Security Compliance Officer

• Own and maintain Corti security governance model across ISO 27001, SOC 2 and other relevant frameworks, including a clear control inventory and ownership map
• Translate frameworks and customer requirements into concise policies, playbooks, checklists and acceptance criteria that fit naturally into techdocs, release processes and change management
• Plan, manage and follow up on internal and external security audits and assessments, address any areas of non compliance and communicate status and findings to leadership, auditors and teams
• Drive the use of compliance automation tools (e.g. Drata) and internal scripts, and monitor indicators such as device compliance, policy acceptance, training completion and access reviews, coordinating remediation with the responsible teams
• Maintain a live security risk register, including risk acceptance, mitigation plans and regular reviews with Product, Platform and Governance team members
• Partner with Platform and other engineers to ensure that policies and control objectives are reflected in CI or CD pipelines, Infrastructure as Code and cloud configuration baselines, and review security impactful changes at a governance level so they remain aligned and auditable
• Plus - can use engineering experience to design small automations or configuration improvements that strengthen controls and make evidence collection and reporting easier for teams
• Act as a trusted advisor on secure ways of working and provide answers to customers and stakeholders on Corti’s security

• A bachelor’s degree in Computer Science/Information Technology, or solid experience in security compliance or information security
• Strong understanding of security and data protection laws, regulations, and standards
• Proven impact in risk reduction and safeguarding sensitive data, protecting brand reputation and customer trust
• Practical exposure to modern engineering environments, for example working closely with platform or DevOps teams, and familiarity with CI or CD, Infrastructure as Code, and cloud platforms such as Azure
• Previous hands on engineering experience is a plus, for example as a developer, platform engineer, or DevOps engineer, and you are comfortable reading code or configuration to understand how controls are implemented
• A builder mindset for governance, you enjoy designing processes, templates, and automations that make it easy for teams to do the right thing
• A proactive, ownership-driven approach to building and coordinating company-wide compliance programs
• Comfortable using and configuring compliance tooling such as Drata, and eager to experiment with new automation tools to reduce manual work
• Effective partnership with external auditors, including evidence collection, issue tracking, and clear internal communication of findings
• Clear communicator who can adjust language to the audience, from technical deep dives to concise leadership updates
• Deep familiarity with keeping organizations up-to-date with evolving regulatory requirements
• Strong project management discipline leveraging tools to plan, track, and communicate workload and progress to stakeholders and leadership

Previous hands on engineering experience is a plus, for example as a developer, platform engineer, or DevOps engineer, and you are comfortable reading code or configuration to understand how controls are implemented

Equipment provided by Corti