Related skills
risk management cloud security iso 27001 security governance nist📋 Description
- Own Rain’s information security and compliance strategy, focusing on ISO 27001 readiness.
- Executive owner for security programs (ISO 27001, SOC 2, vendor risk, customer reviews).
- Design and improve Rain’s security governance framework (policies, standards, risk mgmt).
- Partner with Engineering, Infrastructure, Product, Legal, and Ops to embed security in workflows.
- Lead external audits, certifications, and assessments; primary contact for auditors.
- Own risk management lifecycle and incident response governance, with executive reporting.
🎯 Requirements
- 8–12+ years in information security, GRC, or leadership with ownership of compliance programs.
- Hands-on ISO 27001 certification leadership (initial and/or surveillance audits).
- Security leader in high-growth tech, fintech/payments, or regulated environments.
- Strong knowledge of GRC and control frameworks (ISO 27001/27002, SOC 2, NIST).
- Proven ability to partner with engineering to implement controls in cloud-native environments.
- Experience with third-party risk, security questionnaires, and executive risk communication.
🎁 Benefits
- Unlimited time off with a 10-day minimum.
- Flexible working with home-office stipend.
- US health, dental, and vision coverage + life insurance.
- 401(k) with 4% company match.
- Equity option plan.
- Rain Cards, wellness spending, and team offsites.
Meet JobCopilot: Your Personal AI Job Hunter
Automatically Apply to Engineering Jobs. Just set your
preferences and Job Copilot will do the rest — finding, filtering, and applying while you focus on what matters.
Help us maintain the quality of jobs posted on Empllo!
Is this position not a remote job?
Let us know!