitEnv(name) { + return String(process.env[name] || "") + .split(",") + .map((item) => item.trim()) + .filter(Boolean); +} + +function configuredBoards(envName, catalogBoards) { + return [...new Set([...(catalogBoards || []), ...splitEnv(envName)])]; +} + +function toIsoDate(value) { + if (!value) return new Date().toISOString().slice(0, 10); + const date = new Date(value); + if (Number.isNaN(date.getTime())) return new Date().toISOString().slice(0, 10); + return date.toISOString().slice(0, 10); +} + +function addDays(value, days) { + const date = new Date(value); + if (Number.isNaN(date.getTime())) return null; + date.setDate(date.getDate() + days); + return date.toISOString().slice(0, 10); +} + +function slugify(value) { + return String(value || "") + .toLowerCase() + .replace(/&/g, " and ") + .replace(/[^a-z0-9]+/g, "-") + .replace(/(^-|-$)/g, ""); +} + +function titleCaseFromSlug(value) { + return String(value || "") + .split("-") + .filter(Boolean) + .map((part) => part.charAt(0).toUpperCase() + part.slice(1)) + .join(" "); +} + +function stripHtml(value) { + return String(value || "") + .replace(/</g, "<") + .replace(/>/g, ">") + .replace(/<[^>]+>/g, " ") + .replace(/ /g, " ") + .replace(/&/g, "&") + .replace(/"/g, "\"") + .replace(/'/g, "'") + .replace(/\s+/g, " ") + .trim(); +} + +function htmlToMarkdown(value) { + const headingLevels = { + h1: "#", + h2: "##", + h3: "###", + h4: "####", + h5: "#####", + h6: "######" + }; + + let html = String(value || ""); + if (!html.trim()) return ""; + + html = html + .replace(//gi, "") + .replace(//gi, "") + .replace(/]*href=["']([^"']+)["'][^>]*>([\s\S]*?)<\/a>/gi, (_, href, text) => { + const label = stripHtml(text); + if (!label) return href; + return `${label} (${href})`; + }); + + Object.entries(headingLevels).forEach(([tag, marker]) => { + const regex = new RegExp(`<${tag}[^>]*>([\\s\\S]*?)<\\/${tag}>`, "gi"); + html = html.replace(regex, (_, text) => `\n\n${marker} ${stripHtml(text)}\n\n`); + }); + + html = html + .replace(/]*>([\s\S]*?)<\/li>/gi, (_, text) => `\n- ${stripHtml(text)}`) + .replace(/]*>([\s\S]*?)<\/blockquote>/gi, (_, text) => `\n> ${stripHtml(text)}\n`) + .replace(/<(p|div|section|article|header|footer|aside|table|tr|tbody|thead)[^>]*>([\s\S]*?)<\/\1>/gi, (_, _tag, text) => { + const cleaned = stripHtml(text); + return cleaned ? `\n\n${cleaned}\n\n` : "\n"; + }) + .replace(/<\/?(ul|ol)[^>]*>/gi, "\n") + .replace(/<(br|hr)\s*\/?>/gi, "\n") + .replace(/<[^>]+>/g, "") + .replace(/</g, "<") + .replace(/>/g, ">") + .replace(/ /g, " ") + .replace(/&/g, "&") + .replace(/"/g, "\"") + .replace(/'/g, "'") + .replace(/\r/g, "") + .replace(/[ \t]+\n/g, "\n") + .replace(/\n{3,}/g, "\n\n"); + + return html + .split("\n") + .map((line) => line.trim()) + .join("\n") + .replace(/\n{3,}/g, "\n\n") + .trim(); +} + +function normalizeJobType(value) { + const normalized = String(value || "").trim(); + if (!normalized) return "Full-time"; + if (normalized === "FullTime") return "Full-time"; + if (normalized === "PartTime") return "Part-time"; + if (/salaried.*full|full.*time/i.test(normalized)) return "Full-time"; + if (/salaried.*part|part.*time/i.test(normalized)) return "Part-time"; + if (normalized === "SALARIED_FT") return "Full-time"; + if (normalized === "SALARIED_PT") return "Part-time"; + return normalized; +} + +function excerpt(value, maxLength) { + const cleaned = stripHtml(value); + if (cleaned.length <= maxLength) return cleaned; + return cleaned.slice(0, maxLength).replace(/\s+\S*$/, "") + "..."; +} + +function collectMatches(text, rules, maxItems) { + const normalized = " " + String(text || "").toLowerCase() + " "; + const matches = rules + .filter((rule) => rule[1].some((keyword) => normalized.includes(String(keyword).toLowerCase()))) + .map((rule) => rule[0]); + + return [...new Set(matches)].slice(0, maxItems || matches.length); +} + +function includesAny(text, terms) { + const normalized = String(text || "").toLowerCase(); + return terms.some((term) => normalized.includes(term)); +} + +function countMatches(text, terms) { + const normalized = String(text || "").toLowerCase(); + return terms.reduce((count, term) => count + (normalized.includes(term) ? 1 : 0), 0); +} + +function looksRelevant(title, text) { + const titleText = String(title || "").toLowerCase(); + const fullText = [titleText, String(text || "").toLowerCase()].join(" "); + const blockedTitleTerms = [ + "marketing", "social media", "payroll", "clinical", + "biology", "nutrition", "civil", "commercial", + "account executive", "customer success", "deal desk", "sales", + "content", "psychologist", "scientist", "intern", + "recruiter", "talent", "legal counsel" + ]; + const directRolelessSignals = [ + "grc", + "governance, risk & compliance", + "governance, risk and compliance", + "governance risk & compliance", + "governance risk and compliance", + "governance risk compliance", + "security compliance", + "security & compliance", + "security and compliance", + "security risk & compliance", + "security risk and compliance", + "risk & compliance automation", + "risk and compliance automation", + "compliance automation", + "fedramp", + "rmf", + "it governance", + "governance and trust", + "trust and compliance", + "it grc", + "grc platform", + "grc platforms", + "grc system", + "grc systems", + "grc automation" + ]; + const directTechnicalSignals = [ + "compliance engineer", + "compliance analyst", + "compliance specialist", + "compliance lead", + "compliance developer", + "security compliance engineer", + "security compliance analyst", + "security compliance specialist", + "security compliance lead", + "security and compliance engineer", + "security and compliance analyst", + "security and compliance lead", + "security & compliance engineer", + "security & compliance analyst", + "security & compliance lead", + "risk and compliance engineer", + "risk and compliance analyst", + "risk & compliance engineer", + "risk & compliance analyst", + "technical risk and compliance engineer", + "cloud security grc", + "fedramp cloud security", + "rmf cybersecurity analyst", + "controls monitoring analyst", + "it governance analyst" + ]; + const adjacentSecuritySignals = [ + "security risk", + "cyber risk", + "security governance", + "security trust", + "governance and trust", + "programs & controls", + "programs and controls", + "security controls", + "controls monitoring", + "controls assurance", + "technology risk", + "it risk", + "privacy compliance", + "privacy engineering", + "fedramp program" + ]; + const grcContextTerms = [ + "grc", "governance", "risk", "compliance", "control", + "controls", "control monitoring", "continuous controls", + "control validation", "evidence", "evidence collection", + "evidence automation", "audit", "audit readiness", + "risk assessment", "risk register", "risk management", + "policy", "policies", "procedures", "security assurance", + "customer security assurance", "third-party risk", + "vendor risk", "least privilege", "identity governance", + "iam", "access review", "privacy", "fedramp", "soc 2", + "soc2", "iso 27001", "iso27001", "hitrust", "tisax", + "nist", "rmf", "800-53", "800-171", "cmmc", "pci", + "hipaa", "gdpr", "ccpa", "continuous compliance", + "automation", "control automation", "compliance as code", + "drata", "vanta", "viso trust", "oscal", "python", + "powershell", "snowflake", "databricks", "api" + ]; + const frameworkTerms = [ + "fedramp", "soc 2", "soc2", "iso 27001", "iso27001", + "hitrust", "nist", "rmf", "800-53", "800-171", + "cmmc", "pci", "hipaa", "gdpr", "ccpa", "tisax" + ]; + const automationTerms = [ + "automation", "continuous compliance", "control automation", + "evidence automation", "compliance as code", "api", + "python", "powershell", "snowflake", "databricks", "oscal" + ]; + + if (includesAny(titleText, blockedTitleTerms)) return false; + + const hasDirectRolelessSignal = includesAny(titleText, directRolelessSignals); + const hasDirectTechnicalSignal = includesAny(titleText, directTechnicalSignals); + const hasAdjacentSecuritySignal = includesAny(titleText, adjacentSecuritySignals); + + if (!hasDirectRolelessSignal && !hasDirectTechnicalSignal && !hasAdjacentSecuritySignal) return false; + + const grcSignals = countMatches(fullText, grcContextTerms); + const frameworkSignals = countMatches(fullText, frameworkTerms); + const automationSignals = countMatches(fullText, automationTerms); + + if (hasDirectTechnicalSignal) { + return grcSignals >= 2; + } + + if (hasAdjacentSecuritySignal) { + return grcSignals >= 4 || (grcSignals >= 3 && (frameworkSignals >= 1 || automationSignals >= 1)); + } + + return grcSignals >= 3 || (grcSignals >= 2 && (frameworkSignals >= 1 || automationSignals >= 1)); +} + +function titleMayBeRelevant(title) { + const t = String(title || "").toLowerCase(); + const blockedTitleTerms = [ + "marketing", "social media", "payroll", "clinical", + "biology", "nutrition", "civil", "commercial", + "account executive", "customer success", "deal desk", "sales", + "content", "psychologist", "scientist", "intern", + "recruiter", "talent", "legal counsel" + ]; + if (includesAny(t, blockedTitleTerms)) return false; + const signals = [ + "grc", "governance", "compliance", "fedramp", "rmf", + "risk management", "risk & compliance", "risk and compliance", + "security compliance", "security & compliance", "security and compliance", + "compliance automation", "it governance", "trust and compliance", + "compliance engineer", "compliance analyst", "compliance specialist", + "compliance lead", "compliance manager", "compliance developer", + "controls monitoring", "controls assurance", + "security risk", "cyber risk", "security governance", + "security trust", "security controls", "technology risk", + "it risk", "privacy compliance", "privacy engineering", + "assessor", "cmmc", "audit", "vendor risk", "third-party risk", + "security assurance", "nist", "soc 2", "soc2", "iso 27001", "hipaa" + ]; + return includesAny(t, signals); +} + +function yamlString(value) { + return JSON.stringify(String(value || "")); +} + +function yamlList(key, values) { + if (!values || !values.length) return key + ": []"; + return key + ":\n" + values.map((value) => " - " + yamlString(value)).join("\n"); +} + +function formatCompensation(min, max, currency) { + if (!min && !max) return ""; + const fmt = new Intl.NumberFormat("en-US", { + style: "currency", + currency: currency || "USD", + maximumFractionDigits: 0 + }); + + const minValue = min ? fmt.format(min) : ""; + const maxValue = max ? fmt.format(max) : ""; + if (minValue && maxValue) return minValue + " - " + maxValue; + return minValue || maxValue; +} + +function extractCompensation(text) { + const plain = stripHtml(text); + // Match: $NNN,NNN(.NN) or $NNNk, optional currency, separator, then same pattern + const pattern = /\$\s*([\d,]+(?:\.\d{1,2})?)\s*([kK])?\s*(?:USD|CAD|EUR|GBP)?\s*(?:-|–|—|\bto\b|\band\b)\s*\$\s*([\d,]+(?:\.\d{1,2})?)\s*([kK])?\s*(?:USD|CAD|EUR|GBP)?/; + const match = plain.match(pattern); + if (!match) return ""; + + let min = parseFloat(match[1].replace(/,/g, "")); + let max = parseFloat(match[3].replace(/,/g, "")); + if (match[2]) min *= 1000; + if (match[4]) max *= 1000; + + if (min < 20000 || max < 20000 || max > 2000000) return ""; + if (max < min) return ""; + + const currencyMatch = plain.slice(match.index, match.index + match[0].length + 20).match(/\b(CAD|EUR|GBP)\b/); + const currency = currencyMatch ? currencyMatch[1] : "USD"; + + return formatCompensation(min, max, currency); +} + +function serializeJob(job) { + const frontmatter = [ + "---", + "title: " + yamlString(job.title), + "company: " + yamlString(job.company), + "slug: " + yamlString(job.slug), + "status: " + yamlString(job.status || "published"), + "source: " + yamlString(job.source), + yamlList("sources", job.sources || [job.source]), + "source_url: " + yamlString(job.source_url), + "role_url: " + yamlString(job.role_url || job.apply_url), + "apply_url: " + yamlString(job.apply_url), + "posted_date: " + yamlString(job.posted_date), + "expires_date: " + yamlString(job.expires_date), + "location: " + yamlString(job.location), + yamlList("work_modes", job.work_modes), + yamlList("job_types", job.job_types), + yamlList("specializations", job.specializations), + yamlList("frameworks", job.frameworks), + yamlList("languages", job.languages), + "compensation: " + yamlString(job.compensation || ""), + "summary: " + yamlString(job.summary || ""), + "---", + "", + job.body || "No description was provided by the upstream source." + ]; + + return frontmatter.join("\n") + "\n"; +} + +async function fetchJson(url, headers) { + const response = await fetch(url, { + headers: Object.assign({ "User-Agent": USER_AGENT }, headers || {}) + }); + + if (!response.ok) { + throw new Error("Request failed: " + response.status + " " + response.statusText + " for " + url); + } + + return response.json(); +} + +async function resetDir(dir) { + await fs.rm(dir, { recursive: true, force: true }); + await fs.mkdir(dir, { recursive: true }); +} + +async function writeImportedJobs(sourceKey, jobs) { + const dir = path.join(IMPORT_ROOT, sourceKey); + await resetDir(dir); + + for (const job of jobs) { + const filePath = path.join(dir, job.slug + ".md"); + await fs.writeFile(filePath, serializeJob(job), "utf8"); + } +} + +function buildNormalizedJob(job) { + const content = [job.title, job.company, job.location, job.summary, job.body].join(" "); + const specializations = job.specializations && job.specializations.length + ? job.specializations + : collectMatches(content, SPECIALIZATION_RULES, 4); + const frameworks = collectMatches(content, FRAMEWORK_RULES, 5); + const languages = collectMatches(content, LANGUAGE_RULES, 5); + + const compensation = job.compensation || extractCompensation(job.body || ""); + + return Object.assign({}, job, { + specializations, + frameworks, + languages, + compensation, + summary: excerpt(job.summary || job.body || "", 180) + }); +} + +function normalizeRemoteOkJob(job) { + const body = htmlToMarkdown(job.description || ""); + const summary = stripHtml(job.description || ""); + const text = [job.position, job.company, body, (job.tags || []).join(" ")].join(" "); + if (!looksRelevant(job.position, text)) return null; + + const postedDate = toIsoDate(job.date || job.date_iso || Date.now()); + const slug = slugify(["remoteok", job.company, job.position].join("-")); + if (!slug) return null; + + return buildNormalizedJob({ + title: job.position, + company: job.company || "Unknown company", + slug, + source: "Remote OK", + sources: ["Remote OK"], + source_url: "https://remoteok.com/json", + role_url: job.url || job.apply_url || "", + apply_url: job.apply_url || job.url || "", + posted_date: postedDate, + expires_date: addDays(postedDate, 30), + location: job.location || "Remote", + work_modes: ["Remote"], + job_types: [normalizeJobType(job.employment_type)], + compensation: formatCompensation(job.salary_min, job.salary_max, "USD"), + summary, + body: body + }); +} + +function normalizeGreenhouseJob(boardToken, job) { + const body = htmlToMarkdown(job.content || ""); + const summary = stripHtml(job.content || ""); + const text = [job.title, summary, job.location && job.location.name, boardToken].join(" "); + if (!looksRelevant(job.title, text)) return null; + + const postedDate = toIsoDate(job.updated_at); + const slug = slugify(["greenhouse", boardToken, job.id, job.title].join("-")); + + return buildNormalizedJob({ + title: job.title, + company: titleCaseFromSlug(boardToken), + slug, + source: "Greenhouse", + sources: ["Greenhouse"], + source_url: "https://boards-api.greenhouse.io/v1/boards/" + boardToken + "/jobs?content=true", + role_url: job.absolute_url || "", + apply_url: job.absolute_url || "", + posted_date: postedDate, + expires_date: addDays(postedDate, 30), + location: (job.location && job.location.name) || "Remote", + work_modes: /remote/i.test(summary + " " + ((job.location && job.location.name) || "")) ? ["Remote"] : ["Hybrid / On-site"], + job_types: ["Full-time"], + summary, + body: body + }); +} + +function normalizeAshbyJob(boardName, job) { + const rawDescription = job.descriptionHtml || job.descriptionPlain || ""; + const description = htmlToMarkdown(rawDescription); + const summary = stripHtml(rawDescription); + const text = [job.title, job.jobTitle, job.location, summary, boardName].join(" "); + if (!looksRelevant(job.title || job.jobTitle, text)) return null; + + const postedDate = toIsoDate(job.publishedDate || job.updatedAt || Date.now()); + const slug = slugify(["ashby", boardName, job.id || job.jobId || job.title].join("-")); + const location = job.location || (job.primaryLocation && job.primaryLocation.label) || "Remote"; + + return buildNormalizedJob({ + title: job.title || job.jobTitle, + company: titleCaseFromSlug(boardName), + slug, + source: "Ashby", + sources: ["Ashby"], + source_url: "https://api.ashbyhq.com/posting-api/job-board/" + boardName + "?includeCompensation=true", + role_url: job.jobUrl || job.absoluteUrl || "", + apply_url: job.applyUrl || job.jobUrl || job.absoluteUrl || "", + posted_date: postedDate, + expires_date: addDays(postedDate, 30), + location, + work_modes: /remote/i.test([location, summary].join(" ")) ? ["Remote"] : ["Hybrid / On-site"], + job_types: [normalizeJobType(job.employmentType)], + compensation: job.compensation && job.compensation.summary ? job.compensation.summary : "", + summary, + body: description + }); +} + +async function importRemoteOk() { + const payload = await fetchJson("https://remoteok.com/json"); + const entries = Array.isArray(payload) ? payload.slice(1) : []; + return entries.map(normalizeRemoteOkJob).filter(Boolean); +} + +async function importGreenhouse() { + const boards = configuredBoards("GREENHOUSE_BOARDS", catalogGreenhouseBoards); + if (!boards.length) return []; + + const imported = []; + for (const board of boards) { + try { + const payload = await fetchJson("https://boards-api.greenhouse.io/v1/boards/" + encodeURIComponent(board) + "/jobs?content=true"); + const jobs = Array.isArray(payload.jobs) ? payload.jobs : []; + jobs.forEach((job) => { + const normalized = normalizeGreenhouseJob(board, job); + if (normalized) imported.push(normalized); + }); + } catch (error) { + console.warn("[greenhouse] skipped board " + board + ": " + (error.message || error)); + } + } + + return imported; +} + +async function importAshby() { + const boards = configuredBoards("ASHBY_JOB_BOARDS", catalogAshbyBoards); + if (!boards.length) return []; + + const imported = []; + for (const board of boards) { + try { + const payload = await fetchJson("https://api.ashbyhq.com/posting-api/job-board/" + encodeURIComponent(board) + "?includeCompensation=true"); + const jobs = Array.isArray(payload.jobs) ? payload.jobs : []; + jobs.forEach((job) => { + const normalized = normalizeAshbyJob(board, job); + if (normalized) imported.push(normalized); + }); + } catch (error) { + console.warn("[ashby] skipped board " + board + ": " + (error.message || error)); + } + } + + return imported; +} + +function normalizeWorkableJob(boardSlug, job) { + const body = htmlToMarkdown(job.description || ""); + const summary = stripHtml(job.description || ""); + const locationParts = [job.city, job.state, job.country].filter(Boolean); + const location = locationParts.join(", ") || "Remote"; + const text = [job.title, boardSlug, location, summary].join(" "); + if (!looksRelevant(job.title, text)) return null; + + const postedDate = toIsoDate(job.published_on || job.created_at); + const slug = slugify(["workable", boardSlug, job.shortcode, job.title].join("-")); + + return buildNormalizedJob({ + title: job.title, + company: titleCaseFromSlug(boardSlug), + slug, + source: "Workable", + sources: ["Workable"], + source_url: "https://apply.workable.com/" + boardSlug, + role_url: job.url || "", + apply_url: job.application_url || job.url || "", + posted_date: postedDate, + expires_date: addDays(postedDate, 30), + location, + work_modes: job.telecommuting ? ["Remote"] : /remote/i.test(location + " " + summary) ? ["Remote"] : ["Hybrid / On-site"], + job_types: [normalizeJobType(job.employment_type)], + summary, + body + }); +} + +async function importWorkable() { + const boards = configuredBoards("WORKABLE_BOARDS", catalogWorkableBoards); + if (!boards.length) return []; + + const imported = []; + for (const board of boards) { + try { + const payload = await fetchJson("https://www.workable.com/api/accounts/" + encodeURIComponent(board) + "?details=true"); + const jobs = Array.isArray(payload.jobs) ? payload.jobs : []; + jobs.forEach((job) => { + const normalized = normalizeWorkableJob(board, job); + if (normalized) imported.push(normalized); + }); + } catch (error) { + console.warn("[workable] skipped board " + board + ": " + (error.message || error)); + } + } + + return imported; +} + +function normalizeLeverJob(boardSlug, job) { + const bodyParts = [job.descriptionBody || job.description || "", job.opening || ""]; + if (Array.isArray(job.lists)) { + job.lists.forEach((list) => { + bodyParts.push("

" + (list.text || "") + "

"); + bodyParts.push((list.content || "")); + }); + } + bodyParts.push(job.additional || ""); + const rawHtml = bodyParts.join("\n"); + const body = htmlToMarkdown(rawHtml); + const summary = stripHtml(rawHtml); + const location = (job.categories && job.categories.location) || job.country || "Remote"; + const text = [job.text, boardSlug, location, summary].join(" "); + if (!looksRelevant(job.text, text)) return null; + + const postedDate = toIsoDate(job.createdAt); + const slug = slugify(["lever", boardSlug, job.id, job.text].join("-")).slice(0, 120); + + const compensation = job.salaryRange + ? formatCompensation(job.salaryRange.min, job.salaryRange.max, job.salaryRange.currency) + : ""; + + return buildNormalizedJob({ + title: job.text, + company: titleCaseFromSlug(boardSlug), + slug, + source: "Lever", + sources: ["Lever"], + source_url: "https://jobs.lever.co/" + boardSlug, + role_url: job.hostedUrl || "", + apply_url: job.applyUrl || job.hostedUrl || "", + posted_date: postedDate, + expires_date: addDays(postedDate, 30), + location, + work_modes: (job.workplaceType === "remote" || /remote/i.test(location + " " + ((job.categories && job.categories.commitment) || ""))) + ? ["Remote"] + : ["Hybrid / On-site"], + job_types: [normalizeJobType((job.categories && job.categories.commitment) || "")], + compensation, + summary, + body + }); +} + +async function fetchLeverJson(url) { + const response = await fetch(url, { + headers: { "User-Agent": USER_AGENT } + }); + if (!response.ok) { + throw new Error("Request failed: " + response.status + " " + response.statusText + " for " + url); + } + const text = await response.text(); + const cleaned = text.replace(/[\x00-\x08\x0b\x0c\x0e-\x1f]/g, ""); + return JSON.parse(cleaned); +} + +async function importLever() { + const boards = configuredBoards("LEVER_BOARDS", catalogLeverBoards); + if (!boards.length) return []; + + const imported = []; + for (const board of boards) { + try { + const data = await fetchLeverJson("https://api.lever.co/v0/postings/" + encodeURIComponent(board) + "?mode=json"); + const jobs = Array.isArray(data) ? data : []; + jobs.forEach((job) => { + const normalized = normalizeLeverJob(board, job); + if (normalized) imported.push(normalized); + }); + } catch (error) { + console.warn("[lever] skipped board " + board + ": " + (error.message || error)); + } + } + + return imported; +} + +function normalizeRipplingJob(boardSlug, detail) { + const descParts = []; + if (detail.description) { + if (typeof detail.description === "string") { + descParts.push(detail.description); + } else { + if (detail.description.company) descParts.push(detail.description.company); + if (detail.description.role) descParts.push(detail.description.role); + } + } + const rawHtml = descParts.join("\n"); + const body = htmlToMarkdown(rawHtml); + const summary = stripHtml(rawHtml); + + const location = Array.isArray(detail.workLocations) && detail.workLocations.length + ? detail.workLocations.join(" | ") + : "Remote"; + + const text = [detail.name, boardSlug, location, summary].join(" "); + if (!looksRelevant(detail.name, text)) return null; + + const postedDate = toIsoDate(detail.createdOn); + const slug = slugify(["rippling", boardSlug, detail.uuid, detail.name].join("-")).slice(0, 120); + + let compensation = ""; + if (Array.isArray(detail.payRangeDetails) && detail.payRangeDetails.length) { + const range = detail.payRangeDetails.find(function(r) { return r.isRemote; }) + || detail.payRangeDetails[0]; + if (range.rangeStart || range.rangeEnd) { + compensation = formatCompensation(range.rangeStart, range.rangeEnd, range.currency || "USD"); + } + } + + const empType = (detail.employmentType && (detail.employmentType.id || detail.employmentType.label)) || ""; + const company = detail.companyName || titleCaseFromSlug(boardSlug); + + return buildNormalizedJob({ + title: detail.name, + company, + slug, + source: "Rippling", + sources: ["Rippling"], + source_url: "https://ats.rippling.com/" + boardSlug + "/jobs", + role_url: detail.url || "", + apply_url: detail.url || "", + posted_date: postedDate, + expires_date: addDays(postedDate, 30), + location, + work_modes: /remote/i.test(location + " " + summary) ? ["Remote"] : ["Hybrid / On-site"], + job_types: [normalizeJobType(empType)], + compensation, + summary, + body + }); +} + +async function importRippling() { + const boards = configuredBoards("RIPPLING_BOARDS", catalogRipplingBoards); + if (!boards.length) return []; + + const imported = []; + for (const board of boards) { + try { + const allJobs = []; + let offset = 0; + const limit = 100; + const maxPages = 10; + for (let page = 0; page < maxPages; page++) { + const url = "https://api.rippling.com/platform/api/ats/v1/board/" + + encodeURIComponent(board) + "/jobs?limit=" + limit + "&offset=" + offset; + const result = await fetchJson(url); + const jobs = Array.isArray(result) ? result : []; + allJobs.push(...jobs); + if (jobs.length < limit) break; + offset += limit; + } + + const candidates = allJobs.filter(function(job) { + return titleMayBeRelevant(job.name); + }); + console.log("[rippling] " + board + ": " + allJobs.length + " listed, " + + candidates.length + " passed pre-filter"); + + const BATCH_SIZE = 5; + for (let i = 0; i < candidates.length; i += BATCH_SIZE) { + const batch = candidates.slice(i, i + BATCH_SIZE); + const details = await Promise.all(batch.map(function(job) { + const detailUrl = "https://api.rippling.com/platform/api/ats/v1/board/" + + encodeURIComponent(board) + "/jobs/" + encodeURIComponent(job.uuid); + return fetchJson(detailUrl).catch(function(err) { + console.warn("[rippling] failed to fetch detail for " + job.uuid + ": " + err.message); + return null; + }); + })); + + details.forEach(function(detail) { + if (!detail) return; + const normalized = normalizeRipplingJob(board, detail); + if (normalized) imported.push(normalized); + }); + } + } catch (error) { + console.warn("[rippling] skipped board " + board + ": " + (error.message || error)); + } + } + + return imported; +} + +async function runSource(key, enabled, importer) { + if (!enabled) { + console.log("[" + key + "] skipped"); + return 0; + } + + const jobs = await importer(); + await writeImportedJobs(key, jobs); + console.log("[" + key + "] wrote " + jobs.length + " jobs"); + return jobs.length; +} + +async function main() { + await fs.mkdir(IMPORT_ROOT, { recursive: true }); + + let total = 0; + total += await runSource("remoteok", envFlag("REMOTEOK_ENABLED", true), importRemoteOk); + total += await runSource("greenhouse", configuredBoards("GREENHOUSE_BOARDS", catalogGreenhouseBoards).length > 0, importGreenhouse); + total += await runSource("ashby", configuredBoards("ASHBY_JOB_BOARDS", catalogAshbyBoards).length > 0, importAshby); + total += await runSource("workable", configuredBoards("WORKABLE_BOARDS", catalogWorkableBoards).length > 0, importWorkable); + total += await runSource("lever", configuredBoards("LEVER_BOARDS", catalogLeverBoards).length > 0, importLever); + total += await runSource("rippling", configuredBoards("RIPPLING_BOARDS", catalogRipplingBoards).length > 0, importRippling); + + if (total === 0) { + console.log("No jobs matched the current GRC filters."); + console.log("Tip: curated Greenhouse, Ashby, Workable, Lever, and Rippling boards are checked into the repo."); + } +} + +if (require.main === module) { + main().catch((error) => { + console.error(error.stack || error.message); + process.exitCode = 1; + }); +} + +module.exports = { + extractCompensation, + htmlToMarkdown, + looksRelevant +}; diff --git a/scripts/job-board-sources.js b/scripts/job-board-sources.js new file mode 100644 index 0000000..d346633 --- /dev/null +++ b/scripts/job-board-sources.js @@ -0,0 +1,106 @@ +module.exports = { + greenhouseBoards: [ + "andurilindustries", + "appliedintuition", + "anthropic", + "cerebrassystems", + "cloudflare", + "discord", + "everlaw", + "fireblocks", + "idme", + "ionq", + "robinhood", + "sigmacomputing", + "spycloud", + "vercel", + "xai", + "zscaler" + ], + ashbyBoards: [ + "1password", + "atlan", + "confluent", + "Crusoe", + "elevenlabs", + "Flock Safety", + "hims-and-hers", + "junipersquare", + "lambda", + "Method", + "monarchmoney", + "Notion", + "ramp", + "replit", + "serverobotics", + "socure", + "writer" + ], + workableBoards: [ + "1kosmos", + "aretum", + "assurity-trusted-solutions", + "avint", + "classwallet", + "crewai", + "emergent-group", + "euronet", + "financeit", + "jacobian", + "luminance-1", + "mealsuite", + "optasia", + "qodeworld", + "runware", + "sword-group", + "tecsys", + "the-mill-adventure", + "unifize", + "zerofox" + ], + leverBoards: [ + "anchorage", + "Aprio", + "aqueduct-tech", + "binance", + "capital", + "certifyos", + "clearcapital", + "coalfire", + "cwsc", + "CYE", + "economicmodeling", + "emburse", + "eqbank", + "gearset", + "gridware", + "hive", + "mediagenix", + "mistral", + "moonpay", + "palantir", + "pattern", + "ppfa", + "ro", + "secureframe", + "swordhealth", + "trendyol", + "whoop" + ], + ripplingBoards: [ + "aalyria-careers", + "agencycyber", + "barr-careers", + "brevian-careers", + "coterie-careers", + "d-wave-quantum", + "dynamo-ai", + "managed-careers", + "mozn-ai", + "nesto", + "saliense", + "soteria", + "workstreet", + "wwwcarbon3aicareers" + ] +}; diff --git a/scripts/notify-slack.js b/scripts/notify-slack.js new file mode 100644 index 0000000..4848499 --- /dev/null +++ b/scripts/notify-slack.js @@ -0,0 +1,175 @@ +const fs = require("fs/promises"); +const { execSync } = require("child_process"); + +const WEBHOOK_URL = process.env.SLACK_WEBHOOK_URL; + +function parseJobFrontmatter(content) { + const match = content.match(/^---\n([\s\S]*?)\n---/); + if (!match) return null; + + var fm = {}; + var currentKey = null; + var currentList = null; + + match[1].split("\n").forEach(function (line) { + var listItem = line.match(/^\s+-\s+"?([^"]*)"?$/); + if (listItem && currentKey) { + if (!currentList) currentList = []; + currentList.push(listItem[1]); + fm[currentKey] = currentList; + return; + } + + if (currentList) { + currentList = null; + currentKey = null; + } + + var kv = line.match(/^(\w[\w_]*)\s*:\s*"?([^"]*)"?$/); + if (kv) { + currentKey = kv[1]; + var val = kv[2].trim(); + + if (val === "[]" || val === "") { + fm[currentKey] = val === "[]" ? [] : ""; + } else { + fm[currentKey] = val; + } + currentList = null; + } + }); + + return fm; +} + +function buildSlackBlock(job) { + var title = job.title || "Untitled Role"; + var company = job.company || "Unknown"; + var location = job.location || ""; + var workModes = Array.isArray(job.work_modes) ? job.work_modes.join(", ") : ""; + var jobTypes = Array.isArray(job.job_types) ? job.job_types.join(", ") : ""; + var frameworks = Array.isArray(job.frameworks) ? job.frameworks : []; + var specializations = Array.isArray(job.specializations) ? job.specializations : []; + var compensation = job.compensation || ""; + var applyUrl = job.apply_url || job.role_url || ""; + + var details = []; + if (location) details.push(":round_pushpin: " + location); + if (workModes) details.push(workModes); + if (jobTypes) details.push(jobTypes); + + var tags = []; + if (frameworks.length) tags.push(":shield: " + frameworks.join(", ")); + if (specializations.length) tags.push(":dart: " + specializations.join(", ")); + + var lines = [ + ":briefcase: *" + title + "* at *" + company + "*" + ]; + + if (details.length) lines.push(details.join(" · ")); + if (compensation) lines.push(":moneybag: " + compensation); + if (tags.length) lines.push(tags.join("\n")); + if (applyUrl) lines.push("<" + applyUrl + "|Apply →>"); + + return { + type: "section", + text: { + type: "mrkdwn", + text: lines.join("\n") + } + }; +} + +async function getNewJobFiles() { + try { + var output = execSync( + 'git diff HEAD~1 --name-only --diff-filter=A -- "jobs/imported/"', + { encoding: "utf8" } + ); + return output.trim().split("\n").filter(Boolean); + } catch (error) { + console.log("No previous commit to diff against, checking all imported jobs."); + return []; + } +} + +async function postToSlack(blocks) { + var payload = { blocks: blocks }; + + var response = await fetch(WEBHOOK_URL, { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify(payload) + }); + + if (!response.ok) { + throw new Error("Slack POST failed: " + response.status + " " + (await response.text())); + } +} + +async function main() { + if (!WEBHOOK_URL) { + console.log("SLACK_WEBHOOK_URL not set, skipping Slack notification."); + return; + } + + var newFiles = await getNewJobFiles(); + + if (!newFiles.length) { + console.log("No new jobs to notify about."); + return; + } + + console.log("Found " + newFiles.length + " new job(s) to post."); + + var blocks = [ + { + type: "header", + text: { + type: "plain_text", + text: ":rocket: New GRC Job Listings", + emoji: true + } + }, + { + type: "context", + elements: [ + { + type: "mrkdwn", + text: newFiles.length + " new role" + (newFiles.length === 1 ? "" : "s") + " found today on the " + } + ] + }, + { type: "divider" } + ]; + + for (var filePath of newFiles) { + try { + var content = await fs.readFile(filePath, "utf8"); + var job = parseJobFrontmatter(content); + if (!job || !job.title) continue; + blocks.push(buildSlackBlock(job)); + blocks.push({ type: "divider" }); + } catch (error) { + console.warn("Skipped " + filePath + ": " + error.message); + } + } + + if (blocks.length <= 3) { + console.log("No valid jobs to post after parsing."); + return; + } + + // Slack limits blocks to 50 per message — batch if needed + var batchSize = 48; + for (var i = 0; i < blocks.length; i += batchSize) { + await postToSlack(blocks.slice(i, i + batchSize)); + } + + console.log("Posted " + newFiles.length + " job(s) to Slack."); +} + +main().catch(function (error) { + console.error(error.message || error); + process.exitCode = 1; +}); diff --git a/site/_includes/layouts/base.njk b/site/_includes/layouts/base.njk index a6b6833..e7ac45e 100644 --- a/site/_includes/layouts/base.njk +++ b/site/_includes/layouts/base.njk @@ -24,6 +24,8 @@
GRC Engineer Directory
+ Engineers + Jobs grcengclub.com Submit Profile @@ -39,6 +41,7 @@

Part of the GRC Engineering Club

Submit your profile to join the directory.

+

Browse open GRC engineering roles from the club's community resource.

diff --git a/site/_includes/layouts/job.njk b/site/_includes/layouts/job.njk new file mode 100644 index 0000000..5843f3c --- /dev/null +++ b/site/_includes/layouts/job.njk @@ -0,0 +1,132 @@ +--- +layout: layouts/base.njk +--- + +{% set related = collections.engineers | relatedEngineers(specializations, frameworks, languages, 4) %} + +
+
+ ← Back to jobs +
+ +
+
+
+
+ {% if sources and sources.length %} + {{ sources[0] }} + {% endif %} + {% if posted_date %} + Posted {{ posted_date | readableDate }} + {% endif %} +
+ +

{{ title }}

+

{{ company }}{% if location %} {{ location }}{% endif %}

+ + {% if summary %} +

{{ summary }}

+ {% endif %} + +
+ {% for mode in work_modes %}{{ mode }}{% endfor %} + {% for type in job_types %}{{ type }}{% endfor %} + {% if compensation %}{{ compensation }}{% endif %} +
+
+ + {% if specializations and specializations.length %} +
+

Specializations

+
+ {% for spec in specializations %}{{ spec }}{% endfor %} +
+
+ {% endif %} + + {% if frameworks and frameworks.length %} +
+

Frameworks

+
+ {% for framework in frameworks %}{{ framework }}{% endfor %} +
+
+ {% endif %} + + {% if languages and languages.length %} +
+

Languages & Tools

+
+ {% for language in languages %}{{ language }}{% endfor %} +
+
+ {% endif %} + + {% if content | trim %} +
+ {{ content | safe }} +
+ {% endif %} + + {% if related.length %} +
+

Engineers with overlapping skills

+
+ {% for engineer in related %} + + {{ engineer.data.name }} + {% if engineer.data.title %}{{ engineer.data.title }}{% endif %} + {% if engineer.data.company %}{{ engineer.data.company }}{% endif %} + + {% endfor %} +
+
+ {% endif %} +
+ + +
+
diff --git a/site/_includes/partials/job-card.njk b/site/_includes/partials/job-card.njk new file mode 100644 index 0000000..8acb352 --- /dev/null +++ b/site/_includes/partials/job-card.njk @@ -0,0 +1,64 @@ +
+
+
+ {% if job.data.sources and job.data.sources.length %} + {{ job.data.sources[0] }} + {% endif %} + {% if job.data.posted_date %} + Posted {{ job.data.posted_date | readableDate }} + {% endif %} +
+ + {{ job.data.title }} +

{{ job.data.company }}

+ + {% if job.data.summary %} +

{{ job.data.summary }}

+ {% endif %} +
+ +
+ {% if job.data.location %}{{ job.data.location }}{% endif %} + {% if job.data.work_modes and job.data.work_modes.length %}{{ job.data.work_modes[0] }}{% endif %} + {% if job.data.job_types and job.data.job_types.length %}{{ job.data.job_types[0] }}{% endif %} + {% if job.data.compensation %}{{ job.data.compensation }}{% endif %} +
+ + {% if job.data.specializations and job.data.specializations.length %} +
+ {% for spec in job.data.specializations %} + {% if loop.index0 < 3 %} + {{ spec }} + {% endif %} + {% endfor %} +
+ {% endif %} + + {% if job.data.frameworks and job.data.frameworks.length %} +
+ {% for framework in job.data.frameworks %} + {% if loop.index0 < 2 %} + {{ framework }} + {% endif %} + {% endfor %} +
+ {% endif %} + +
+ View role + {% if job.data.apply_url %} + Apply + {% endif %} +
+
diff --git a/site/_includes/partials/job-filter-bar.njk b/site/_includes/partials/job-filter-bar.njk new file mode 100644 index 0000000..a8d5b35 --- /dev/null +++ b/site/_includes/partials/job-filter-bar.njk @@ -0,0 +1,78 @@ +
+
+ +
+ + + +
+
+ +
+ {% for spec in collections.jobs | uniqueValues("specializations") %} + + {% endfor %} +
+
+ +
+ +
+ {% for fw in collections.jobs | uniqueValues("frameworks") %} + + {% endfor %} +
+
+ +
+ +
+ {% for mode in collections.jobs | uniqueValues("work_modes") %} + + {% endfor %} +
+
+ +
+ +
+ {% for type in collections.jobs | uniqueValues("job_types") %} + + {% endfor %} +
+
+ +
+ +
+ {% for source in collections.jobs | uniqueValues("sources") %} + + {% endfor %} +
+
+
+
diff --git a/site/assets/css/style.css b/site/assets/css/style.css index 2a7f2ba..5763faf 100644 --- a/site/assets/css/style.css +++ b/site/assets/css/style.css @@ -737,6 +737,301 @@ a:hover { color: var(--brand-primary); } +/* Jobs */ +.jobs-hero, +.jobs-preview, +.jobs-notes { + max-width: 1200px; + margin: 0 auto; + padding: 0 1.5rem; +} +.jobs-hero { + padding-top: 2.5rem; + padding-bottom: 1.25rem; +} +.jobs-hero-inner, +.jobs-note-card { + background: + radial-gradient(circle at top right, var(--brand-primary-20), transparent 42%), + var(--bg-secondary); + border: 1px solid var(--border-subtle); + border-radius: var(--radius); + padding: 1.5rem; +} +.jobs-kicker { + font-family: 'IBM Plex Mono', monospace; + font-size: 0.72rem; + letter-spacing: 0.08em; + text-transform: uppercase; + color: var(--brand-primary); + margin-bottom: 0.75rem; +} +.jobs-hero h1, +.jobs-preview h2, +.jobs-notes h2, +.job-page-title { + color: var(--text-primary); +} +.jobs-hero h1 { + font-size: clamp(2rem, 4vw, 3rem); + line-height: 1.05; + margin-bottom: 0.85rem; +} +.jobs-hero-copy, +.jobs-preview-copy { + max-width: 60ch; + color: var(--text-secondary); +} +.jobs-stats { + margin-top: 1.25rem; +} +.jobs-preview { + padding-top: 0.5rem; + padding-bottom: 2rem; +} +.jobs-preview-header { + display: flex; + align-items: end; + justify-content: space-between; + gap: 1rem; + margin-bottom: 1rem; +} +.jobs-preview-empty, +.jobs-empty { + background: var(--bg-secondary); + border: 1px dashed var(--border-subtle); + border-radius: var(--radius); + padding: 1.25rem; + color: var(--text-secondary); +} +.jobs-empty h2 { + color: var(--text-primary); + margin-bottom: 0.5rem; +} +.jobs-notes { + padding-bottom: 3rem; + display: grid; + gap: 1rem; + grid-template-columns: repeat(2, minmax(0, 1fr)); +} + +.job-card { + gap: 1rem; +} +.job-card-top { + display: flex; + flex-direction: column; + gap: 0.45rem; +} +.job-card-eyebrow { + display: flex; + flex-wrap: wrap; + gap: 0.5rem; + align-items: center; +} +.job-source, +.job-posted { + font-size: 0.72rem; + color: var(--text-secondary); +} +.job-source { + font-family: 'IBM Plex Mono', monospace; + color: var(--brand-primary); + text-transform: uppercase; + letter-spacing: 0.04em; +} +.job-card-title { + font-size: 1.1rem; + line-height: 1.25; +} +.job-card-company { + color: var(--text-primary); + font-weight: 600; +} +.job-card-summary { + color: var(--text-secondary); + font-size: 0.92rem; +} +.job-card-meta { + display: flex; + flex-wrap: wrap; + gap: 0.5rem 0.9rem; + color: var(--text-secondary); + font-size: 0.82rem; +} +.job-card-meta strong { + color: var(--text-primary); + font-weight: 600; +} +.job-card-actions { + display: flex; + gap: 0.75rem; + margin-top: auto; + padding-top: 0.5rem; + border-top: 1px solid var(--border-subtle); +} + +.job-page { + max-width: 1200px; + margin: 0 auto; + padding: 2rem 1.5rem 3rem; +} +.job-page-grid { + display: grid; + grid-template-columns: minmax(0, 2fr) minmax(280px, 0.9fr); + gap: 1.5rem; + align-items: start; +} +.job-main, +.job-sidebar-card { + background: var(--bg-secondary); + border: 1px solid var(--border-subtle); + border-radius: var(--radius); +} +.job-main { + padding: 1.5rem; +} +.job-sidebar-card { + padding: 1.25rem; + position: sticky; + top: 5.5rem; +} +.job-header { + display: flex; + flex-direction: column; + gap: 0.75rem; + margin-bottom: 1.5rem; +} +.job-page-title { + font-size: clamp(2rem, 4vw, 2.8rem); + line-height: 1.05; +} +.job-page-company, +.job-page-summary { + color: var(--text-secondary); +} +.job-page-company { + font-size: 1rem; + color: var(--text-primary); +} +.job-page-summary { + max-width: 64ch; +} +.job-page-tags { + display: flex; + flex-wrap: wrap; + gap: 0.45rem; +} +.job-section + .job-section, +.job-section + .job-body, +.job-body + .job-section { + margin-top: 1.5rem; +} +.job-section h2, +.job-body h2 { + font-size: 1.05rem; + color: var(--text-primary); + margin-bottom: 0.75rem; +} +.job-body { + color: var(--text-secondary); + font-size: 1rem; + line-height: 1.8; + max-width: 72ch; + font-kerning: normal; +} +.job-body > * + * { + margin-top: 1rem; +} +.job-body :is(p, li, blockquote) { + max-width: 68ch; +} +.job-body h2, +.job-body h3, +.job-body h4 { + color: var(--text-primary); + line-height: 1.2; + margin-top: 2rem; +} +.job-body h2 { + font-size: 1.2rem; +} +.job-body h3 { + font-size: 1.05rem; +} +.job-body ul, +.job-body ol { + padding-left: 1.35rem; +} +.job-body li + li { + margin-top: 0.5rem; +} +.job-body strong { + color: var(--text-primary); +} +.job-body a { + text-underline-offset: 0.15em; +} +.job-body blockquote { + border-left: 3px solid var(--brand-primary); + padding-left: 1rem; + color: var(--text-primary); +} +.job-apply-btn { + width: 100%; + text-align: center; +} +.job-apply-btn + .job-apply-btn { + margin-top: 0.75rem; +} +.job-facts { + display: grid; + gap: 0.9rem; + margin-top: 1.25rem; +} +.job-facts dt { + font-size: 0.72rem; + font-family: 'IBM Plex Mono', monospace; + text-transform: uppercase; + letter-spacing: 0.05em; + color: var(--text-secondary); +} +.job-facts dd { + color: var(--text-primary); + margin-top: 0.2rem; +} +.job-source-link { + margin-top: 1.1rem; + font-size: 0.85rem; +} +.job-match-grid { + display: grid; + grid-template-columns: repeat(2, minmax(0, 1fr)); + gap: 0.9rem; +} +.job-match-card { + border: 1px solid var(--border-subtle); + border-radius: var(--radius-sm); + padding: 0.9rem; + display: flex; + flex-direction: column; + gap: 0.2rem; + color: var(--text-secondary); + transition: border-color 0.2s, transform 0.2s; +} +.job-match-card:hover { + text-decoration: none; + border-color: var(--brand-primary); + transform: translateY(-2px); +} +.job-match-name { + color: var(--text-primary); + font-weight: 600; +} +.job-match-role { + font-size: 0.85rem; +} + /* Profile Page */ .profile { max-width: 800px; @@ -1123,7 +1418,7 @@ a:hover { font-size: 0.78rem; color: var(--error-color); margin-top: 0.25rem; - min-height: 0; + min-height: 1.1rem; } .form-row { display: grid; @@ -1260,7 +1555,12 @@ a:hover { color: var(--text-secondary); font-size: 1.25rem; cursor: pointer; - padding: 0 0.25rem; + padding: 0; + min-width: 44px; + min-height: 44px; + display: inline-flex; + align-items: center; + justify-content: center; line-height: 1; } .btn-remove:hover { @@ -1293,19 +1593,72 @@ a:hover { padding: 0.75rem 2rem; font-size: 1rem; } +.submit-hint { + font-size: 0.82rem; + color: var(--text-secondary); + margin-top: 0.9rem; +} .submit-fallback { background: var(--bg-tertiary); border: 1px solid var(--border-accent); border-radius: var(--radius); padding: 1.25rem; margin-top: 1rem; - text-align: center; + text-align: left; +} +.submit-fallback h3 { + font-size: 1rem; + font-weight: 700; + color: var(--text-primary); + margin-bottom: 0.4rem; } .submit-fallback p { font-size: 0.85rem; color: var(--text-primary); margin-bottom: 0.75rem; } +.submit-fallback-status { + color: var(--text-secondary); +} +.submit-fallback-steps { + margin: 0 0 1rem 1.15rem; + color: var(--text-primary); + display: grid; + gap: 0.45rem; +} +.submit-fallback-actions { + display: flex; + flex-wrap: wrap; + gap: 0.75rem; + margin-bottom: 0.85rem; +} +.submit-payload-wrap { + border-top: 1px solid var(--border-subtle); + padding-top: 0.85rem; +} +.submit-payload-wrap summary { + cursor: pointer; + color: var(--text-secondary); + font-size: 0.82rem; + font-weight: 600; +} +.submit-payload-wrap textarea { + width: 100%; + margin-top: 0.75rem; + min-height: 170px; + padding: 0.75rem 0.85rem; + background: var(--bg-primary); + border: 1px solid var(--border-subtle); + border-radius: var(--radius-sm); + color: var(--text-primary); + font-family: "IBM Plex Mono", monospace; + font-size: 0.78rem; + line-height: 1.5; + resize: vertical; +} +.submit-fallback[hidden] { + display: none; +} /* ── Responsive (mobile-first) ── */ @@ -1361,6 +1714,28 @@ a:hover { .insights { padding: 1.5rem 1rem 0.5rem; } + .jobs-hero, + .jobs-preview, + .jobs-notes, + .job-page { + padding-left: 1rem; + padding-right: 1rem; + } + .jobs-preview-header { + flex-direction: column; + align-items: flex-start; + } + .jobs-notes, + .job-page-grid, + .job-match-grid { + grid-template-columns: 1fr; + } + .job-card-actions { + flex-direction: column; + } + .job-sidebar-card { + position: static; + } .insight-card { padding: 1rem; } @@ -1418,15 +1793,26 @@ a:hover { } @media (max-width: 400px) { .step-indicator { - gap: 0.25rem; + display: grid; + grid-template-columns: repeat(2, minmax(0, 1fr)); + gap: 0.45rem; + border-bottom: none; + padding-bottom: 0; } .step-indicator .step { - font-size: 0; - padding: 0.5rem 0.25rem; + font-size: 0.72rem; + padding: 0.65rem 0.5rem; + border: 1px solid var(--border-subtle); + border-radius: var(--radius-sm); + background: var(--bg-primary); } .step-indicator .step .step-num { font-size: 0.7rem; - margin-right: 0; + margin-right: 0.35rem; + } + .step-indicator .step.active { + background: var(--brand-primary-10); + border-color: var(--brand-primary); } } diff --git a/site/assets/js/jobs-search.js b/site/assets/js/jobs-search.js new file mode 100644 index 0000000..0394124 --- /dev/null +++ b/site/assets/js/jobs-search.js @@ -0,0 +1,211 @@ +(function () { + var searchInput = document.getElementById("search-input"); + if (!searchInput) return; + + var cards = Array.from(document.querySelectorAll(".job-card")); + var chips = Array.from(document.querySelectorAll(".chip")); + var clearBtn = document.getElementById("clear-filters"); + var countEl = document.getElementById("results-count"); + var noResults = document.getElementById("no-results"); + var summaryEl = document.getElementById("active-filters-summary"); + var pillsEl = document.getElementById("active-filter-pills"); + + var FILTER_KEYS = ["specializations", "frameworks", "workModes", "jobTypes", "sources"]; + var DATA_KEYS = { + specializations: "specializations", + frameworks: "frameworks", + workModes: "workModes", + jobTypes: "jobTypes", + sources: "sources" + }; + + var activeFilters = {}; + FILTER_KEYS.forEach(function (key) { activeFilters[key] = []; }); + + var chipCache = {}; + chips.forEach(function (chip) { + var group = chip.closest("[data-filter]"); + if (!group) return; + chipCache[group.dataset.filter + ":" + chip.dataset.value] = chip; + }); + + var badgeCache = {}; + FILTER_KEYS.forEach(function (key) { + var group = document.querySelector('.filter-group[data-group="' + key + '"]'); + if (group) badgeCache[key] = group.querySelector(".count-badge"); + }); + + var cardData = cards.map(function (card) { + var parsed = {}; + FILTER_KEYS.forEach(function (key) { + parsed[key] = (card.dataset[DATA_KEYS[key]] || "").split(",").filter(Boolean); + }); + parsed.title = card.dataset.title || ""; + parsed.company = card.dataset.company || ""; + parsed.location = card.dataset.location || ""; + parsed.allText = [ + parsed.title, + parsed.company, + parsed.location + ].concat(FILTER_KEYS.map(function (key) { return parsed[key].join(" "); })).join(" "); + return parsed; + }); + + var FADE_MS = 250; + var pendingTimers = new Map(); + + function getChip(filterKey, value) { + return chipCache[filterKey + ":" + value] || null; + } + + function hideCard(card) { + if (card.classList.contains("hidden")) return; + if (pendingTimers.has(card)) { + clearTimeout(pendingTimers.get(card)); + pendingTimers.delete(card); + } + card.classList.add("fading"); + var timer = setTimeout(function () { + card.classList.add("hidden"); + pendingTimers.delete(card); + }, FADE_MS); + pendingTimers.set(card, timer); + } + + function showCard(card) { + if (!card.classList.contains("hidden") && !card.classList.contains("fading")) return; + if (pendingTimers.has(card)) { + clearTimeout(pendingTimers.get(card)); + pendingTimers.delete(card); + } + card.classList.remove("hidden", "fading"); + } + + function updateSummary() { + if (!summaryEl || !pillsEl) return; + + var pills = []; + FILTER_KEYS.forEach(function (key) { + activeFilters[key].forEach(function (value) { + var chip = getChip(key, value); + pills.push({ + key: key, + value: value, + label: chip ? chip.textContent : value + }); + }); + }); + + summaryEl.style.display = pills.length ? "" : "none"; + pillsEl.innerHTML = ""; + + pills.forEach(function (pill) { + var btn = document.createElement("button"); + btn.className = "active-filter-pill"; + btn.dataset.filterKey = pill.key; + btn.dataset.filterValue = pill.value; + btn.innerHTML = pill.label + ' \u00d7'; + pillsEl.appendChild(btn); + }); + } + + function updateBadgeCounts() { + FILTER_KEYS.forEach(function (key) { + var badge = badgeCache[key]; + if (!badge) return; + badge.textContent = activeFilters[key].length; + badge.style.display = activeFilters[key].length ? "" : "none"; + }); + } + + function updateCards() { + var query = (searchInput.value || "").toLowerCase().trim(); + var visible = 0; + + cards.forEach(function (card, index) { + var data = cardData[index]; + var show = true; + + if (query && data.allText.indexOf(query) === -1) show = false; + + for (var i = 0; show && i < FILTER_KEYS.length; i++) { + var key = FILTER_KEYS[i]; + if (activeFilters[key].length) { + var values = data[key]; + var hasMatch = activeFilters[key].some(function (value) { + return values.indexOf(value) !== -1; + }); + if (!hasMatch) show = false; + } + } + + if (show) { + showCard(card); + visible += 1; + } else { + hideCard(card); + } + }); + + if (countEl) countEl.textContent = visible; + if (noResults) noResults.style.display = visible === 0 ? "" : "none"; + updateSummary(); + updateBadgeCounts(); + } + + document.querySelectorAll(".filter-group-header").forEach(function (header) { + header.addEventListener("click", function () { + var group = header.closest(".filter-group"); + var isOpen = group.classList.toggle("open"); + header.setAttribute("aria-expanded", isOpen ? "true" : "false"); + }); + }); + + chips.forEach(function (chip) { + chip.addEventListener("click", function () { + var group = chip.closest("[data-filter]"); + if (!group) return; + var key = group.dataset.filter; + var value = chip.dataset.value; + var isActive = chip.classList.toggle("active"); + + chip.setAttribute("aria-pressed", isActive ? "true" : "false"); + + if (isActive) { + if (activeFilters[key].indexOf(value) === -1) activeFilters[key].push(value); + } else { + activeFilters[key] = activeFilters[key].filter(function (item) { return item !== value; }); + } + + updateCards(); + }); + }); + + pillsEl && pillsEl.addEventListener("click", function (event) { + var pill = event.target.closest(".active-filter-pill"); + if (!pill) return; + + var key = pill.dataset.filterKey; + var value = pill.dataset.filterValue; + var chip = getChip(key, value); + if (chip) { + chip.classList.remove("active"); + chip.setAttribute("aria-pressed", "false"); + } + activeFilters[key] = activeFilters[key].filter(function (item) { return item !== value; }); + updateCards(); + }); + + clearBtn && clearBtn.addEventListener("click", function () { + searchInput.value = ""; + FILTER_KEYS.forEach(function (key) { activeFilters[key] = []; }); + chips.forEach(function (chip) { + chip.classList.remove("active"); + chip.setAttribute("aria-pressed", "false"); + }); + updateCards(); + }); + + searchInput.addEventListener("input", updateCards); + updateCards(); +})(); diff --git a/site/assets/js/submit.js b/site/assets/js/submit.js index 42039ad..b23bd18 100644 --- a/site/assets/js/submit.js +++ b/site/assets/js/submit.js @@ -3,18 +3,15 @@ var REPO_OWNER = 'GRCEngClub'; var REPO_NAME = 'directory'; - var GH_USERNAME_RE = /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,37}[a-zA-Z0-9])?$/; + var GH_USERNAME_RE = /^[a-z0-9]([a-z0-9-]{0,37}[a-z0-9])?$/; + var PROFILE_SUBMISSION_START = ''; + var PROFILE_SUBMISSION_END = ''; + var PREFILLED_ISSUE_BODY = [ + 'Paste the copied profile payload into this issue body, replacing this text, then click "Submit new issue".', + '', + 'If the payload is not on your clipboard, return to the submit form and use "Copy profile payload" again.' + ].join('\n'); - // Post-submission confirmation - if (window.location.search.indexOf('submitted=1') !== -1) { - var banner = document.createElement('div'); - banner.className = 'success-banner'; - banner.textContent = 'Your profile has been submitted successfully! It will appear on the site after review.'; - var main = document.querySelector('main') || document.body; - main.insertBefore(banner, main.firstChild); - } - - // --- State --- var state = { specializations: [], frameworks: [], @@ -24,321 +21,555 @@ projects: [] }; - // --- DOM helpers --- + var submitState = { + issueUrl: '', + payload: '' + }; + + var currentStep = 1; + var firstInvalidField = null; + function $(sel) { return document.querySelector(sel); } function $$(sel) { return document.querySelectorAll(sel); } - // --- Step Navigation --- - var currentStep = 1; + var githubInput = $('#field-github'); + var avatarPreview = $('#github-avatar-preview'); + var certInput = $('#field-certifications'); + var certTagsEl = $('#cert-tags'); + var projectsList = $('#projects-list'); + var addProjectBtn = $('#add-project'); + var submitBtn = $('#btn-submit-github'); + var submitFallback = $('#submit-fallback'); + var submitFallbackStatus = $('#submit-fallback-status'); + var submitIssueLink = $('#submit-issue-link'); + var submitPayloadField = $('#submit-payload'); + var submitPayloadWrap = $('.submit-payload-wrap'); + var copyPayloadBtn = $('#btn-copy-payload'); + + function normalizeGitHubUsername(value) { + return (value || '').trim().toLowerCase(); + } + + function normalizeFreeText(value) { + return (value || '').trim(); + } function showStep(n) { $$('.form-step').forEach(function (el) { - el.hidden = +el.dataset.step !== n; + el.hidden = Number(el.dataset.step) !== n; }); + $$('.step-indicator .step').forEach(function (el) { - var s = +el.dataset.step; - el.classList.toggle('active', s === n); - el.classList.toggle('completed', s < n); - if (s === n) { + var stepNumber = Number(el.dataset.step); + var isFuture = stepNumber > n; + el.classList.toggle('active', stepNumber === n); + el.classList.toggle('completed', stepNumber < n); + el.disabled = isFuture; + if (stepNumber === n) { el.setAttribute('aria-current', 'step'); el.removeAttribute('aria-disabled'); } else { el.removeAttribute('aria-current'); - if (s > n) el.setAttribute('aria-disabled', 'true'); + if (isFuture) el.setAttribute('aria-disabled', 'true'); else el.removeAttribute('aria-disabled'); } }); + currentStep = n; if (n === 4) renderPreview(); window.scrollTo({ top: 0, behavior: 'smooth' }); } - // Step nav buttons - document.addEventListener('click', function (e) { - var btn = e.target.closest('[data-next]'); - if (btn) { - if (validateStep(currentStep)) showStep(+btn.dataset.next); + document.addEventListener('click', function (event) { + var button = event.target.closest('[data-next]'); + if (button) { + if (validateStep(currentStep)) showStep(Number(button.dataset.next)); return; } - btn = e.target.closest('[data-prev]'); - if (btn) { - showStep(+btn.dataset.prev); - return; + + button = event.target.closest('[data-prev]'); + if (button) { + showStep(Number(button.dataset.prev)); } }); - // Step indicator clicks $$('.step-indicator .step').forEach(function (el) { el.addEventListener('click', function () { - var target = +el.dataset.step; + var target = Number(el.dataset.step); if (target < currentStep) { showStep(target); - } else if (target === currentStep + 1) { - if (validateStep(currentStep)) showStep(target); + } else if (target === currentStep + 1 && validateStep(currentStep)) { + showStep(target); } }); }); - // --- Chip selectors --- $$('.chip-selector').forEach(function (container) { var field = container.dataset.field; - container.addEventListener('click', function (e) { - var chip = e.target.closest('.chip'); + container.addEventListener('click', function (event) { + var chip = event.target.closest('.chip'); if (!chip) return; chip.classList.toggle('active'); syncChips(container, field); + clearFieldError(field); }); }); function syncChips(container, field) { state[field] = []; - container.querySelectorAll('.chip.active').forEach(function (c) { - state[field].push(c.dataset.value); + container.querySelectorAll('.chip.active').forEach(function (chip) { + state[field].push(chip.dataset.value); + }); + } + + function findChipByValue(container, value) { + var needle = value.toLowerCase(); + return Array.prototype.find.call(container.querySelectorAll('.chip'), function (chip) { + return chip.dataset.value.toLowerCase() === needle; }); } - // Custom chip helper (shared by specializations & languages) function addCustomChip(inputEl, containerId, fieldName) { - var val = inputEl.value.trim(); - if (!val) return; + var value = inputEl.value.trim(); + if (!value) return; + var container = $(containerId); - var existing = container.querySelector('.chip[data-value="' + CSS.escape(val) + '"]'); - if (existing) { existing.classList.add('active'); inputEl.value = ''; syncChips(container, fieldName); return; } + var existing = findChipByValue(container, value); + if (existing) { + existing.classList.add('active'); + inputEl.value = ''; + syncChips(container, fieldName); + clearFieldError(fieldName); + return; + } + var chip = document.createElement('button'); chip.type = 'button'; chip.className = 'chip active'; - chip.dataset.value = val; - chip.textContent = val; + chip.dataset.value = value; + chip.textContent = value; container.appendChild(chip); inputEl.value = ''; syncChips(container, fieldName); + clearFieldError(fieldName); } - // Custom specialization var addSpecBtn = $('#add-custom-specialization'); var customSpecInput = $('#custom-specialization'); if (addSpecBtn) { - addSpecBtn.addEventListener('click', function () { addCustomChip(customSpecInput, '#chips-specializations', 'specializations'); }); - customSpecInput.addEventListener('keydown', function (e) { - if (e.key === 'Enter') { e.preventDefault(); addCustomChip(customSpecInput, '#chips-specializations', 'specializations'); } + addSpecBtn.addEventListener('click', function () { + addCustomChip(customSpecInput, '#chips-specializations', 'specializations'); + }); + customSpecInput.addEventListener('keydown', function (event) { + if (event.key === 'Enter') { + event.preventDefault(); + addCustomChip(customSpecInput, '#chips-specializations', 'specializations'); + } }); } - // Custom language var addLangBtn = $('#add-custom-language'); var customLangInput = $('#custom-language'); if (addLangBtn) { - addLangBtn.addEventListener('click', function () { addCustomChip(customLangInput, '#chips-languages', 'languages'); }); - customLangInput.addEventListener('keydown', function (e) { - if (e.key === 'Enter') { e.preventDefault(); addCustomChip(customLangInput, '#chips-languages', 'languages'); } + addLangBtn.addEventListener('click', function () { + addCustomChip(customLangInput, '#chips-languages', 'languages'); + }); + customLangInput.addEventListener('keydown', function (event) { + if (event.key === 'Enter') { + event.preventDefault(); + addCustomChip(customLangInput, '#chips-languages', 'languages'); + } }); } - // --- Tag input (certifications) --- - var certInput = $('#field-certifications'); - var certTagsEl = $('#cert-tags'); - if (certInput) { - certInput.addEventListener('keydown', function (e) { - if (e.key === 'Enter') { - e.preventDefault(); - var val = certInput.value.trim(); - if (val && state.certifications.indexOf(val) === -1) { - state.certifications.push(val); - renderCertTags(); - } - certInput.value = ''; + certInput.addEventListener('keydown', function (event) { + if (event.key !== 'Enter') return; + + event.preventDefault(); + var value = certInput.value.trim(); + if (!value) return; + + var exists = state.certifications.some(function (cert) { + return cert.toLowerCase() === value.toLowerCase(); + }); + + if (!exists) { + state.certifications.push(value); + renderCertTags(); } + certInput.value = ''; }); } function renderCertTags() { + if (!certTagsEl) return; certTagsEl.innerHTML = ''; - state.certifications.forEach(function (cert, i) { - var span = document.createElement('span'); - span.className = 'tag tag-outline tag-removable'; - span.textContent = cert + ' '; + + state.certifications.forEach(function (certification, index) { + var tag = document.createElement('span'); + tag.className = 'tag tag-outline tag-removable'; + tag.textContent = certification + ' '; + var removeBtn = document.createElement('button'); removeBtn.type = 'button'; - removeBtn.dataset.removeCert = i; + removeBtn.dataset.removeCert = index; + removeBtn.setAttribute('aria-label', 'Remove ' + certification); removeBtn.innerHTML = '×'; - span.appendChild(removeBtn); - certTagsEl.appendChild(span); + tag.appendChild(removeBtn); + certTagsEl.appendChild(tag); }); } - certTagsEl && certTagsEl.addEventListener('click', function (e) { - var btn = e.target.closest('[data-remove-cert]'); - if (!btn) return; - state.certifications.splice(+btn.dataset.removeCert, 1); - renderCertTags(); - }); - - // --- Projects --- - var projectsList = $('#projects-list'); - var addProjectBtn = $('#add-project'); + if (certTagsEl) { + certTagsEl.addEventListener('click', function (event) { + var button = event.target.closest('[data-remove-cert]'); + if (!button) return; + state.certifications.splice(Number(button.dataset.removeCert), 1); + renderCertTags(); + }); + } - addProjectBtn && addProjectBtn.addEventListener('click', function () { - if (state.projects.length >= 5) return; - state.projects.push({ name: '', url: '', description: '' }); - renderProjects(); - }); + if (addProjectBtn) { + addProjectBtn.addEventListener('click', function () { + if (state.projects.length >= 5) return; + state.projects.push({ name: '', url: '', description: '' }); + renderProjects(); + }); + } function renderProjects() { + if (!projectsList || !addProjectBtn) return; + projectsList.innerHTML = ''; - state.projects.forEach(function (proj, i) { - var div = document.createElement('div'); - div.className = 'project-entry'; - div.innerHTML = - '
Project ' + (i + 1) + '
' + - '' + - '' + - ''; - projectsList.appendChild(div); + state.projects.forEach(function (project, index) { + var entry = document.createElement('div'); + entry.className = 'project-entry'; + entry.innerHTML = + '
Project ' + (index + 1) + '
' + + '' + + '' + + ''; + projectsList.appendChild(entry); }); + addProjectBtn.style.display = state.projects.length >= 5 ? 'none' : ''; } - projectsList && projectsList.addEventListener('input', function (e) { - var input = e.target; - if (input.dataset.proj !== undefined) { - state.projects[+input.dataset.proj][input.dataset.field] = input.value; - } - }); + if (projectsList) { + projectsList.addEventListener('input', function (event) { + var input = event.target; + if (input.dataset.proj === undefined) return; + state.projects[Number(input.dataset.proj)][input.dataset.field] = input.value; + clearFieldError('projects'); + }); - projectsList && projectsList.addEventListener('click', function (e) { - var btn = e.target.closest('[data-remove-project]'); - if (!btn) return; - state.projects.splice(+btn.dataset.removeProject, 1); - renderProjects(); - }); + projectsList.addEventListener('click', function (event) { + var button = event.target.closest('[data-remove-project]'); + if (!button) return; + state.projects.splice(Number(button.dataset.removeProject), 1); + renderProjects(); + clearFieldError('projects'); + }); + } - // --- GitHub avatar preview --- - var githubInput = $('#field-github'); - var avatarPreview = $('#github-avatar-preview'); + if (githubInput) { + githubInput.addEventListener('input', function () { + clearFieldError('github'); + if (!githubInput.value.trim()) avatarPreview.hidden = true; + }); - githubInput && githubInput.addEventListener('blur', function () { - var username = githubInput.value.trim(); - if (!username || !GH_USERNAME_RE.test(username)) { - avatarPreview.hidden = true; - return; + githubInput.addEventListener('blur', function () { + var username = normalizeGitHubUsername(githubInput.value); + githubInput.value = username; + + if (!username || !GH_USERNAME_RE.test(username)) { + avatarPreview.hidden = true; + return; + } + + var image = new Image(); + image.onload = function () { + avatarPreview.src = image.src; + avatarPreview.alt = username; + avatarPreview.hidden = false; + }; + image.onerror = function () { + avatarPreview.hidden = true; + }; + image.src = 'https://github.com/' + username + '.png?size=80'; + }); + } + + function getFieldContainer(field) { + switch (field) { + case 'github': return githubInput; + case 'name': return $('#field-name'); + case 'linkedin': return $('#field-linkedin'); + case 'blog': return $('#field-blog'); + case 'specializations': return $('#chips-specializations'); + case 'projects': return projectsList; + default: return null; } - var img = new Image(); - img.onload = function () { - avatarPreview.src = img.src; - avatarPreview.alt = username; - avatarPreview.hidden = false; - }; - img.onerror = function () { avatarPreview.hidden = true; }; - img.src = 'https://github.com/' + username + '.png?size=80'; - }); + } - // --- Validation --- - function setError(field, msg) { - var el = $('#error-' + field); - if (el) el.textContent = msg; + function getFocusableTarget(field, targetOverride) { + if (targetOverride) return targetOverride; + + switch (field) { + case 'specializations': return $('#chips-specializations .chip'); + case 'projects': return projectsList ? projectsList.querySelector('input, button') || addProjectBtn : addProjectBtn; + default: return getFieldContainer(field); + } + } + + function clearFieldError(field) { + var errorEl = $('#error-' + field); + var container = getFieldContainer(field); + if (errorEl) errorEl.textContent = ''; + if (!container) return; + + container.removeAttribute('aria-invalid'); + container.removeAttribute('aria-describedby'); + if (container.classList && (container.classList.contains('chip-selector') || container.id === 'projects-list')) { + container.removeAttribute('tabindex'); + } } + function clearErrors() { - $$('.form-error').forEach(function (el) { el.textContent = ''; }); + firstInvalidField = null; + $$('.form-error').forEach(function (el) { + el.textContent = ''; + }); + ['github', 'name', 'linkedin', 'blog', 'specializations', 'projects'].forEach(clearFieldError); + } + + function setError(field, message, targetOverride) { + var errorEl = $('#error-' + field); + var container = getFieldContainer(field); + var focusTarget = getFocusableTarget(field, targetOverride); + + if (errorEl) errorEl.textContent = message; + if (container) { + container.setAttribute('aria-invalid', 'true'); + container.setAttribute('aria-describedby', 'error-' + field); + if (container.classList && (container.classList.contains('chip-selector') || container.id === 'projects-list')) { + container.setAttribute('tabindex', '-1'); + } + } + + if (!firstInvalidField) { + firstInvalidField = focusTarget || container; + } + } + + function focusFirstInvalidField() { + if (!firstInvalidField) return; + + var focusTarget = firstInvalidField; + if (focusTarget.matches && (focusTarget.matches('.chip-selector') || focusTarget.id === 'projects-list')) { + focusTarget = focusTarget.querySelector('button, input, textarea') || focusTarget; + } + + if (focusTarget && typeof focusTarget.focus === 'function') { + focusTarget.focus({ preventScroll: true }); + } + + if (focusTarget && typeof focusTarget.scrollIntoView === 'function') { + focusTarget.scrollIntoView({ behavior: 'smooth', block: 'center' }); + } + } + + function isValidHttpUrl(value) { + try { + var url = new URL(value); + return url.protocol === 'http:' || url.protocol === 'https:'; + } catch (error) { + return false; + } } - function validateStep(step) { + function validateStep(step, options) { + var config = options || {}; clearErrors(); + var valid = true; + if (step === 1) { - var gh = githubInput.value.trim(); - if (!gh) { setError('github', 'GitHub username is required.'); valid = false; } - else if (!GH_USERNAME_RE.test(gh)) { setError('github', 'Invalid GitHub username. Must be 1-39 chars, alphanumeric or hyphens, no leading/trailing hyphens.'); valid = false; } - var name = $('#field-name').value.trim(); - if (!name) { setError('name', 'Name is required.'); valid = false; } - if (state.specializations.length === 0) { setError('specializations', 'Select at least one specialization.'); valid = false; } + var github = normalizeGitHubUsername(githubInput.value); + githubInput.value = github; + if (!github) { + setError('github', 'GitHub username is required.'); + valid = false; + } else if (!GH_USERNAME_RE.test(github)) { + setError('github', 'Use a valid GitHub username: 1-39 lowercase letters, numbers, or hyphens, with no leading or trailing hyphen.'); + valid = false; + } + + var name = normalizeFreeText($('#field-name').value); + if (!name) { + setError('name', 'Name is required.'); + valid = false; + } + + if (state.specializations.length === 0) { + setError('specializations', 'Select at least one specialization.'); + valid = false; + } } + if (step === 2) { - var li = $('#field-linkedin').value.trim(); - if (li && !/^https?:\/\/(www\.)?linkedin\.com\/in\//.test(li)) { - setError('linkedin', 'Must be a LinkedIn profile URL (https://linkedin.com/in/…)'); valid = false; + var linkedin = normalizeFreeText($('#field-linkedin').value); + if (linkedin && !/^https?:\/\/(www\.)?linkedin\.com\/in\//i.test(linkedin)) { + setError('linkedin', 'Use a LinkedIn profile URL in the form https://linkedin.com/in/your-name.'); + valid = false; } - var blog = $('#field-blog').value.trim(); - if (blog && !/^https?:\/\//.test(blog)) { - setError('blog', 'Must start with http:// or https://'); valid = false; + + var blog = normalizeFreeText($('#field-blog').value); + if (blog && !isValidHttpUrl(blog)) { + setError('blog', 'Use a full URL that starts with http:// or https://.'); + valid = false; } } + if (step === 3) { - // Validate project URLs - var projError = false; - state.projects.forEach(function (p) { - if (p.url && !/^https?:\/\//.test(p.url)) projError = true; + var hasProjectError = false; + + state.projects.forEach(function (project, index) { + if (hasProjectError) return; + + var nameValue = normalizeFreeText(project.name); + var urlValue = normalizeFreeText(project.url); + var descriptionValue = normalizeFreeText(project.description); + var hasAnyValue = Boolean(nameValue || urlValue || descriptionValue); + + if (!hasAnyValue) return; + + if (!nameValue) { + setError( + 'projects', + 'Every project with a link or description also needs a project name.', + projectsList.querySelector('[data-proj="' + index + '"][data-field="name"]') + ); + hasProjectError = true; + valid = false; + return; + } + + if (urlValue && !isValidHttpUrl(urlValue)) { + setError( + 'projects', + 'Project links must start with http:// or https://.', + projectsList.querySelector('[data-proj="' + index + '"][data-field="url"]') + ); + hasProjectError = true; + valid = false; + } }); - if (projError) { setError('projects', 'Project URLs must start with http:// or https://'); valid = false; } } + + if (!valid && !config.deferFocus) { + focusFirstInvalidField(); + } + return valid; } - // --- Markdown Generation --- + function validateAllSteps() { + var step; + for (step = 1; step <= 3; step += 1) { + if (!validateStep(step, { deferFocus: true })) { + showStep(step); + focusFirstInvalidField(); + return false; + } + } + + clearErrors(); + return true; + } + function generateMarkdown() { - var d = getFormData(); + var data = getFormData(); var lines = ['---']; - lines.push('name: "' + escYaml(d.name) + '"'); - lines.push('github: "' + escYaml(d.github) + '"'); + + lines.push('name: "' + escYaml(data.name) + '"'); + lines.push('github: "' + escYaml(data.github) + '"'); lines.push('specializations:'); - d.specializations.forEach(function (s) { lines.push(' - "' + escYaml(s) + '"'); }); - - if (d.title) lines.push('title: "' + escYaml(d.title) + '"'); - if (d.company) lines.push('company: "' + escYaml(d.company) + '"'); - if (d.location) lines.push('location: "' + escYaml(d.location) + '"'); - if (d.linkedin) lines.push('linkedin: "' + escYaml(d.linkedin) + '"'); - if (d.twitter) lines.push('twitter: "' + escYaml(d.twitter) + '"'); - if (d.bluesky) lines.push('bluesky: "' + escYaml(d.bluesky) + '"'); - if (d.blog) lines.push('blog: "' + escYaml(d.blog) + '"'); - if (d.huggingface) lines.push('huggingface: "' + escYaml(d.huggingface) + '"'); - - if (d.frameworks.length) { + data.specializations.forEach(function (specialization) { + lines.push(' - "' + escYaml(specialization) + '"'); + }); + + if (data.title) lines.push('title: "' + escYaml(data.title) + '"'); + if (data.company) lines.push('company: "' + escYaml(data.company) + '"'); + if (data.location) lines.push('location: "' + escYaml(data.location) + '"'); + if (data.linkedin) lines.push('linkedin: "' + escYaml(data.linkedin) + '"'); + if (data.twitter) lines.push('twitter: "' + escYaml(data.twitter) + '"'); + if (data.bluesky) lines.push('bluesky: "' + escYaml(data.bluesky) + '"'); + if (data.blog) lines.push('blog: "' + escYaml(data.blog) + '"'); + if (data.huggingface) lines.push('huggingface: "' + escYaml(data.huggingface) + '"'); + + if (data.frameworks.length) { lines.push('frameworks:'); - d.frameworks.forEach(function (f) { lines.push(' - "' + escYaml(f) + '"'); }); + data.frameworks.forEach(function (framework) { + lines.push(' - "' + escYaml(framework) + '"'); + }); } - if (d.languages.length) { + + if (data.languages.length) { lines.push('languages:'); - d.languages.forEach(function (l) { lines.push(' - "' + escYaml(l) + '"'); }); + data.languages.forEach(function (language) { + lines.push(' - "' + escYaml(language) + '"'); + }); } - if (d.certifications.length) { + + if (data.certifications.length) { lines.push('certifications:'); - d.certifications.forEach(function (c) { lines.push(' - "' + escYaml(c) + '"'); }); + data.certifications.forEach(function (certification) { + lines.push(' - "' + escYaml(certification) + '"'); + }); } - if (d.available_for.length) { + + if (data.available_for.length) { lines.push('available_for:'); - d.available_for.forEach(function (a) { lines.push(' - "' + escYaml(a) + '"'); }); + data.available_for.forEach(function (value) { + lines.push(' - "' + escYaml(value) + '"'); + }); } - if (d.projects.length) { + + if (data.projects.length) { lines.push('projects:'); - d.projects.forEach(function (p) { - if (!p.name) return; - lines.push(' - name: "' + escYaml(p.name) + '"'); - if (p.url) lines.push(' url: "' + escYaml(p.url) + '"'); - if (p.description) lines.push(' description: "' + escYaml(p.description) + '"'); + data.projects.forEach(function (project) { + lines.push(' - name: "' + escYaml(project.name) + '"'); + if (project.url) lines.push(' url: "' + escYaml(project.url) + '"'); + if (project.description) lines.push(' description: "' + escYaml(project.description) + '"'); }); } + lines.push('---'); lines.push(''); - if (d.about) { + if (data.about) { lines.push('## About Me'); lines.push(''); - lines.push(d.about); + lines.push(data.about); lines.push(''); } - if (d.highlights) { + + if (data.highlights) { lines.push('## Experience Highlights'); lines.push(''); - d.highlights.split('\n').forEach(function (line) { - line = line.trim(); - if (line) lines.push('- ' + line); + data.highlights.split('\n').forEach(function (line) { + var trimmed = line.trim(); + if (trimmed) lines.push('- ' + trimmed); }); lines.push(''); } - if (d.contact) { + + if (data.contact) { lines.push('## Get in Touch'); lines.push(''); - lines.push(d.contact); + lines.push(data.contact); lines.push(''); } @@ -347,139 +578,283 @@ function getFormData() { return { - github: githubInput.value.trim(), - name: $('#field-name').value.trim(), + github: normalizeGitHubUsername(githubInput.value), + name: normalizeFreeText($('#field-name').value), specializations: state.specializations.slice(), - title: ($('#field-title').value || '').trim(), - company: ($('#field-company').value || '').trim(), - location: ($('#field-location').value || '').trim(), - linkedin: ($('#field-linkedin').value || '').trim(), - twitter: ($('#field-twitter').value || '').trim(), - bluesky: ($('#field-bluesky').value || '').trim(), - blog: ($('#field-blog').value || '').trim(), - huggingface: ($('#field-huggingface').value || '').trim(), + title: normalizeFreeText($('#field-title').value), + company: normalizeFreeText($('#field-company').value), + location: normalizeFreeText($('#field-location').value), + linkedin: normalizeFreeText($('#field-linkedin').value), + twitter: normalizeFreeText($('#field-twitter').value), + bluesky: normalizeFreeText($('#field-bluesky').value), + blog: normalizeFreeText($('#field-blog').value), + huggingface: normalizeFreeText($('#field-huggingface').value), frameworks: state.frameworks.slice(), languages: state.languages.slice(), certifications: state.certifications.slice(), available_for: state.available_for.slice(), - projects: state.projects.filter(function (p) { return p.name; }), - about: ($('#field-about').value || '').trim(), - highlights: ($('#field-highlights').value || '').trim(), - contact: ($('#field-contact').value || '').trim() + projects: state.projects + .map(function (project) { + return { + name: normalizeFreeText(project.name), + url: normalizeFreeText(project.url), + description: normalizeFreeText(project.description) + }; + }) + .filter(function (project) { return project.name; }), + about: normalizeFreeText($('#field-about').value), + highlights: normalizeFreeText($('#field-highlights').value), + contact: normalizeFreeText($('#field-contact').value) }; } - // --- Preview --- function renderPreview() { - var d = getFormData(); - var avatarUrl = 'https://github.com/' + encodeURIComponent(d.github) + '.png?size=120'; + var data = getFormData(); + var avatarUrl = 'https://github.com/' + encodeURIComponent(data.github) + '.png?size=120'; var html = '
'; - html += '' + escHtml(d.name) + ''; + + html += '' + escHtml(data.name) + ''; html += '
'; - html += '
' + escHtml(d.name) + '
'; - if (d.title) html += '
' + escHtml(d.title) + (d.company ? ' at ' + escHtml(d.company) : '') + '
'; - else if (d.company) html += '
' + escHtml(d.company) + '
'; - if (d.location) html += '
' + escHtml(d.location) + '
'; + html += '
' + escHtml(data.name) + '
'; + + if (data.title) { + html += '
' + escHtml(data.title) + (data.company ? ' at ' + escHtml(data.company) : '') + '
'; + } else if (data.company) { + html += '
' + escHtml(data.company) + '
'; + } + + if (data.location) html += '
' + escHtml(data.location) + '
'; + var socials = []; - if (d.linkedin) socials.push('LinkedIn'); - if (d.twitter) socials.push('Twitter'); - if (d.bluesky) socials.push('Bluesky'); - if (d.huggingface) socials.push('Hugging Face'); - if (d.blog) socials.push('Blog'); - socials.push('GitHub'); + if (data.linkedin) socials.push('LinkedIn'); + if (data.twitter) socials.push('Twitter'); + if (data.bluesky) socials.push('Bluesky'); + if (data.huggingface) socials.push('Hugging Face'); + if (data.blog) socials.push('Blog'); + socials.push('GitHub'); + html += '
' + socials.join('') + '
'; html += '
'; - // Sections html += '
'; html += '

Specializations

'; - d.specializations.forEach(function (s) { html += '' + escHtml(s) + ''; }); + data.specializations.forEach(function (specialization) { + html += '' + escHtml(specialization) + ''; + }); html += '
'; - if (d.languages.length) { + if (data.languages.length) { html += '

Languages & Tools

'; - d.languages.forEach(function (l) { html += '' + escHtml(l) + ''; }); + data.languages.forEach(function (language) { + html += '' + escHtml(language) + ''; + }); html += '
'; } - if (d.frameworks.length) { + if (data.frameworks.length) { html += '

Frameworks

'; - d.frameworks.forEach(function (f) { html += '' + escHtml(f) + ''; }); + data.frameworks.forEach(function (framework) { + html += '' + escHtml(framework) + ''; + }); html += '
'; } - if (d.certifications.length) { + + if (data.certifications.length) { html += '

Certifications

'; - d.certifications.forEach(function (c) { html += '' + escHtml(c) + ''; }); + data.certifications.forEach(function (certification) { + html += '' + escHtml(certification) + ''; + }); html += '
'; } - if (d.available_for.length) { + + if (data.available_for.length) { html += '

Available For

'; - d.available_for.forEach(function (a) { html += '' + escHtml(a) + ''; }); + data.available_for.forEach(function (value) { + html += '' + escHtml(value) + ''; + }); html += '
'; } html += '
'; - // Projects - if (d.projects.length) { + if (data.projects.length) { html += '

Projects

'; - d.projects.forEach(function (p) { + data.projects.forEach(function (project) { html += '
'; - html += '
' + (p.url ? '' + escHtml(p.name) + '' : escHtml(p.name)) + '
'; - if (p.description) html += '
' + escHtml(p.description) + '
'; + html += '
' + (project.url ? '' + escHtml(project.name) + '' : escHtml(project.name)) + '
'; + if (project.description) html += '
' + escHtml(project.description) + '
'; html += '
'; }); html += '
'; } - // Body - if (d.about) { + if (data.about) { html += '

About Me

'; - d.about.split('\n\n').forEach(function (p) { if (p.trim()) html += '

' + escHtml(p.trim()) + '

'; }); + data.about.split('\n\n').forEach(function (paragraph) { + if (paragraph.trim()) html += '

' + escHtml(paragraph.trim()) + '

'; + }); html += '
'; } - if (d.highlights) { + + if (data.highlights) { html += '

Experience Highlights

    '; - d.highlights.split('\n').forEach(function (line) { - line = line.trim(); - if (line) html += '
  • ' + escHtml(line) + '
    • '; + data.highlights.split('\n').forEach(function (line) { + var trimmed = line.trim(); + if (trimmed) html += '
  • ' + escHtml(trimmed) + '
    • '; }); html += '
'; } - if (d.contact) { + + if (data.contact) { html += '

Get in Touch

'; - d.contact.split('\n\n').forEach(function (p) { if (p.trim()) html += '

' + escHtml(p.trim()) + '

'; }); + data.contact.split('\n\n').forEach(function (paragraph) { + if (paragraph.trim()) html += '

' + escHtml(paragraph.trim()) + '

'; + }); html += '
'; } $('#profile-preview').innerHTML = html; } - // --- Submit to GitHub --- - var submitBtn = $('#btn-submit-github'); - submitBtn && submitBtn.addEventListener('click', function () { - var d = getFormData(); - var markdown = generateMarkdown(); - var issueTitle = 'New Profile: ' + d.github; - var issueBody = '\n```yaml\n' + markdown + '```'; - var issueUrl = 'https://github.com/' + REPO_OWNER + '/' + REPO_NAME + '/issues/new' - + '?title=' + encodeURIComponent(issueTitle) - + '&body=' + encodeURIComponent(issueBody) + function buildSubmissionPayload(markdown) { + var payloadJson = JSON.stringify({ version: 1, markdown: markdown }); + return PROFILE_SUBMISSION_START + '\n' + toBase64(payloadJson) + '\n' + PROFILE_SUBMISSION_END; + } + + function buildIssueUrl(title) { + return 'https://github.com/' + REPO_OWNER + '/' + REPO_NAME + '/issues/new' + + '?title=' + encodeURIComponent(title) + + '&body=' + encodeURIComponent(PREFILLED_ISSUE_BODY) + '&labels=' + encodeURIComponent('profile-submission'); + } + + function toBase64(value) { + var bytes = new TextEncoder().encode(value); + var binary = ''; + bytes.forEach(function (byte) { + binary += String.fromCharCode(byte); + }); + return window.btoa(binary); + } - window.open(issueUrl, '_blank'); - if (window.history.replaceState) { - window.history.replaceState(null, '', window.location.pathname + '?submitted=1'); + async function copyTextToClipboard(value) { + if (navigator.clipboard && window.isSecureContext) { + try { + await Promise.race([ + navigator.clipboard.writeText(value), + new Promise(function (_, reject) { + window.setTimeout(function () { + reject(new Error('Clipboard write timed out.')); + }, 1200); + }) + ]); + return true; + } catch (error) { + // Fall through to legacy copy path. + } } - }); - // --- Utilities --- - function escHtml(s) { + if (submitPayloadWrap) submitPayloadWrap.open = true; + if (submitPayloadField) { + submitPayloadField.value = value; + submitPayloadField.focus(); + submitPayloadField.select(); + submitPayloadField.setSelectionRange(0, value.length); + } + + try { + return document.execCommand('copy'); + } catch (error) { + return false; + } + } + + function setSubmitButtonBusy(isBusy) { + if (!submitBtn) return; + + if (!submitBtn.dataset.defaultLabel) { + submitBtn.dataset.defaultLabel = submitBtn.textContent; + } + + submitBtn.disabled = isBusy; + submitBtn.textContent = isBusy ? 'Preparing GitHub submission issue…' : submitBtn.dataset.defaultLabel; + } + + function showSubmitFallback(copyWorked, issueOpened) { + if (!submitFallback || !submitFallbackStatus || !submitIssueLink || !submitPayloadField) return; + + submitFallback.hidden = false; + submitIssueLink.href = submitState.issueUrl; + submitPayloadField.value = submitState.payload; + + var message = copyWorked + ? 'Profile payload copied. Paste it into the GitHub issue body before you submit the issue.' + : 'Automatic copy did not work. Use the button below or copy the payload from the expandable panel before submitting the GitHub issue.'; + + if (!issueOpened) { + message += ' GitHub did not open automatically, so use the "Open GitHub submission issue" button below.'; + } + + submitFallbackStatus.textContent = message; + + if (!copyWorked && submitPayloadWrap) { + submitPayloadWrap.open = true; + } + + submitFallback.focus({ preventScroll: true }); + submitFallback.scrollIntoView({ behavior: 'smooth', block: 'start' }); + } + + if (copyPayloadBtn) { + copyPayloadBtn.addEventListener('click', async function () { + if (!submitState.payload) return; + var copied = await copyTextToClipboard(submitState.payload); + submitFallbackStatus.textContent = copied + ? 'Profile payload copied again. Paste it into the GitHub issue body, then submit the issue.' + : 'Copy still needs to happen manually. Select the payload below and copy it into the GitHub issue body.'; + if (!copied && submitPayloadWrap) submitPayloadWrap.open = true; + }); + } + + if (submitBtn) { + submitBtn.addEventListener('click', async function () { + if (!validateAllSteps()) return; + + setSubmitButtonBusy(true); + + try { + var formData = getFormData(); + var markdown = generateMarkdown(); + var issueTitle = 'New Profile: ' + formData.github; + var popup = window.open('', '_blank'); + + submitState.payload = buildSubmissionPayload(markdown); + submitState.issueUrl = buildIssueUrl(issueTitle); + + var copied = await copyTextToClipboard(submitState.payload); + if (popup) { + popup.opener = null; + popup.location = submitState.issueUrl; + } + + showSubmitFallback(copied, Boolean(popup)); + } finally { + setSubmitButtonBusy(false); + } + }); + } + + function escHtml(value) { var div = document.createElement('div'); - div.appendChild(document.createTextNode(s)); + div.appendChild(document.createTextNode(value)); return div.innerHTML; } - function escYaml(s) { - return s.replace(/\\/g, '\\\\').replace(/"/g, '\\"').replace(/\n/g, '\\n').replace(/\r/g, '\\r').replace(/\t/g, '\\t'); + function escYaml(value) { + return value + .replace(/\\/g, '\\\\') + .replace(/"/g, '\\"') + .replace(/\n/g, '\\n') + .replace(/\r/g, '\\r') + .replace(/\t/g, '\\t'); } })(); diff --git a/site/index.njk b/site/index.njk index 2f2f818..01b414d 100644 --- a/site/index.njk +++ b/site/index.njk @@ -22,6 +22,8 @@ permalink: /index.html
+{% set activeJobs = collections.jobs %} + {% include "partials/filter-bar.njk" %}
@@ -34,6 +36,29 @@ permalink: /index.html
+
+
+
+

Open Roles

+

Open GRC Engineering Roles

+

A community resource from the GRC Engineering Club that surfaces open GRC engineering roles alongside the member directory, using curated ATS imports.

+
+ Browse jobs +
+ + {% if activeJobs.length %} +
+ {% for job in activeJobs %} + {% if loop.index0 < 3 %} + {% include "partials/job-card.njk" %} + {% endif %} + {% endfor %} +
+ {% else %} +

No jobs have been imported yet. Run npm run import:jobs to populate the board from free sources.

+ {% endif %} +
+

Community Insights

A snapshot of the skills, frameworks, and availability across the directory.

diff --git a/site/jobs.njk b/site/jobs.njk new file mode 100644 index 0000000..a99a056 --- /dev/null +++ b/site/jobs.njk @@ -0,0 +1,47 @@ +--- +layout: layouts/base.njk +title: Open GRC Engineering Roles +permalink: /jobs/index.html +description: A GRC Engineering Club community resource for browsing open GRC engineering roles alongside the member directory. +--- +
+
+

Jobs

+

Open GRC Engineering Roles

+

A community resource from the GRC Engineering Club for exploring open GRC engineering roles alongside the member directory. Each role is tagged to the same frameworks and skill areas used in engineer profiles, so it is easier to compare jobs and people in one place.

+
+
+ {{ collections.jobs.length }} Open roles +
+
+ {{ collections.jobs | uniqueValues("specializations") | length }} Specializations +
+
+ {{ collections.jobs | uniqueValues("sources") | length }} Sources +
+
+
+
+ +{% include "partials/job-filter-bar.njk" %} + +
+

{{ collections.jobs.length }} jobs

+ + {% if collections.jobs.length %} +
+ {% for job in collections.jobs %} + {% include "partials/job-card.njk" %} + {% endfor %} +
+ {% else %} +
+

No jobs imported yet

+

Run npm run import:jobs to pull in roles from the curated ATS board list. The board is automation-first and currently relies on public Greenhouse and Ashby sources.

+
+ {% endif %} + + +
+ + diff --git a/site/submit.njk b/site/submit.njk index 90df42e..715d0ff 100644 --- a/site/submit.njk +++ b/site/submit.njk @@ -1,13 +1,14 @@ --- layout: layouts/base.njk title: Submit Your Profile — GRC Engineer Directory +description: Submit your GRC Engineering Club engineer profile through GitHub for maintainer review. permalink: /submit/index.html ---

Join the Directory

-

Fill out your profile below. When you're ready, we'll open GitHub so you can submit it — a PR will be created for you automatically.

+

Fill out your profile below. When you're ready, we'll copy your profile payload and open a GitHub submission issue for you. After you submit the issue, maintainers review the generated pull request before your profile goes live.

@@ -23,20 +24,20 @@ permalink: /submit/index.html

Identity * required

-
- -
Your profile avatar will be pulled from GitHub automatically.
-
- - +
+ +
Your profile avatar will be pulled from GitHub automatically.
+
+ + +
+
-
-
-
+
@@ -63,7 +64,7 @@ permalink: /submit/index.html
-
+
@@ -96,7 +97,7 @@ permalink: /submit/index.html
-
+
@@ -118,7 +119,7 @@ permalink: /submit/index.html
-
+
@@ -209,7 +210,7 @@ permalink: /submit/index.html
-
+
@@ -239,16 +240,35 @@ permalink: /submit/index.html