Sierra Club

Security and Compliance Manager

Sierra Club$120K — $150K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years in security compliance or GRC roles within fast-growing tech companies.
  • Deep expertise in compliance frameworks (ISO 42001, PCI DSS, NIST 800-53, FedRAMP).
  • Systems-oriented mindset with understanding of cloud architecture and data flows.
  • Experience in managing complex audits and driving risk-based remediation.
  • Hands-on experience with multi-cloud platforms (AWS, Azure, GCP).
  • Strong background in automating security controls across various environments.
  • Relevant certifications (CISSP, CISA, ISO 27001 Lead Auditor) or equivalent experience.

Responsibilities

  • Own audits and regulatory programs (ISO 42001, PCI DSS, NIST 800-53, FedRAMP, HIPAA).
  • Drive scope definition, readiness assessments, and executive-level reporting.
  • Develop understanding of the Conversational AI Platform and collaborate with engineering.
  • Build and maintain a centralized security controls library for compliance purposes.
  • Define and enforce security baselines for cloud infrastructure and related controls.
  • Design automated compliance workflows to enhance efficiency and control assurance.

Benefits

  • Flexible (Unlimited) Paid Time Off.
  • Comprehensive Medical, Dental, and Vision benefits for employees and their families.
  • Life Insurance and Disability Benefits.
  • Retirement Plan with Sierra match.
  • Parental Leave and fertility support through Carrot.
  • On-site lunch and access to snacks and coffee.
  • Discretionary Benefit Stipend for personalized spending.
  • Unique offerings like free alphorn lessons.
Full Job Description
What you'll do
  • Own independent audits and regulatory programs including ISO 42001, PCI DSS, NIST 800-53, FedRAMP, HIPAA, and related frameworks.
  • Drive scope definition, readiness assessments, auditor engagement, remediation planning, and executive level reporting.
  • Develop a strong working understanding of Sierra's Conversational AI Platform, model providers, and cloud architecture. Partner with Platform and Agent Engineering to design and operationalize controls across multi cloud environments, infrastructure, inference and data platforms.
  • Build a centralized and evolving security controls library mapped to compliance, regulatory and customer requirements. Continuously assess control effectiveness, identify gaps, prioritize risk, and drive remediation that strengthens Sierra's security and compliance posture.
  • Define and enforce security baselines for cloud infrastructure, containerized workloads, Kubernetes, identity, encryption, logging, and network security controls. Partner with engineering teams to integrate security requirements into configuration and change management.
  • Design and operate automated compliance workflows using AI, infrastructure as code, and security tooling to reduce manual effort, improve control assurance, and scale with platform evolution.
Who you'll work with

You will act as a strategic partner to Platform, Product, Agent Development, Legal, and GTM, ensuring security and compliance requirements are embedded into architecture decisions, product roadmaps, and go to market execution while supporting product velocity and technical complexity.

What you'll bring
  • 8+ years of experience in security compliance or GRC or security adjacent roles within fast growing technology companies.
  • Deep expertise in security compliance frameworks including ISO 42001, PCI DSS, NIST 800-53, FedRAMP, and similar regulatory environments.
  • A systems oriented and engineering focused GRC mindset, with the ability to reason about cloud architecture, data flows, and control effectiveness alongside engineers.
  • Experience owning complex audits and driving risk based remediation across distributed teams.
  • Hands-on experience with multi-cloud infrastructure (AWS, Azure, GCP).
  • Strong experience implementing and automating security controls across cloud infrastructure, configuration management, container security, Kubernetes, encryption, identity, and authentication systems.
  • Ability to clearly communicate compliance requirements internally to engineering teams and externally to customers in a technically credible way.
  • Relevant certifications such as CISSP, CISA, PCI ISA, ISO 27001 Lead Auditor, or equivalent experience.
Even better...
  • Experience supporting AI platforms, fintech, healthcare, or other highly regulated environments.
  • Familiarity with global regulatory environments including GDPR, DORA, the EU AI Act, and emerging security and AI governance requirements across APAC regions.
  • Experience supporting public sector or FedRAMP aligned environments.
Why join us?

You will operate at the center of AI systems, cloud infrastructure, and global compliance, shaping how security controls are designed and scaled for modern AI platforms. This role offers high ownership, deep technical partnership with engineering, and the opportunity to define what strong GRC looks like at Sierra.
Our values
  • Trust: We build trust with our customers with our accountability, empathy, quality, and responsiveness. We build trust in AI by making it more accessible, safe, and useful. We build trust with each other by showing up for each other professionally and personally, creating an environment that enables all of us to do our best work.
  • Customer Obsession: We deeply understand our customers' business goals and relentlessly focus on driving outcomes, not just technical milestones. Everyone at the company knows and spends time with our customers. When our customer is having an issue, we drop everything and fix it.
  • Craftsmanship: We get the details right, from the words on the page to the system architecture. We have good taste. When we notice something isn't right, we take the time to fix it. We are proud of the products we produce. We continuously self-reflect to continuously self-improve.
  • Intensity: We know we don't have the luxury of patience. We play to win. We care about our product being the best, and when it isn't, we fix it. When we fail, we talk about it openly and without blame so we succeed the next time.
  • Family: We know that balance and intensity are compatible, and we model it in our actions and processes. We are the best technology company for parents. We support and respect each other and celebrate each other's personal and professional achievements.
What we offer

We want our benefits to reflect our values and offer the following to full-time employees:
  • Flexible (unlimited) paid time off
  • Medical, dental, and vision benefits for you and your family
  • Life insurance and disability benefits
  • Retirement plan dependent on country of employment
  • Parental leave
  • Fertility and family building benefits through Carrot
  • Lunch, as well as delicious snacks and coffee to keep you energized
  • Discretionary benefit stipend giving people the ability to spend where it matters most
  • Free alphorn lessons

These benefits are further detailed in Sierra's policies, may vary by region, and are subject to change at any time, consistent with the terms of any applicable compensation or benefits plans. Eligible full-time employees can participate in Sierra's equity plans subject to the terms of the applicable plans and policies.

About Sierra Club

The Sierra Club is a nonprofit organization that promotes environmental conservation. It was founded in 1892 by John Muir and is one of the oldest and largest environmental organizations in the United States. The organization has over 3.8 million members and supporters and is dedicated to protecting the planet's natural resources and wildlife. The Sierra Club engages in a variety of activities, including lobbying for environmental legislation, organizing outdoor activities, and publishing a magazine. The organization is headquartered in Oakland, California.
Learn more about Sierra Club
Size
800 employees
Industry
Founded
1892

Similar Jobs

More Jobs at Sierra Club

  • Sierra Club
    Strategist, Agent Development
    $90K — $130K *
    New York, NY 10025 (New York County)
    Technical Services
    In-Person
  • Sierra Club
    Strategist, Agent Development
    $100K — $150K *
    San Francisco, CA 94112 (San Francisco County)
    Consumer Technology
    In-Person
  • Sierra Club
    Sales Engineer
    $90K — $130K *
    Remote
    Information Technology
    Remote in San Francisco, CA
  • Sierra Club
    Sales Engineer
    $90K — $130K *
    Atlanta, GA 30349 (Fulton County)
    Enterprise Technology
    In-Person
  • Sierra Club
    Sales Engineer
    $90K — $130K *
    New York, NY 10025 (New York County)
    Technical Services
    In-Person

More Information Technology Jobs

Find similar Security and Compliance Manager jobs: