Compliance Operations Specialist

About Us

CISO99.ai is a boutique CISO firm providing fractional CISO services to fast-growing, cloud-native startups. We don’t advise from the sidelines, we build, operate, and own our customers’ security and compliance programs end-to-end.

Our clients are typically startups preparing for or maintaining SOC 2 and ISO 27001, where security is directly tied to revenue, deals, and growth.

We are looking for a Compliance & Security Operations Manager to work directly with our founders and customers, owning the day-to-day execution of multiple compliance and security programs.

This is a hands-on role. You will not only coordinate compliance efforts, you will actively create, implement, and produce audit evidence yourself.

The role requires strong execution and program management capabilities, with the expectation that you can independently drive multiple customers forward and close gaps without relying on others to do the work.

Own execution of compliance and security programs across multiple startup customers

Run weekly/monthly syncs and drive progress across stakeholders

Track tasks, risks, and deliverables end-to-end

Ensure nothing falls between the cracks

• Lead SOC 2 and ISO 27001 readiness and audit processes
• Independently create and collect audit evidence, rather than relying solely on others to provide it
• Write policies, take screenshots, extract logs, and document control operation
• Act as the primary point of contact for auditors and customer stakeholders, handling and responding to requests end-to-end
• Ensure controls are fully implemented and operating in practice

Operate key program elements such as:

• Risk registers and internal risk assessments
• Vendor risk management processes
• Security awareness programs
• Customer security questionnaires
• You are expected to execute these processes, not just manage them
• Provide ongoing visibility across multiple customers
• Support implementation of tools and solutions in customer environments
  

• 1-3 years of experience in compliance, operations, or program/project management in a tech environment
• Hands-on involvement in SOC 2 and/or ISO 27001 (you’ve built evidence, supported audits, and done the work yourself)
• Ability to independently execute and move tasks forward without heavy guidance
• Strong multitasking skills:  able to manage multiple customers in parallel
• Highly organized, detail-oriented, and execution-driven
• Excellent communication skills (clear, structured, direct)
• Experience working in fast-paced environments (startups is a strong advantage)