Security & Compliance Operations Manager
Mintlify · San Francisco, CA · 2 days ago
On-siteInformation Technology$120k–$180k/yrFull-time
The Role
We're hiring our first dedicated GRC Program Manager to own the security & compliance program that our enterprise business runs on: SOC 2 Type II, ISO 27001, ISO 42001, GDPR, and Microsoft SSPA. The program exists and is well-documented — audits are mid-flight, the vCISO and auditors are engaged, the platform (Drata) is deployed. What it needs is a single accountable operator.
What You'll Do
- Run five compliance programs end-to-end — own the audit calendar, evidence collection, remediation tracking, and auditor relationships (Sensiba for SOC 2/ISO; A-LIGN for Microsoft SSPA)
- Administer Drata — keep monitors green, assign and validate evidence, manage policies and the trust center
- Own the vendor bench — drive the weekly Rhymetec vCISO engagement, manage renewals and contracts across the security/compliance vendor portfolio
- Run the standing processes — security questionnaire escalation, inbound vendor security reviews, bug bounty coordination (triage, researcher comms, payouts), trainings and access-review cadences
- Be the customer-facing compliance voice — trust center, DPAs, subprocessor list, and enterprise security requirements (Microsoft, Coinbase, Okta-style programs)
- Clockwork coordination — route technical work to Engineering DRIs with clear asks, and keep leadership out of the coordination loop
What We're Looking For
- 3+ years in GRC / compliance program management / security operations with direct audit ownership
- Hands-on compliance-platform administration (Drata, Vanta, or similar)
- Vendor and auditor relationship management as the accountable owner
- Meticulous follow-through — in this job, a dropped thread is an audit finding
- Bias toward automation and pushing work to tests/vendors rather than doing it manually forever
Bonus Points
- ISO 42001 / AI governance exposure
- GDPR operations (DSARs, RoPA, consent tooling)
- Early-stage startup experience as a sole compliance owner
Company Benefits
- Competitive compensation and equity
- 20 days paid time off every year
- 401k or RRSP
- $420/month wellness stipend
- 100% coverage for Health, dental, vision
- Free Ubers to and from work
- Free lunch and dinners
- Annual team offsite (previously went to Alaska, Hawaii)
Compensation Range
$120K - $180K