About the roleYou'll play a central role in building and scaling LangChain's privacy compliance program, developing the processes, technical controls, and automation that back our commitments to customers, partners, and regulators. You'll maintain and grow our SOC 2, ISO 27001, and privacy programs while taking primary ownership of our privacy framework across multiple cloud environments, deployment models, and geographies. We are looking to hire in-person in SF or NY.
What you'll do- Build and automate our compliance operations layer, including evidence pipelines, control monitoring, and agentic systems for always-on visibility into our compliance posture.
- Work directly with Engineering to embed security and privacy controls into our products, including deletion pipelines, PII detection, access audit logging, and fine-grained data access controls.
- Maintain and scale our certification and audit programs across SOC 2, ISO 27001, ISO 27701, ISO 42001, HIPAA, GDPR, CCPA, EU-US Data Privacy Framework, and others. Drive audit readiness, identify overlapping requirements, and reuse evidence across frameworks to continuously strengthen our security story.
- Partner with Legal on security and privacy contract execution, covering DPAs, BAAs, security addenda, and vendor terms. Build the templates, playbooks, and review processes that enable fast, reliable execution in regulated verticals and unblock enterprise sales.
- Monitor adherence to security and privacy contractual obligations across all signed agreements, building the operational workflows and tracking mechanisms to stay on top of commitments as our customer base grows.
- Contribute to LangChain's customer trust program - security questionnaire responses, due-diligence reviews, and the trust documentation and whitepapers that give regulated-industry customers confidence in our security posture.
- Support vendor privacy risk assessments during onboarding and renewals.
What you'll bring- 5+ years in privacy, GRC, or security compliance, ideally with time at a Big 4 or advisory firm, or in-house at a high-growth tech company.
- Hands-on operational experience with privacy regulations and compliance frameworks (GDPR, HIPAA, CCPA, ISO 27001, ISO 27701, SOC 2), including controls mapping, audit support, and day-to-day program operations.
- Experience with DPAs and BAAs: reviewing, negotiating, or operationalizing them in a commercial context.
- Technical fluency: comfortable reading code, understanding data flows, validating that controls work as described, and collaborating directly with engineering teams.
- Exceptional writer. You'll draft policies, respond to security questionnaires, and translate complex requirements into clear guidance for audiences ranging from engineers to executives.
Nice to have- Background in a regulated industry (healthcare, finance, government) or working directly with regulated-industry customers.
- Experience working across multi-cloud deployment environments.
- Ability to write scripts or code (Python is a strong plus) to automate compliance checks, privacy workflows, or build integrations between security and compliance tooling.
- Relevant certifications such as CIPM, CIPP/E, CIPP/US, CISA, CISSP, ISO 27001 Lead Implementer, or ISO 27701 Lead Implementer.
- Annual salary range: $175,000- $220,000 USD
Compensation Philosophy:We offer competitive compensation that includes base salary, variable compensation for relevant roles, meaningful equity, benefits, and perks. Actual compensation and offerings will vary based on role, level, and location. Team members in the EU, UK, and APAC receive locally competitive benefits aligned with regional norms and regulations.
BenefitsBenefits include medical, dental, and vision coverage, flexible vacation, a 401(k) plan, meals on in-office days in the US and more.
