We bind our fortunes to those who dare to burn
away the obsolete and forge the unimagined future.

Technical Program Manager | SOC2 Compliance



IT, Legal, Operations
Palo Alto, CA, USA
Posted on Tuesday, February 6, 2024
About Trust Lab
Online misinformation, hate speech, child endangerment, and extreme violence are some of the world's most critical and complex problems. Trust Lab is a fast-growing, VC-backed startup, founded by ex-Google, TikTok and Reddit executives determined to use software engineering, ML, and data science to tackle these challenges and make the internet healthier and safer for everyone.
If you’re interested in working with the world’s largest social media companies and online platforms, and building technologies to mitigate these issues, you’ve come to the right place.
About the Role
We are looking for an experienced and driven Compliance Manager who is looking to put their auditing experience, technical expertise, and information security knowledge to plan, execute, and deliver on existing and strategic new compliance certifications. As our Compliance Manager, you will play a key role in building scalable and efficient processes related to corrective actions, product compliance, and the overall compliance framework. The right person will be excellent at communicating vertically and horizontally across the company and will be comfortable explaining TrustLab's compliance posture to both internal and external customers, working cross-functionally, and providing technical and creative guidance to technical teams.

What You'll Do

  • Drive Compliance programs such as SOC2 and ISO 27000 series; support and drive both compliance and customer audits
  • Query security lake data and log data to identify and debug security issues
  • Triage security/SOC2 alerts from systems such as Vanta and Security Hub while making efficient use of engineering and DevOps resources
  • Provide compliance guidance on new product features, deviations, and changes in the infrastructure
  • Communicate gaps to management and coordinate cross-functional team meetings to remediate and close the control gaps
  • Build relationships with internal and external stakeholders
  • Accurately and effectively communicate our compliance position and programs to auditors and customers

Who You Are

  • You have led a SOC2 Compliance program. Knowledge of other compliance frameworks (SOC, ISO 27001, GDPR, NIST 800-53) a strong plus
  • You have worked with Vanta or a similar platform
  • Strong familiarity with the AWS ecosystem and the ability to work with security solutions offered by AWS, such as WAF, Security Hub, Security Lake, etc...
  • BS degree in Business or Management Information Systems or related field OR equivalent work experience
  • 6+ years experience in an equivalent technology risk and compliance-related role
  • QSA, CISA, CIA, CISSP or other related certifications a plus
  • Experience working with and implementing GRC tools and processes
  • Excellent written, verbal communication and presentation skills
  • Big 4 Experience, Management Consulting Experience, or Startup Experience preferred
  • Willingness to wear different hats and work on areas where needed
  • Amazing organizational skills with a drive to succeed in a fast-paced environment
  • Ability to hustle, get stuff done, and has strong integrity

Opportunities and Perks

  • Competitive total compensation package with stock options at a rapidly growing Series A, VC-backed startup
  • Work from home office support to create the perfect at-home setup
  • Individual wellness stipend
  • Professional development opportunities
  • Influence new product direction from idea to commercialization
  • Help develop critical tech to solve one of the 21st century’s trickiest societal problems