Security & Compliance Lead

Summary

Join CompanyCam as their first dedicated Security & Compliance Lead to own security governance, compliance operations, and customer trust initiatives. This high-impact role involves translating policy into practical processes, collaborating with engineers, legal, and leadership, and ensuring systems meet the highest standards. You will be responsible for the day-to-day operations of the SOC 2 Type II compliance program, serving as the security & compliance subject matter expert, and managing third-party penetration testing. Additional responsibilities include maintaining the customer-facing Trust Center, reviewing vendor contracts, responding to security questionnaires, and collaborating with Legal on regulatory requirements. The role also includes maintaining and improving security policies, conducting risk assessments, promoting a strong security culture, and staying informed about emerging threats. This position offers a significant impact on CompanyCam's security and compliance, directly influencing customer trust and satisfaction.

Requirements

• Show up : Have the courage to do difficult but necessary work
• Grow up : Take ownership, learn continuously, and bring a growth mindset
• Do good : Treat your teammates and customers the way you'd want to be treated
• 4+ years experience in security compliance, GRC, or a related function, ideally in a B2B SaaS environment
• Hands-on experience with SOC 2, ISO 27001, GDPR, CCPA/CPRA , or similar compliance frameworks
• Experience supporting or administering a GRC platform like Vanta, Drata, or Tugboat Logic
• Skilled in managing security questionnaires, audit evidence collection, and vendor risk assessments
• Strong written communication skills, able to translate complex compliance requirements into clear, actionable guidance
• Comfortable working cross-functionally with engineering, legal, external auditors, and customers
• Track record of maintaining or building Trust Centers and compliance documentation
• You live and work permanently in the U.S. (We’re not set up to hire outside the U.S.)

Responsibilities

• Own day-to-day operations of our SOC 2 Type II compliance program (powered by Vanta), including evidence collection, control monitoring, and audit readiness
• Serve as the security & compliance subject matter expert for engineering and product teams, maintaining internal documentation and consulting during product design and delivery
• Coordinate annual third-party penetration testing: schedule tests, triage findings, track remediation, and schedule retests
• Manage and maintain our customer-facing Trust Center, ensuring disclosures on security, privacy, and compliance are current
• Review procurement and vendor contracts for security-related requirements and risks
• Respond to security questionnaires and due diligence requests from prospective customers and partners
• Collaborate with Legal to translate regulatory and contractual requirements into clear engineering specifications and support subpoena responses
• Maintain and improve security policies, conduct risk assessments, and support remediation efforts across teams
• Promote a strong security culture through awareness training and supporting secure-by-default engineering practices
• Stay informed about emerging threats and evolving compliance obligations

Preferred Qualifications

• Familiarity with incident response planning, subpoena/data disclosure workflows, and DevSecOps principles
• Experience promoting security awareness and embedding secure-by-default practices in engineering teams
• Ability to play a foundational role in growing security maturity and compliance posture over time

Benefits

• This is a salaried position at CompanyCam
• Our salary range is $175,000 - $205,000 p er year and is based on experience
• We also offer meaningful equity and other benefits