Compliance Engineer

ConductorOne is the first AI-native identity security platform that protects every identity: human, non-human, and AI. With powerful automation, platform-level AI, and out-of-the-box connectors, it centralizes access visibility, enforces fine-grained controls, enables just-in-time access, and automates user access reviews across all apps. It's easy to use, quick to deploy, and trusted by enterprises like DigitalOcean, Instacart, Ramp, and Zscaler.

As a Compliance Engineer at ConductorOne, you'll be responsible for building and operating the systems, processes, and automations that keep our security and compliance programs running smoothly. You'll partner closely with Security, Engineering, and Operations to design controls that scale with the business, maintain audit readiness, and turn compliance from a manual exercise into an integrated part of our platform. You'll manage evidence collection, streamline audits, and continuously improve how ConductorOne meets its commitments - ensuring our infrastructure, products, and practices stay secure, compliant, and efficient as we grow.

What you'll do:

• Own and operate ConductorOne's security and compliance programs such as SOC 1, SOC 2, ISO 27001, and FedRAMP.

• Partner with Security, Engineering, and SRE to ensure controls are effectively designed, implemented, and continuously monitored.

• Manage evidence collection and audit readiness while identifying opportunities to automate compliance workflows through tooling and process improvements.

• Translate compliance requirements into actionable engineering or operational changes - turning policies into code where possible.

• Collaborate cross-functionally to ensure compliance supports, rather than slows, product delivery and innovation.

• Develop and maintain documentation, policies, and control mappings that scale with the company.

• Support customer and prospect requests related to ConductorOne's security and compliance posture.

• Track evolving standards and regulatory expectations, ensuring the company remains audit-ready as it grows.

You would be an excellent candidate if...

• You have hands-on experience operating or auditing information security and compliance programs.

• You're comfortable working directly with engineers and can translate between regulatory language and technical implementation.

• You enjoy finding ways to automate manual tasks and reduce audit friction through code, integrations, or workflow improvements.

• You're organized, detail-oriented, and calm under the pressure of audit timelines.

• You thrive in a fast-paced startup environment where processes evolve and impact is visible.

• You take pride in making compliance both effective and lightweight - enabling security and reliability without unnecessary bureaucracy.

Extra Credit if…

• You've helped a company achieve or maintain multiple security or compliance certifications.

• You've used or implemented compliance automation tools or built internal equivalents.

• You have experience integrating compliance evidence collection with engineering systems (GitHub, AWS, Jira, etc.).

• You've participated in or supported customer security assessments or RFPs.

• You're familiar with risk management or security control frameworks such as NIST, CIS, or ISO.

• You have experience working closely with security engineering, DevOps or SRE teams.

ConductorOne, Inc. is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status or any other category protected by law.