Security & Compliance Operations Manager
Top focus
Why Mintlify? We're on a mission to empower builders. Massive reach: Our docs platform serves 100 million+ developers every year and powers documentation for 20,000+ companies, including Anthropic, Microsoft, PayPal, Spotify, Coinbase, X, and over 20% of the last YC batch.
Small team, huge impact: We recently passed 65 employees and raised a $45 million Series B led by A16Z and Salesforce Ventures. Each new hire has a huge impact on shaping the company's trajectory. Culture of slope over y-intercept : We value learning velocity, grit, and unapologetically unique personalities.
We grew in value faster than headcount and we’re looking to align the two quickly. The Role We're hiring our first dedicated GRC Program Manager to own the security & compliance program that our enterprise business runs on: SOC 2 Type II, ISO 27001, ISO 42001, GDPR, and Microsoft SSPA.
The program exists and is well-documented — audits are mid-flight, the vCISO and auditors are engaged, the platform (Drata) is deployed. What it needs is a single accountable operator. What You'll Do Run five compliance programs end-to-end — own the audit calendar, evidence collection, remediation tracking, and auditor relationships (Sensiba for SOC 2/ISO; A-LIGN for Microsoft SSPA) Administer Drata — keep monitors green, assign and validate evidence, manage policies and the trust center Own the vendor bench — drive the weekly Rhymetec vCISO engagement, manage renewals and contracts across the security/compliance vendor portfolio Run the standing processes — security questionnaire escalation, inbound vendor security reviews, bug bounty coordination (triage, researcher comms, payouts), trainings and access-review cadences Be the customer-facing compliance voice — trust center, DPAs, subprocessor list, and enterprise security requirements (Microsoft, Coinbase, Okta-style programs) Coordinate, don't silo — route technical work to Engineering DRIs with clear asks, and keep leadership out of the coordination loop What We're Looking For 3+ years in GRC / compliance program management / security operations with direct audit ownership Hands-on compliance-platform administration (Drata, Vanta, or similar) Vendor and auditor relationship management as the accountable owner Meticulous follow-through — in this job, a dropped thread is an audit finding Bias toward automation and pushing work to tests/vendors rather than doing it manually forever Bonus Points: ISO 42001 / AI governance exposure.
GDPR operations (DSARs, RoPA, consent tooling). Early-stage startup experience as a sole compliance owner. Company Benefits: Competitive compensation and equity 20 days paid time off every year 401k or RRSP $420/month wellness stipend 100% coverage for Health, dental, vision Free Ubers to and from work Free lunch and dinners Annual team offsite (previously went to Alaska, Hawaii)