Security & Compliance Operations Manager

Mintlify

$120K — $150K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3+ years in GRC/compliance program management/security operations with audit ownership
  • Experience with compliance-platform administration (Drata, Vanta, or similar)
  • Proven vendor and auditor relationship management skills
  • Strong attention to detail in following through on tasks
  • Focus on automation to streamline compliance processes
  • Bonus: Familiarity with ISO 42001/AI governance and GDPR operations, and startup environment experience.

Responsibilities

  • Run five compliance programs end-to-end, managing audits and timelines
  • Administer Drata to maintain compliance evidence and manage policies
  • Oversee vendor engagements, including renewals and contracts
  • Coordinate standing processes like security reviews and bug bounty triaging
  • Act as the compliance representative for customer-facing communications
  • Facilitate technical work routing to Engineering with clear asks

Benefits

  • Competitive compensation and equity
  • 20 days paid time off annually
  • 401k or RRSP options
  • $420/month wellness stipend
  • 100% health, dental, and vision coverage in the US
  • Complimentary transportation to and from the office
  • Free meals while at the office
  • Annual team offsite events
Full Job Description
The Role

We're hiring our first dedicated GRC Program Manager to own the security & compliance program that our enterprise business runs on: SOC 2 Type II, ISO 27001, ISO 42001, GDPR, and Microsoft SSPA. The program exists and is well-documented - audits are mid-flight, the vCISO and auditors are engaged, the platform (Drata) is deployed. What it needs is a single accountable operator.

What You'll Do
  • Run five compliance programs end-to-end - own the audit calendar, evidence collection, remediation tracking, and auditor relationships (Sensiba for SOC 2/ISO; A-LIGN for Microsoft SSPA)
  • Administer Drata - keep monitors green, assign and validate evidence, manage policies and the trust center
  • Own the vendor bench - drive the weekly Rhymetec vCISO engagement, manage renewals and contracts across the security/compliance vendor portfolio
  • Run the standing processes - security questionnaire escalation, inbound vendor security reviews, bug bounty coordination (triage, researcher comms, payouts), trainings and access-review cadences
  • Be the customer-facing compliance voice - trust center, DPAs, subprocessor list, and enterprise security requirements (Microsoft, Coinbase, Okta-style programs)
  • Coordinate, don't silo - route technical work to Engineering DRIs with clear asks, and keep leadership out of the coordination loop
What We're Looking For
  • 3+ years in GRC / compliance program management / security operations with direct audit ownership
  • Hands-on compliance-platform administration (Drata, Vanta, or similar)
  • Vendor and auditor relationship management as the accountable owner
  • Meticulous follow-through - in this job, a dropped thread is an audit finding
  • Bias toward automation and pushing work to tests/vendors rather than doing it manually forever
  • Bonus Points: ISO 42001 / AI governance exposure. GDPR operations (DSARs, RoPA, consent tooling). Early-stage startup experience as a sole compliance owner.
Company Benefits:
  • Competitive compensation and equity
  • 20 days paid time off every year
  • 401k or RRSP
  • $420/month wellness stipend
  • 100% coverage for Health, dental, vision (within the US)
  • Free Ubers to and from the Mintlify office
  • Free lunch and dinners while working at the Mintlify office
  • Annual team offsite (previously went to Alaska, Hawaii)

Similar Jobs

More Jobs at Mintlify

More Information Technology Jobs

Find similar Security & Compliance Operations Manager jobs: