Our team has a track record of applying AI to some of the toughest problems. From achieving superhuman performance with DeepMind's AlphaGo, to reducing the energy required to cool Google's Data Centers by 40%, we deeply understand AI and how to apply it in production for massive impact.

Phaidra's ability to achieve its mission is determined by our ability to work together — as defined by our core values: Transparency , Collaboration , Operational Excellence , Ownership , and Empathy. We seek individuals who embody these values, as they are instrumental in ensuring our team consistently delivers excellence and fosters an engaging and supportive culture

Phaidra is based in the USA, but we are 100% remote with no physical office. We hire employees internationally with the help of our partner, OysterHR. Our team is currently located throughout the USA, Canada, UK, Italy, Sweden, Spain, Portugal, the Netherlands, Singapore, Australia, and India.

Joining the Talent Pool Please submit your resume/CV below. You may also submit a cover letter explaining what your ideal position is and how your skills would fit with the team!

Please note: Due to the high volume of applications, there may be a delay in response from our hiring team. However, Phaidra is committed to ensuring every applicant receives a response, regardless of the outcome. We sincerely appreciate your interest in joining Phaidra and thank you for taking the time to apply.

Who You Are We are seeking an experienced Senior Cyber Assurance Manager to build, manage, and mature our Governance, Risk, and Compliance (GRC) program. In this highly visible role, you will be responsible for managing all internal and external assurance obligations, taking full ownership of our compliance management platform ( Vanta ), and overseeing our enterprise risk management processes. This role is currently structured as a high-impact Individual Contributor (IC) position, requiring a 'builder' mindset with the potential to scale the team as the GRC program matures.

The ideal candidate is a hands-on leader who excels at automating compliance, managing audits from end-to-end, and translating complex security requirements— particularly those at the intersection of Generative AI/LLMs, Reinforcement Learning, and high-stakes industrial environments —into actionable, efficient business processes.

We are seeking a team member located within the United States of America.

• In the United States, we are only able to accept applicants located in the following states: California, Colorado, Connecticut, Georgia, Florida, Indiana, Maryland, Minnesota, Missouri, Nebraska, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, Virginia, Washington.

What You'll Do (Key Responsibilities) GRC Platform & Compliance Automation (Vanta Ownership)

• Serve as the primary system owner and administrator for our compliance management platform, Vanta.
• Configure, manage, and optimize the platform to align with our implemented control frameworks (e.g., SOC 2, ISO 27001).
• Drive efficiency by deploying and maximizing automated testing, continuous monitoring, and evidence collection capabilities within the tool.
• Manage platform workflows to ensure all controls, tests, documents, and policies are appropriately assigned to owners across the business and tracked to completion.

Audit & Assurance Management

• Manage all internal and external audit activities (e.g., SOC 2, ISO 27001, NIS 2) and other compliance initiatives (like annual penetration tests).
• Coordinate all audit-related tasks, including evidence gathering, managing auditor requests, facilitating interviews, and managing the remediation of any findings.
• Ensure our compliance and continued accreditation with all required security and privacy programs.

Enterprise Risk Management

• Develop, maintain, and manage the enterprise risk register, working with stakeholders to identify, assess, and prioritize security and AI-related risks.
• Own and execute our risk and vulnerability assessment process.
• Manage the end-to-end risk and control exception process, ensuring all exceptions are documented, reviewed, and approved.
• Coordinate with the SRE and business teams on Business Continuity and Disaster Recovery (BCP/DR) planning and data backup systems.
• Develop and manage the Third-Party Risk Management (TPRM) program.

Governance & Policy

• Own, manage, and implement the full suite of security policies, standards, and procedures, maintaining all related handbook pages and documentation.
• Define, establish, and track Key Performance Indicators (KPIs) and metrics to measure the effectiveness of the security program.
• Monitor the external landscape for new and changing laws, regulations, and industry standards that impact the organization, including those related to AI governance (e.g., EU AI Act, NIST AI RMF) and AI security best practices (e.g., OWASP Top 10 for LLMs).
• Contribute to the security budget, identifying and justifying tools and resources needed to scale the program.

Cross-Functional Collaboration & Enablement

• Act as a key security representative for our customers; engage and present on our security posture as needed.
• Lead the response to customer-facing risk assessments and security questionnaires, and maintain a central repository of standardized answers.
• Lead, manage, and deliver the company-wide security awareness and training program.
• Work regularly with cross-functional teams (e.g., Legal, SRE, Engineering, AI/ML, Data Science) to ensure assurance and AI governance considerations, including the Secure AI/ML Development Lifecycle, are integrated into all business processes.
• Enable a culture of continuous improvement and innovation, identifying opportunities to enhance security posture and streamline processes.

Key Qualifications Required:

• 5+ years of experience in a cyber GRC, IT audit, or security assurance role.
• Deep, hands-on experience implementing and managing compliance programs based on common security frameworks (e.g., SOC 2, ISO 27001).
• Proven experience building or managing assurance programs in a remote-first, cloud-native environment. You must understand the risk and control differences between traditional on-premise security (e.g., office networks, firewalls) and a modern, distributed workforce (e.g., endpoint security, identity-first auth, Zero Trust principles).
• Strong working knowledge of security risk and governance frameworks (e.g., NIST Cybersecurity Framework, MITRE ATT&CK, NIS 2).
• Knowledge of emerging AI governance frameworks and regulations (e.g., NIST AI RMF, ISO/IEC 42001, EU AI Act).
• Proven experience securing and auditing public cloud environments (e.g., GCP, AWS, or Azure) as the primary corporate infrastructure.
• Direct administrative experience managing a GRC or compliance automation platform. Vanta experience is preferred.
• Proven experience managing the full lifecycle of external audits (e.g., scoping, evidence collection, auditor management).
• Experience working directly with engineering and SRE teams to integrate security controls into the SDLC (Software Development Life Cycle) and CI/CD pipelines, and familiarity with secure-by-default concepts.
• Strong understanding of cloud security principles, architectures, and securing containerized environments.
• Familiarity with the AI/ML development lifecycle and a strong understanding of security and privacy risks associated with machine learning and Generative AI models (e.g., adversarial attacks, model poisoning, prompt injection, data leakage).
• Knowledge of global data security and privacy laws (such as GDPR, CCPA/CPRA) and experience implementing their requirements.
• Experience driving assurance initiatives from ideation to deployment across cross-functional teams.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner to a diverse audience.
• A passion for problem-solving and using scalable solutions to solve repeat problems.
• Shares our company values: curiosity, transparency & directness, outcome-based performance, and customer empathy.

Nice-to-Have (Preferred):

• Experience developing assurance programs for Generative AI applications, particularly those involving sensitive or critical infrastructure data.
• One or more relevant professional certifications (e.g., CISSP, CISM, CCSK, CISA, CRISC).
• Hands-on experience implementing or auditing against an AI-specific framework (e.g., NIST AI RMF, ISO 42001).
• Experience working in the industrial sector, and direct familiarity with the challenges of IT/OT/AI convergence, including applying security frameworks to OT or ICS environments (e.g., IEC 62443).
• Development experience, including familiarity with common security libraries, security controls, and common security flaws.

Onboarding In your first 30 days... Foundation and Familiarization: The first month will focus on learning the company culture, key stakeholders, technology stack, and current GRC posture.

• Understand the Landscape

• Build relationships with key stakeholders in Cyber Enablement, SRE, Engineering, Legal, Data Science, and customer-facing teams.

• Gain a comprehensive understanding of Phaidra's existing GRC program, including all current security policies, handbook pages, and standards.

• Familiarize yourself with the core technology stack, including a deep dive into the current Vanta configuration, GCP environment, and Rippling.

• Review Phaidra's AI-powered control systems to understand the unique risk and compliance context, especially regarding the industrial sector and AI governance.

• Initial Assessments

• Conduct a full review of the current Vanta setup, including existing controls, automated tests, and owner assignments.

• Review the current enterprise risk register, exception logs, and TPRM program.

• Analyze past audit reports (SOC 2, ISO 27001) and penetration test results to identify historical gaps and recurring themes.

• Review the existing security awareness training materials and sales enablement repository.

In your first 60 days... Taking Ownership and Driving Execution: The second month will shift from learning to taking full ownership of GRC platforms and processes, and initiating key compliance activities.

• Program Ownership

• Take full administrative ownership of the Vanta platform, beginning to optimize configurations, automate new tests, and address any gaps identified in the first 30 days.

• Formally take ownership of the enterprise risk register and the risk exception process.

• Assume control of the security awareness training program, planning the next campaign or training module.

• Take ownership of all security policy and handbook pages, creating a plan for any necessary updates.

• Initiating Assurance Activities

• Begin planning for the next major audit cycle (e.g., SOC 2, ISO 27001), establishing timelines, communicating with stakeholders, and starting evidence collection workflows in Vanta.

• Initiate a new risk assessment on a critical business process or system.

• Partner with the sales and customer-facing teams to update the security questionnaire repository and address any immediate customer assurance requests.

• Collaborate with the SRE team to review and document disaster recovery and data backup systems.

In your first 90 days... Driving Impact and Future Strategy: By the end of the first three months, the focus will be on demonstrating tangible improvements, showing measurable progress, and planning the future GRC roadmap.

• Driving Initiatives

• Be fully managing the compliance calendar and any active audit evidence collection, ensuring all stakeholders are on track.

• Present an updated enterprise risk register to leadership, highlighting prioritized risks and proposed mitigation plans.

• Demonstrate measurable improvements in compliance automation (e.g., new automated tests in Vanta) and report on GRC program KPIs.

• Launch an updated security awareness training module or phishing campaign.

• Strategic Contributions

• Present a 6-12 month strategic roadmap for the GRC program, outlining key initiatives. This should include plans for maturing existing frameworks (SOC 2, ISO) and adopting new ones (e.g., NIST AI RMF, ISO 42001, NIS 2).

• Propose and begin implementing updates to key security policies to align with AI governance and other emerging requirements.

• Establish yourself as the key security partner for customer assurance and internal teams, showcasing how your work aligns with and upholds company values like transparency and customer empathy.

General Interview Process

All of our interviews are held via Google Meet, and an active camera connection is required.

• Meeting with People Operations team member (30 minutes)
• Meeting with Hiring Manager (45 minutes)
• Meeting with our Senior Product Security Engineer (60 minutes)
• Leadership Interview (60 minutes)
• Culture fit interview with Phaidra's co-founders (30 minutes)

Base Salary US Residents:

• Tier 1 (Largest highest-cost metros): $167,400 - $223,200
• Tier 2 (Other major metros): $159,030.00 - $212,040
• Tier 3 (Mid-sized metro areas): $150,660.00 - $200,880
• Tier 4 (All other locations): $142,290 - $189,720

In addition to base salary, this position is eligible for equity. Final salary will be determined based on several factors, including a candidate's qualifications, skills, competencies, experience, expertise, education and location. In some cases, final compensation may fall outside the posted range. Salary ranges are regularly reviewed and may be adjusted in response to market trends. Benefits & Perks

• Fast-paced, team-oriented environment where your work directly shapes the company's direction.
• We are a 100% remote company.
• Competitive compensation & meaningful equity.
• Outsized responsibilities & professional development.
• Training is foundational; functional, customer immersion, and development training.
• Medical, dental, and vision insurance (exact benefits vary by region).
• Unlimited paid time off, with a required minimum of 20 days per year.
• Paid parental leave (exact benefits vary by region).
• Flexible stipends to support your workspace, well-being, and continued professional development.
• Company MacBook.

Please note: Not all of Phaidra's benefits and perks listed above apply to temporary employees such as interns.

On being Remote We take a thoughtful and intentional approach to remote collaboration. Inspired by pioneers like GitLab, we embrace proven best practices to foster an exceptional remote work environment. Our culture is documentation-first, and we prioritize asynchronous communication to support focus and flexibility across time zones. While we value independence, we stay closely connected through tools like Slack and video conferencing. Weekly all-hands meetings help us align and build strong relationships, and we regularly host virtual team-building activities and social events to maintain a sense of camaraderie.

Equal Opportunity Employment Phaidra is an Equal Opportunity Employer; employment with Phaidra is governed on the basis of merit, competence, and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability, or any other legally protected status. We welcome diversity and strive to maintain an inclusive environment for all employees. If you need assistance with completing the application process, please contact us at hiring@phaidra.ai.

E-Verify Notice Phaidra participates in E-Verify, an employment authorization database provided through the U.S. Department of Homeland Security (DHS) and Social Security Administration (SSA). As required by law, we will provide the SSA and, if necessary, the DHS, with information from each new employee's Form I-9 to confirm work authorization for those residing in the United States.

Additional Information About E-Verify Can Be Found Here. To be considered for any position at Phaidra, you must submit an online application. This role will remain open until it is filled.

Phaidra only hires individuals who are legally authorized to work in the specified location(s) above. We do not provide employment sponsorship. Candidates requiring visa sponsorship, either now or in the future, are not eligible for hire.

WE DO NOT ACCEPT APPLICATIONS FROM RECRUITERS.