Mintlify

Security & Compliance Operations Manager

today
120000 –180000 USD / yearUSAMiddle
Mintlify

Security & Compliance Operations Manager

today
120000 –180000 USD / yearUSAMiddlesoc 2iso 27001gdpraudit managementdratavendor management

Manage and operate security and compliance programs including SOC 2 Type II, ISO 27001, ISO 42001, GDPR, and Microsoft SSPA.

Responsibilities

  • We're hiring our first dedicated GRC Program Manager to own the security & compliance program that our enterprise business runs on: SOC 2 Type II, ISO 27001, ISO 42001, GDPR, and Microsoft SSPA. The program exists and is well-documented — audits are mid-flight, the vCISO and auditors are engaged, the platform (Drata) is deployed. What it needs is a single accountable operator.
  • Run five compliance programs end-to-end — own the audit calendar, evidence collection, remediation tracking, and auditor relationships (Sensiba for SOC 2/ISO; A-LIGN for Microsoft SSPA)
  • Administer Drata — keep monitors green, assign and validate evidence, manage policies and the trust center
  • Own the vendor bench — drive the weekly Rhymetec vCISO engagement, manage renewals and contracts across the security/compliance vendor portfolio
  • Run the standing processes — security questionnaire escalation, inbound vendor security reviews, bug bounty coordination (triage, researcher comms, payouts), trainings and access-review cadences
  • Be the customer-facing compliance voice — trust center, DPAs, subprocessor list, and enterprise security requirements (Microsoft, Coinbase, Okta-style programs)
  • Coordinate, don't silo — route technical work to Engineering DRIs with clear asks, and keep leadership out of the coordination loop

Requirements

  • 3+ years in GRC / compliance program management / security operations with direct audit ownership
  • Hands-on compliance-platform administration (Drata, Vanta, or similar)
  • Vendor and auditor relationship management as the accountable owner
  • Meticulous follow-through — in this job, a dropped thread is an audit finding
  • Bias toward automation and pushing work to tests/vendors rather than doing it manually forever
  • Bonus Points: ISO 42001 / AI governance exposure. GDPR operations (DSARs, RoPA, consent tooling). Early-stage startup experience as a sole compliance owner.

Conditions

  • Competitive compensation and equity
  • 20 days paid time off every year
  • 401k or RRSP
  • $420/month wellness stipend
  • 100% coverage for Health, dental, vision
  • Free Ubers to and from work
  • Free lunch and dinners
  • Annual team offsite (previously went to Alaska, Hawaii)

Other

  • We're on a mission to empower builders.
  • Massive reach: Our docs platform serves 100 million+ developers every year and powers documentation for 20,000+ companies, including Anthropic, Microsoft, PayPal, Spotify, Coinbase, X, and over 20% of the last YC batch.
  • Small team, huge impact: We recently passed 65 employees and raised a $45 million Series B led by A16Z and Salesforce Ventures. Each new hire has a huge impact on shaping the company's trajectory.
  • Culture of slope over y-intercept : We value learning velocity, grit, and unapologetically unique personalities.
  • We grew in value faster than headcount and we’re looking to align the two quickly.