Security & Compliance Lead

We’re looking for a proactive, detail-oriented Security & Compliance Lead to own our security governance, compliance operations, and customer trust initiatives. This is a high-impact, cross-functional role, perfect for someone who thrives on translating policy into practical processes, working closely with engineers, legal, and leadership, and ensuring our systems meet the highest standards expected by customers, auditors, and regulators. You’ll be the company’s first dedicated hire in security compliance, reporting to our Director of Engineering Operations and partnering with Platform Engineering, Legal, and our vCISO to build a strong, scalable security posture.

Our engineering team is remote-first, spanning every time zone in the United States. We welcome people from all backgrounds and really don't care whether or not you have a CS degree or even a high school diploma. All that matters is that you're not an a**hole and you're good at what you do.

At CompanyCam we’re driven to produce work with meaningful outcomes. That means not just dumping features and “improvements” but being able to reflect and learn from our outputs. We’re actively working to center our work on continuous discovery habits (CDH) as outlined by Teresa Torres.

Okay, that’s how we identify work to do, but how do we actually work? Our teams are made up of a product manager, a product designer, a tech lead and an appropriate number of engineers for the scope of your team. We take a flexible approach, pulling from Agile, Scrum, Kanban, and even Shape Up. Rather than being overly prescriptive, we provide guardrails and just enough constraints to keep teams moving. Each team is expected to collaborate, iterate, and refine their best practices to produce high-quality work.

• Own day-to-day operations of our SOC 2 Type II compliance program (powered by Vanta), including evidence collection, control monitoring, and audit readiness
• Serve as the security & compliance subject matter expert for engineering and product teams, maintaining internal documentation and consulting during product design and delivery
• Coordinate annual third-party penetration testing: schedule tests, triage findings, track remediation, and schedule retests
• Manage and maintain our customer-facing Trust Center, ensuring disclosures on security, privacy, and compliance are current
• Review procurement and vendor contracts for security-related requirements and risks
• Respond to security questionnaires and due diligence requests from prospective customers and partners
• Collaborate with Legal to translate regulatory and contractual requirements into clear engineering specifications and support subpoena responses
• Maintain and improve security policies, conduct risk assessments, and support remediation efforts across teams
• Promote a strong security culture through awareness training and supporting secure-by-default engineering practices
• Stay informed about emerging threats and evolving compliance obligations

• Be the cornerstone of CompanyCam’s security and compliance, directly influencing customer trust and satisfaction
• Enable engineering and product teams to build and ship with confidence by embedding security and compliance best practices early in development
• Drive continuous improvement in our security posture, helping scale governance sustainably as we grow
• Strengthen CompanyCam’s market position by maintaining a robust Trust Center and ensuring compliance with evolving regulations
• Collaborate cross-functionally to shape security culture and practices, empowering teams and reducing organizational risk

Must-haves

These are our non-negotiables:

• Show up: Have the courage to do difficult but necessary work
• Grow up: Take ownership, learn continuously, and bring a growth mindset
• Do good: Treat your teammates and customers the way you'd want to be treated
• 4+ years experience in security compliance, GRC, or a related function, ideally in a B2B SaaS environment
• Hands-on experience with SOC 2, ISO 27001, GDPR, CCPA/CPRA, or similar compliance frameworks
• Experience supporting or administering a GRC platform like Vanta, Drata, or Tugboat Logic
• Skilled in managing security questionnaires, audit evidence collection, and vendor risk assessments
• Strong written communication skills, able to translate complex compliance requirements into clear, actionable guidance
• Comfortable working cross-functionally with engineering, legal, external auditors, and customers
• Track record of maintaining or building Trust Centers and compliance documentation
• You live and work permanently in the U.S. (We’re not set up to hire outside the U.S.)

Nice-to-haves

• Familiarity with incident response planning, subpoena/data disclosure workflows, and DevSecOps principles
• Experience promoting security awareness and embedding secure-by-default practices in engineering teams
• Ability to play a foundational role in growing security maturity and compliance posture over time

This is a salaried position at CompanyCam. Our salary range is $175,000 - $205,000 per year and is based on experience.  We also offer meaningful equity and other benefits.

CompanyCam is an equal-opportunity employer committed to respect, inclusion, and growth. We work hard, take responsibility, and support each other. Great ideas come from all backgrounds, and we carefully consider every applicant without regard to personal characteristics or traits. Even if your work experience doesn’t align perfectly, we encourage you to apply. What really matters to us is your potential, your passion, and your commitment to learning, innovation, and contributing meaningfully to our team.

For any accommodations or technical issues related to the online application or interview process, please email [email protected] and we’ll respond promptly. Please do not include any medical or health information in your message.

Note: Resumes sent to this email will not be reviewed or responded to. To be considered for a position, you must apply directly through our careers page.