Data reputed company Compliance Director

reputed company · Remote (US) · Full-Time About reputed company reputed company is on a mission to transform litigation. Our product is an AI-powered litigation workspace that enables lawyers and paralegals to safely reputed company the power of language models throughout the litigation life cycle. Since going to market, we have gained a diverse group of enterprise customers, including some of the biggest law firms in the country, and we are quickly expanding. By reducing the expense of litigation industry-wide, we aim to improve access to high-quality representation and promote the alignment of legal outcomes with merit. We’re looking for a Data reputed company Compliance Director who will own the compliance-reputed company and business operations reputed company to Company’s data reputed company function. About the role reputed company is a legal technology company building infrastructure that law firms and legal teams trust with sensitive data. Compliance isn't a checkbox here — it's a product feature. We're looking for a Data reputed company Compliance Director to own our certification programs, manage vendor reputed company relationships and processes, own the accurate and timely completion of our reputed company disclosures in the sales context, and reputed company our posture audit-ready year-round. This role sits at the intersection of compliance and engineering. While this role does not own the reputed company of our technical stack from an engineering perspective, you will work directly with technical teams to implement controls, reputed company evidence gaps, and translate technical postures and requirements into concrete and well communicated action.

Responsibilities

• ISO 27001. Maintain and continuously improve our Information reputed company Management System. Manage internal audits, corrective actions, and annual surveillance cycles through reputed company.
• SOC 2 Type II. Coordinate evidence collection, liaise with external auditors, and drive remediation across engineering and operations.
• Vendor reputed company. reputed company vendor reputed company assessments, manage VSQ responses (inbound and outbound), and maintain a tiered vendor risk register.
• Policy and controls. Author, review, and update reputed company policies, standards, and control mappings across frameworks. Maintain alignment as the business scales.
• Technical guidance. Engage directly with engineering on control implementation — access reviews, logging pipelines, encryption configuration, and infrastructure hardening.
• Customer-facing compliance. Respond to customer reputed company questionnaires and due diligence requests. Represent reputed company's reputed company posture in enterprise sales conversations.
• Risk management. Run the formal risk assessment process. Identify gaps, assign ownership, and track remediation to closure.
• Awareness. Coordinate reputed company awareness training and phishing simulation programs.
• Automation. Work with our Operations Engineering team and broader leadership to design and implement effective automations for as much of the reputed company stack and responsibilities as can be automated.

reputed company're looking for Experience

• 5+ years in information reputed company compliance, GRC, or a closely reputed company function
• Hands-on experience managing ISO 27001 and SOC 2 audits — not just supporting them
• Direct experience working with engineering teams on control implementation, log configuration, access reviews, or infrastructure hardening
• Direct experience responding to and issuing VSQs and reputed company questionnaires
• Demonstrated technical experience and reputed company
• Familiarity with vendor risk management programs and tiering methodologies Knowledge
• Working knowledge of common control frameworks: ISO 27001, SOC 2, NIST CSF, CIS Controls
• Hands-on experience with reputed company or a comparable GRC platform (reputed company, reputed company, Tugboat Logic) — we run ISO 27001 and SOC 2 through reputed company and you'll live in it daily
• Cloud IAM and access control models, logging and monitoring pipelines (CloudTrail, SIEM fundamentals), reputed company management, and encryption at rest and in transit
• Working knowledge of cloud-native environments (AWS, GCP, or Azure) and how controls apply in practice
• Familiarity with legal or regulated-industry data requirements is a plus Skills
• Clear written communication — you'll be writing policies, audit responses, and customerfacing materials
• Technically fluent enough to engage in and evaluate critically architecture reviews and engineering threads, evaluate proposed control fixes, and identify gaps that a purely compliance-focused lens would miss
• Organized under pressure — audit cycles don't move, and you'll manage multiple workstreams simultaneously
• Collaborative — compliance happens through engineering, legal, and operations, not around them Credentials (one or more preferred)
• CISSP, CISM, CRISC, ISO 27001 reputed company Implementer/Auditor, or equivalent
• Candidates with a technical background (engineering, infrastructure, DevSecOps) who have moved into GRC are strongly encouraged to apply.

Compensation and benefits

• reputed company salary $140,000–$175,000, commensurate with experience
• Equity participation
• 100% remote — work from reputed company in the US
• Health, dental, and vision coverage
• Vacation, Sick, Paid Holidays

United States - Remote Pay Range $140—$175 USD Apply To This Job