Location: Australia (Remote)
- Have you built and owned ISO 27001 compliance from scratch in a high-growth environment?
- Have you implemented and operationalised regional regulatory requirements such as Australian Privacy Principles (APP) and Singapore PDPA within cloud environments?
- Do you approach compliance like an engineer, automating, scaling, and embedding it into systems?
My client is one of the fastest growing and most exciting AI technology start-ups in the world. They are rapidly emerging as a leader in their field, having secured multiple rounds of VC funding. Despite being just a few years old, the company has already reached a multi-billion valuation, a true reflection of their trajectory.
They are an engineering-first organization with an exceptionally high bar. They hire individuals who think like builders, not operators. Candidates who succeed here typically come from start-up or scale-up environments and are comfortable working in ambiguity while building from the ground up.
They are looking for a highly technical, hands-on GRC Engineer who operates more like a security engineer than a traditional compliance professional. This is not a standard GRC role.
They need someone who has:
- Built and led ISO 27001 compliance programs end-to-end from scratch
- Ideally also implemented SOC 2 in parallel environments
- Experience with APAC regulatory requirements including:
- Australian Privacy Principles (APP)
- Singapore Personal Data Protection Act (PDPA)
- A mindset focused on engineering compliance into systems, not maintaining frameworks
If you have not owned and built ISO 27001 (and ideally SOC 2) from the ground up or implemented APP or PDPA, you will not be suitable for this position.
If you are not highly technical and hands-on and have strong knowledge of security principles, this role is not the right fit.
What You’ll Do
- Own and lead ISO 27001 end-to-end, from early-stage build through to audit readiness and certification
- Design and implement scalable, engineered compliance systems (not manual processes)
- Automate compliance and control monitoring across cloud environments
- Translate regulatory requirements into real technical controls embedded in infrastructure and workflows
- Work hands-on with engineering teams to integrate security into systems and CI/CD pipelines
- Read and understand code (ideally Python) to build or support automation workflows
- Support customer and sales teams with technical security discussions and compliance queries
- Drive broader compliance initiatives (SOC 2 where needed)
This is NOT right for you if you don’t have:
- Proven experience leading ISO 27001 end-to-end from scratch
- Strong technical background (cloud, infrastructure, security engineering)
- Ability to work directly with engineers at a deep technical level
- Experience building or automating compliance systems (not just maintaining them)
- Hands-on experience with cloud environments (AWS, GCP, or Azure)
- Experience embedding compliance into CI/CD or engineering workflows
- Startup or small team experience
Preferred Skills
- SOC 2 experience
- Python or scripting for automation
- Compliance-as-code / continuous compliance tooling
- Experience with NIST frameworks (800-53, etc.)
- Exposure to AI-related frameworks (ISO 42001, NIST AI RMF, EU AI Act)
Very competitive compensation package including equity with significant upside potential.
This role is for someone who thinks like an engineer, builds systems (not spreadsheets), and wants to make compliance scalable, automated, and embedded.
If that sounds like you, apply now.
