🛠 Tech Stack

💼 About This Role

You'll own and mature Atlan's compliance program across SOC 2, ISO 27001, and HIPAA, acting as the technical architect of a Continuous GRC Maturity Program. You'll transform compliance from manual firefighting into automated, scalable infrastructure, driving FedRAMP readiness and integrating GRC platforms with engineering tooling. This role sits on the GRC & Platform Security team with significant autonomy to build a better way to do compliance.

🎯 What You'll Do

• Lead end-to-end audit execution for SOC 2, ISO 27001, and HIPAA.
• Drive FedRAMP readiness by assessing gaps and building roadmaps.
• Mature enterprise risk management with measurable metrics and reviews.
• Own third-party risk management including vendor assessments and monitoring.

📋 Requirements

• 5+ years owning SOC 2 Type II audits end-to-end.
• Hands-on experience with ISO 27001 and at least two of GDPR, HIPAA, FedRAMP.
• Experience with GRC platforms (Vanta, Drata, Secureframe) extended via API.
• Able to influence engineering, product, and legal without formal authority.

✨ Nice to Have

• CISA, CRISC, CISM, or CGRC certification.
• FedRAMP or NIST framework implementation experience.
• Prior security engineering background before moving into GRC.

🎁 Benefits & Perks

• 💰 Competitive Compensation with strong base salary, variable pay, and equity.
• 🏖️ Remote Work flexibility.
• 📈 Impact-driven equity for most roles.
• 🌍 Global team and culture.