Compliance and Security Manager

Credo AI is a venture-backed company on a mission to empower organizations to responsibly build, adopt, procure and use AI at scale.  Credo AI has built a pioneering platform for context-driven AI governance, AI risk assessment and compliance (to regulations like the EU AI Act and standards like NIST AI RMF, ISO 42001 etc) to ensure compliant, fair, and auditable development and use of AI. Our goal is to move responsible AI development from an “ethical” choice to an obvious one-by ensuring AI’s benefits are universally accessible while addressing the full spectrum of its risks. We aim to do this both by making it easier for organizations to integrate  responsible AI Governance  practices into their AI development and by collaborating with regulators/policymakers to set up appropriate ecosystem incentives. Founded in 2020, Credo AI has been recognized as a one of the Most Innovative Companies of 2024 by Fast Company, a Technology Pioneer by the World Economic Forum, named to the CBInsights' AI 100 List and World's Most Promising Startups list, and included in Fast Company’s Next Big Thing in Tech and Intelligent Applications Top 40 by Madrona, Goldman Sachs, Microsoft and Pitchbook.

What we are looking for:

As Compliance and Security Manager, you will play a key role in maintaining and advancing our regulatory posture. You’ll be responsible for ensuring ongoing SOC 2 compliance while driving readiness for ISO 42001 and NIST 800 frameworks. This includes proactively monitoring changes in the regulatory landscape and translating those developments into actionable internal policies. You will work cross-functionally with engineering, legal, and product teams to ensure compliance requirements are seamlessly integrated into business and technical operations. You’ll also lead internal audits, perform gap assessments, and oversee readiness initiatives to ensure our systems and practices meet the highest standards of security and governance.

On the security front, you’ll design and manage enterprise-wide security and risk frameworks, lead third-party vendor assessments, and embed secure development practices into our engineering workflows (DevSecOps). You’ll oversee incident response protocols and escalation paths while championing privacy-by-design principles and aligning data governance practices with evolving regulations such as GDPR and CCPA. Serving as the central point of contact for auditors, regulators, and internal stakeholders, you'll foster a culture of compliance and security through regular training, awareness campaigns, and tabletop exercises—ensuring that all teams understand and fulfill their roles in protecting customer and organizational data.

You might be a good fit if:

• You have 5+ years of experience in security, compliance, and risk management within a fast-paced tech company, SaaS, or cloud-first environment.

• You have knowledge of SOC 2, ISO 42001, NIST 800-53/171, GDPR, and data protection regulations.

• You have experience leading compliance audits, certification processes, and security assessments.

• You have a background in cloud security (AWS, GCP, Azure) and familiarity with DevSecOps principles.

• You have the ability to translate complex compliance requirements into engineering-friendly, scalable solutions.

• You have excellent communication skills with the ability to influence executive leadership and technical teams.

• AI fluency or willingness to learn is a requirement.

Compensation

The expected base salary range for this position is $130,000 - $140,000.  Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in the specified location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

Location & Remote Culture

While this is a remote role and we're a fully distributed team, we routinely meet up in-person. We support individual members to coordinate in-person coworking whenever possible, and organize company-wide offsites multiple times a year. At Credo AI we value diversity, equity, and inclusion as core principles in our work environment, and the development of our product offerings, and we have implemented initiatives to foster and support these values.

Credo AI Benefits & Perks

• Competitive Salary and Equity

• Health: We offer health, dental, and vision coverage. We also offer an ergonomic benefit to cover the costs of equipment to help staff stay healthy while working, both in the office and at home.

• Coworking: We will cover the cost of co-working spaces like WeWork and in-person meetups.

• Unlimited PTO: Credo AI has unlimited time off to support our employees 

• Generous Parental Leave: We offer up to 12 weeks of paid parental leave.

• 401(k) plan for  employees (US only)