Security Operations Lead

Job Description: • Own and manage Freshpaint’s recurring security compliance programs, including SOC 2 Type II, HITRUST R2, and other certifications or audits as needed. • Coordinate and manage annual penetration tests and follow through on remediation activities. • Maintain and continuously improve Freshpaint’s security controls and documentation. • Partner with engineering and product teams to operationalize security best practices across systems, tools, and processes. • Support risk assessments, vendor security reviews, and internal audits. • Act as a key point of contact for external auditors, customers, and vendors on security-related matters. • Drive security awareness and education initiatives across the company. Requirements: • 3+ years of experience in security operations, GRC, or compliance at a SaaS or cloud-based company. • Strong understanding of security frameworks and standards (SOC 2, HITRUST, ISO 27001, etc.). • Experience managing audits and working directly with assessors and penetration testing vendors. • Familiarity with cloud infrastructure (AWS, GCP) and modern software development practices. • Excellent project management and cross-functional communication skills. • You’re organized, detail-oriented, and excited by the challenge of building scalable security programs in a fast-moving environment. Benefits: • Competitive pay + generous equity (10-year exercise window) • Fully remote (U.S. only) with a $150/month coworking stipend • Half-day Fridays, every Friday • Unlimited PTO—with a *required* 2-week minimum • Top-tier health, dental & vision (100% covered for you, 80% for dependents) • 2 “Treat Yourself” days a year—$100 and a day off, just because • Generous parental leave • Epic offsites twice a year (past trips: Greece, Jackson Hole, Cabo, wine country + more) Apply tot his job