Compliance Specialist

About Us

CISO99.ai is a boutique CISO firm providing fractional CISO services to fast-growing, cloud-native startups. We don’t advise from the sidelines, we build, operate, and own our customers’ security and compliance programs end-to-end.

Our clients are typically startups preparing for or maintaining SOC 2 and ISO 27001, where security is directly tied to revenue, deals, and growth.

We are looking for a Compliance & Security Operations Manager to work directly with our founders and customers, owning the day-to-day execution of multiple compliance and security programs.

This is a hands-on role. You will not only coordinate compliance efforts, you will actively create, implement, and produce audit evidence yourself.

The role requires strong execution and program management capabilities, with the expectation that you can independently drive multiple customers forward and close gaps without relying on others to do the work.

Own execution of compliance and security programs across multiple startup customers

Run weekly/monthly syncs and drive progress across stakeholders

Track tasks, risks, and deliverables end-to-end

Ensure nothing falls between the cracks

• Lead SOC 2 and ISO 27001 readiness and audit processes
• Independently create and collect audit evidence, rather than relying solely on others to provide it
• Write policies, take screenshots, extract logs, and document control operation
• Act as the primary point of contact for auditors and customer stakeholders, handling and responding to requests end-to-end
• Ensure controls are fully implemented and operating in practice

Operate key program elements such as:

• Risk registers and internal risk assessments
• Vendor risk management processes
• Security awareness programs
• Customer security questionnaires
• You are expected to execute these processes, not just manage them
• Provide ongoing visibility across multiple customers
• Support implementation of tools and solutions in customer environments
  

• 1-3 years of experience in compliance, operations, or program/project management in a tech environment
• Hands-on involvement in SOC 2 and/or ISO 27001 (you’ve built evidence, supported audits, and done the work yourself)
• Ability to independently execute and move tasks forward without heavy guidance
• Strong multitasking skills:  able to manage multiple customers in parallel
• Highly organized, detail-oriented, and execution-driven
• Excellent communication skills (clear, structured, direct)
• Experience working in fast-paced environments (startups is a strong advantage)

• Background in cybersecurity, IT, or cloud environments
• Hands-on exposure to security tools or domains such as EDR, IDP, MDM, Mail system or cloud security
• Experience with tools like Jira, Monday, Notion, Slack, Linear etc.
• Working with AI & Modern Tooling - Comfort working with AI tools, MCP integrations, and vibe coding workflows is a real plus. We use AI actively to accelerate compliance work - drafting policies, generating evidence summaries, building internal tools, and automating repetitive tasks. You don't need to be a developer, but being the kind of person who leans into these tools, experiments with them, and figures out how to get things done faster with them fits naturally into how we work.

• Audit evidence is ready, accurate, and requires minimal back-and-forth with auditors
• Customers move efficiently toward audit readiness with no delays
• You independently close gaps instead of escalating them
• Clear visibility into risks, progress, and status across all customers
• Founders trust you to run accounts end-to-end