Specialist, Risk & Compliance

At SAFE Security, our vision is to be the Champions of a Safer Digital Future and the Catalysts of Change. We believe in empowering individuals and teams with the freedom and responsibility to align their goals, ensuring we all move forward together.
We operate with radical transparency, autonomy, and accountability—there’s no room for brilliant jerks. We embrace a culture-first approach, offering an unlimited vacation policy, a high-trust work environment, and a commitment to continuous learning. For us, Culture is Our Strategy—check out our Culture Memo to dive deeper into what makes SAFE unique.
We’re seeking a Cyber Risk Management Specialist to join our high-impact Risk Management team. In this role, you’ll drive risk assessments, support audits, manage third-party risk assessments, and ensure compliance with frameworks like ISO 27001, SOC 2, and data privacy regulations. You’ll also collaborate closely with our Threat Research team, contributing to continuous controls monitoring, risk strategy, and product innovation.

Core Responsibilities:

• To conduct enterprise-level risk assessments, identify control gaps, and track mitigation plans.
• To lead and support internal and external audits, including ISO 27001, SOC 2, and others.  
• Maintain and improve the Information Security Management System (ISMS) based on ISO 27001 requirements.
• Ensure compliance with applicable regulatory requirements (e.g., GDPR, DPDP, CCPA, etc)
• Monitor and support the implementation of SOC 2 Type I/II controls and readiness programs.
• Drive the implementation and improvement of data privacy practices and controls across the organization.
• Perform third-party risk assessment. 
• Develop, implement, and maintain risk registers, audit dashboards, and compliance trackers.
• Work on compliance crosswalks to map controls across various regulatory and industry standards.
• Collaborate with cross-functional teams to embed a risk-aware and privacy-by-design culture across the organization.
• Work closely with the product teams to contribute to the GRC-related features

Essential Skills/ Experience/ Qualifications:

• 3-5 years of experience in risk management, information security audit, SOC 2, or GRC roles.
• Strong working knowledge of ISO 27001, SOC 2, NIST, and data privacy frameworks.
• Familiarity with regulatory compliance requirements (GDPR, DPDP, CCPA)
• Experience in third-party/vendor risk assessments.
• Good understanding of privacy impact assessments (PIAs) and data processing workflows.
• Excellent documentation, reporting, and presentation skills.
• Strong interpersonal skills to work effectively across business and tech teams.

Certifications:

• ISO 27001 Lead Auditor or Lead Implementer certification is a must.
• Additional certifications like CISA, CISM, or CISSP are a plus.

If you’re passionate about cyber risk, thrive in a fast-paced environment, and want to be part of a team that’s redefining security—we want to hear from you! 🚀