Job Description:
• Own and manage Freshpaint’s recurring security compliance programs, including SOC 2 Type II, HITRUST R2, and other certifications or audits as needed.
• Coordinate and manage annual penetration tests and follow through on remediation activities.
• Maintain and continuously improve Freshpaint’s security controls and documentation.
• Partner with engineering and product teams to operationalize security best practices across systems, tools, and processes.
• Support risk assessments, vendor security reviews, and internal audits.
• Act as a key point of contact for external auditors, customers, and vendors on security-related matters.
• Drive security awareness and education initiatives across the company.
Requirements:
• 3+ years of experience in security operations, GRC, or compliance at a SaaS or cloud-based company.
• Strong understanding of security frameworks and standards (SOC 2, HITRUST, ISO 27001, etc.).
• Experience managing audits and working directly with assessors and penetration testing vendors.
• Familiarity with cloud infrastructure (AWS, GCP) and modern software development practices.
• Excellent project management and cross-functional communication skills.
• You’re organized, detail-oriented, and excited by the challenge of building scalable security programs in a fast-moving environment.
Benefits:
• Competitive pay + generous equity (10-year exercise window)
• Fully remote (U.S. only) with a $150/month coworking stipend
• Half-day Fridays, every Friday
• Unlimited PTO—with a *required* 2-week minimum
• Top-tier health, dental & vision (100% covered for you, 80% for dependents)
• 2 “Treat Yourself” days a year—$100 and a day off, just because
• Generous parental leave
• Epic offsites twice a year (past trips: Greece, Jackson Hole, Cabo, wine country + more)
Apply Now
Apply Now