Skip to content

Trust & compliance

Security & Compliance Lead

Build and run the security and compliance program for a fast-growing GPU cloud. You'll own SOC 2 Type II, ISO 27001 certification, HIPAA-ready posture, and the BYOK / HYOK roadmap. You'll be the named person on every customer security questionnaire.

Apply by emailAll open roles

The team

About the team

Trust & compliance is a small standalone function that reports to the founder. You'll start as the first dedicated hire on the team and pick up a security engineer in the first six months, with budget for an external auditor and a fractional vCISO if you want one.

Reports to the founder. Owns the trust pages, the audit calendar, and the security questionnaire library.

The role

What you'll do

  • Run the annual SOC 2 Type II audit — scoping, evidence collection, control testing, report delivery — and keep the audit window stable each year.

  • Drive ISO 27001 certification end-to-end (Statement of Applicability, ISMS, internal audit, certification body).

  • Maintain HIPAA-ready posture and the BAA program; keep a small but real list of healthcare customers signable.

  • Ship BYOK then HYOK on the platform with the runtime and cluster teams. Own the customer-facing key-management story.

  • Own customer security questionnaires and pre-sales review (CAIQ v4, SIG, custom). Scale the answer library so AEs do not bottleneck on you.

  • Handle incident response, breach-notification clock, and post-mortem write-ups for any security incident.

The bar

What we're looking for

  • Seven-plus years in security and compliance at a cloud / SaaS / infrastructure company; at least one full SOC 2 Type II under your name.

  • Operational experience running an ISMS — ISO 27001 certified or one cert away.

  • Real understanding of cloud-infra security primitives: KMS / HSM, hardware roots of trust, network segmentation, IDS/IPS, vulnerability management.

  • Comfort writing — questionnaire answers, customer-facing trust pages, board-level updates.

  • Calm decision-making under pressure. Real incident-response experience preferred.

Bonus

Nice to have, not required

  • FedRAMP Moderate or DOJ CJIS familiarity (we are not pursuing, but customers ask).

  • Experience with HSM / KMS engineering and key-management protocol design.

  • Privacy-program experience (GDPR Art. 28, CPRA service-provider).

  • Past CISO or security lead of a compute / GPU / inference business.

Compensation

In writing, like everything else

We publish bands. We meet them. The number you see on the offer is the same number your future peers got at the same level. We do not negotiate; we level.

Base

$240,000 – $310,000 USD.

Equity

Senior-leadership equity grant, refreshed on tenure milestones.

Notes

Budget for an external auditor and a fractional vCISO is approved on day one.

How to apply

One email is enough

Send a short note to careers@iframe.ai with the role title in the subject line. Include your CV or LinkedIn, one or two links to work you're proud of, and a sentence on why this role specifically. Hiring managers reply within five business days, regardless of outcome.

  1. 01

    Application

    A hiring manager reads every email. Reply within five business days.

  2. 02

    Manager call

    30–45 minutes. Scope, role, mutual fit. We share the comp band on this call.

  3. 03

    Technical loop

    3–4 sessions on the same day. Real problems, no homework, no whiteboard riddles.

  4. 04

    Offer

    Same-week offer at the published band for your level. Start dates are flexible.

Also open

Other roles you might consider

All open roles

One last thing

If this role isn't quite right but you'd be a fit at iframe.ai, write anyway.

Senior engineers and researchers can apply outside the listed roles. The bar is the same. The reply window is the same.

Apply: Security & Compliance LeadGeneral application