Ask any employee to explain their benefits, and you'll likely get a confused shrug. Ask any HR leader if their benefits investment is working, and you'll get an honest "I don't know." For employees, benefits are confusing and overwhelming. For HR and finance leaders, benefits are the second-largest expense, but they lack the visibility to know what's working and what's wasted.
At Avante, we're changing that. We're the first AI-native benefits platform built to turn benefits complexity into clarity. For employees, Avante acts like a personal guide, making benefits simple to understand and use. For leaders, Avante unifies fragmented data and delivers real-time insights so they can improve programs, control costs, and prove ROI.
We're based in Seattle and work 4 days a week in the office (one day remote), we're growing quickly, and are looking for our first dedicated Head of Trust & Compliance. You'll own our security and compliance programs end-to-end — from maintaining our SOC 2 Type II certification and driving ISO 27001 to navigating the privacy and regulatory landscape that comes with handling sensitive health and benefits data for enterprise customers across the globe. This is a foundational role for someone who thrives as a builder, not just an operator, and wants to shape how a fast-growing company earns and keeps the trust of its customers.
What You Will Do
Own and evolve our compliance programs — SOC 2 Type II, HIPAA, ISO 27001, and more, reporting directly to the CTO
Lead customer security reviews, including questionnaires, assessments, and security calls that are a critical part of our enterprise sales cycle
Manage our privacy and data protection posture, including DPAs, cross-border data transfer requirements, and international regulatory considerations (GDPR, CCPA, and beyond)
Maintain and improve our security policies, standards, and procedures, keeping them current and audit-ready
Own third-party and vendor risk management — evaluate sub-processors, manage vendor security reviews, and maintain our vendor inventory
Drive risk assessment and management, maintaining a risk register and working cross-functionally to prioritize and remediate findings
Partner with engineering to ensure security is embedded in our development lifecycle without slowing the team down
Build and run our security awareness training program
Manage relationships with external auditors, penetration testers, and security consultants
Stay current on evolving regulations affecting AI systems, health data, and benefits technology
What We Are Looking For
5-8+ years of experience in security, compliance, or GRC, with meaningful time at a startup or growth-stage SaaS company
Demonstrated experience building or scaling a compliance program (SOC 2, ISO 27001, HIPAA) — not just maintaining one someone else built
Strong understanding of data privacy frameworks (GDPR, CCPA/CPRA) and practical experience with DPAs, SCCs, and cross-border data transfer mechanisms
Experience with healthcare or HR data and a solid grasp of HIPAA requirements
Ability to operate independently as a senior individual contributor — you'll be the first dedicated hire in this function
Excellent communication skills, especially the ability to translate security and compliance topics for non-technical audiences, customers, and executives
Comfort working directly with enterprise customers on security reviews and sales enablement
Flexibility and willingness to wear many hats and help out wherever it is needed
Nice to Have
Early stage startup experience
Experience with AI governance, responsible AI frameworks, or the emerging AI regulatory landscape (EU AI Act, etc.)
Familiarity with cloud-native architectures (Azure, Kubernetes) and their security implications
Experience with compliance automation platforms (Vanta, Drata, or similar)
CISSP, CISM, CCSP, or similar certifications
Background in or exposure to insurance, benefits, or health tech
Experience managing external penetration tests and translating findings into remediation plans
Our Company Values
Beat Yesterday – Continuous improvement, innovation, and growth
Embrace Type 2 Fun – Resilience and positivity in the face of challenges
Act Like an Owner – Initiative, accountability, and focus on outcomes
Stay Hungry, Stay Curious – Humility, curiosity, and bold thinking
Interview Process:
Initial screen with our recruiters
Phone screen with the hiring manager
On-Site Interview Loop
Scenario-based interview focused on real-world security and compliance challenges
Behavioral interview to explore your approach to teamwork and challenges
Cross-functional interviews with Sales & CX
1:1 with our CTO
Final conversation with our CEO
If you're excited about building the security and compliance function at a company that's transforming the benefits industry — and you want to be the person enterprise customers trust — we'd love to hear from you!
