Mintlify
Security & Compliance Operations Manager
today
120000 –180000 USD / yearUSAMiddlesoc 2iso 27001gdpraudit managementdratavendor management
Manage and operate security and compliance programs including SOC 2 Type II, ISO 27001, ISO 42001, GDPR, and Microsoft SSPA.
Responsibilities
- We're hiring our first dedicated GRC Program Manager to own the security & compliance program that our enterprise business runs on: SOC 2 Type II, ISO 27001, ISO 42001, GDPR, and Microsoft SSPA. The program exists and is well-documented — audits are mid-flight, the vCISO and auditors are engaged, the platform (Drata) is deployed. What it needs is a single accountable operator.
- Run five compliance programs end-to-end — own the audit calendar, evidence collection, remediation tracking, and auditor relationships (Sensiba for SOC 2/ISO; A-LIGN for Microsoft SSPA)
- Administer Drata — keep monitors green, assign and validate evidence, manage policies and the trust center
- Own the vendor bench — drive the weekly Rhymetec vCISO engagement, manage renewals and contracts across the security/compliance vendor portfolio
- Run the standing processes — security questionnaire escalation, inbound vendor security reviews, bug bounty coordination (triage, researcher comms, payouts), trainings and access-review cadences
- Be the customer-facing compliance voice — trust center, DPAs, subprocessor list, and enterprise security requirements (Microsoft, Coinbase, Okta-style programs)
- Coordinate, don't silo — route technical work to Engineering DRIs with clear asks, and keep leadership out of the coordination loop
Requirements
- 3+ years in GRC / compliance program management / security operations with direct audit ownership
- Hands-on compliance-platform administration (Drata, Vanta, or similar)
- Vendor and auditor relationship management as the accountable owner
- Meticulous follow-through — in this job, a dropped thread is an audit finding
- Bias toward automation and pushing work to tests/vendors rather than doing it manually forever
- Bonus Points: ISO 42001 / AI governance exposure. GDPR operations (DSARs, RoPA, consent tooling). Early-stage startup experience as a sole compliance owner.
Conditions
- Competitive compensation and equity
- 20 days paid time off every year
- 401k or RRSP
- $420/month wellness stipend
- 100% coverage for Health, dental, vision
- Free Ubers to and from work
- Free lunch and dinners
- Annual team offsite (previously went to Alaska, Hawaii)
Other
- We're on a mission to empower builders.
- Massive reach: Our docs platform serves 100 million+ developers every year and powers documentation for 20,000+ companies, including Anthropic, Microsoft, PayPal, Spotify, Coinbase, X, and over 20% of the last YC batch.
- Small team, huge impact: We recently passed 65 employees and raised a $45 million Series B led by A16Z and Salesforce Ventures. Each new hire has a huge impact on shaping the company's trajectory.
- Culture of slope over y-intercept : We value learning velocity, grit, and unapologetically unique personalities.
- We grew in value faster than headcount and we’re looking to align the two quickly.