Director of Compliance
We’re looking for a Director of Compliance to design, operate, and audit an industry-leading ISMS, serving as a subject matter expert to the Aptible Team and our broader community.
This is a unique opportunity to be a high-impact, early member of the Aptible Team, helping innovative companies become trustworthy and build trust with others. Reporting directly to our Chief Executive Officer, you’ll be responsible for all areas of security operations and compliance at Aptible, acting as our primary internal stakeholder and leading the way for our current and prospective clients.
It’s true: Software is eating the world, powered by the Internet. A growing wave of developers all over the world are using web-scale technology to build and deploy healthcare, fintech, banking, payments, IoT, blockchain, machine learning, and other B2B applications.
Security and compliance are mandatory from day one for these teams of developers, but many of them struggle. When their teams are small, they can’t afford to hire full-time for security or compliance. When they scale, they find that existing security and compliance management tools suck.
At Aptible, we make people-centered security products that help developer teams build security into their architecture and their organization’s culture. Today, we have two products: Enclave and Gridiron.
Enclave is a container orchestration platform built for developers that automates security best practices and controls needed for deploying and scaling Dockerized apps in regulated industries. Gridiron is like the missing QuickBooks + TurboTax for security management. It helps developers design and run security management programs that meet and exceed requirements like HIPAA, SOC 2, and ISO 27001. Customers use it to build trust with their own customers and partners, and prepare for certifications.
What You’ll Do
- You’ll own our internal and external audit program (ISO 27001, SOC 2, HITRUST), as well as our internal regulatory compliance program (HIPAA, GDPR). You’ll actively use Gridiron to lead these efforts, acting as our primary internal stakeholder and setting the example for our clients on how to design, operate, and audit an industry-leading ISMS.
- You’ll serve as the voice of our clients, delivering subject matter insights and constructive feedback to our Product and Engineering Teams to inform the development of Gridiron.
- You’ll serve as a coach to the Aptible Team, developing an employee training program and an internal knowledge base to build subject matter expertise within our organization.
- You’ll serve as a teacher to our clients, explaining complicated concepts in accessible terms, and developing an external knowledge base to educate and build our community.
- You’ll evangelize the Gridiron “Compliance as Code” Philosophy, establishing yourself as a thought leader through written collateral and public speaking engagements.
About You: Strengths
- Information Security Expertise: You’re a subject matter expert with a background in Security Architecture or Engineering, ideally at both late- and early- stage companies.
- Cloud-First Approach: You’re a subject matter expert with a track record of success in developing and implementing complex, cloud-based information security technologies.
- Security Standards & Data Privacy Expertise: You’re a subject matter expert with a track record of success in leading an internal audit program (ISO 27001, SOC 2, HITRUST), as well as an internal regulatory compliance program (HIPAA, GDPR). Bonus: You also have a CIPP/E or CISSP Certification.
- Verbal and Written Communication Skills: You have experience explaining complicated concepts and drafting clear communications that demonstrate attention to detail, across all levels of a complex organization.
- Project Management Skills: You have experience running several projects at once in a dynamic environment. You’re comfortable working collaboratively with internal and external clients, taking initiative to move projects forward and deliver results on time.
- Client Services Skills: You're committed to delivering service excellence in every client interaction. You have experience leading and developing work product for external clients. Experience in Professional Services is helpful, but not required.
About You: Other Attributes
- Ownership Mentality: You take ownership, responsibility, and initiative. You have a track record of consistently delivering impactful, high-quality work on time.
- People-Oriented: You’re excited to work with a small group of high-performers. You foster collaboration, build trust, and support information sharing with colleagues.
- Love for Learning: You’re looking for an environment that challenges you to gain new knowledge and grow professionally every day. You’re adaptable in the face of change.
- Appetite for Remote Work: You’re ready to work with a fully distributed team, communicating asynchronously, deliberately, and openly across time zones and cultures.
- Passion for Internet Security: You want to create a more secure Internet, and are excited to help innovative companies solve their hardest engineering and regulatory problems.
- Making the Internet safe to trust with sensitive data is a good thing! It’s also pretty fun. You’ll learn a lot about Security, Compliance, DevOps, and SaaS.
- You’ll feel invested in your work and make an impact. We’re highly transparent internally with business strategy, important decisions, and our failures and successes.
- You’ll help build a business for the long-term and invest in a sustainable business model. We’re backed by excellent investors and have the resources we need to do a great job.
- Everyone gets to live in the place that suits them best. We work remotely, and meet up at least twice a year in places like Barcelona, Mexico, and New York. Next Up: Paris?
- Commitment: Full-Time
- Location: Anywhere
- Compensation: Competitive Salary, Equity, Health Benefits, Flexible Paid Time Off
Our Commitment to Diversity and Inclusion
We prioritize diversity within our team and value different perspectives, educational backgrounds, and life experiences. We encourage people from underrepresented backgrounds to apply.