Who We Are
Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm and finally move AI pilots into production. Today, 95% of AI pilots fail because AI systems don’t understand the context behind data: what it means, how it’s governed, and how it should be used.
Atlan unifies this context by connecting to every part of the data and AI stack, enabling teams to build, collaborate on, and activate shared context across data, business, and AI workflows, including for AI agents.
Trusted by global enterprises like Mastercard, Workday, General Motors, Unilever, Ralph Lauren, FOX, Nasdaq, and Medtronic, we’re backed by world-class investors including GIC, Insight Partners, Meritech, Peak XV, and Salesforce Ventures
Why this Role Matters?
At Atlan, compliance isn't overhead — it's a competitive advantage that closes deals. We serve 450+ enterprise customers across healthcare, finance, and other regulated industries where security posture directly influences buying decisions.
You'll own and mature our compliance program across SOC 2, ISO 27001, ISO 42001, GDPR, and HIPAA — while building toward next-generation certifications like FedRAMP. But this isn't a maintenance role. You're joining as the technical architect of our Continuous GRC Maturity Program: a 12-month, executive-sponsored initiative to transform compliance from manual firefighting into automated, scalable infrastructure.
This role sits on our GRC & Platform Security team and operates with significant autonomy. If you've ever thought "there has to be a better way to do compliance," this is your chance to build it.
What you'll ownCompliance program maturity — Lead end-to-end audit execution across SOC 2, ISO 27001, ISO 42001, ISO 27701, HIPAA, and GDPR. Own auditor relationships, coordinate cross-functional evidence collection, and maintain year-round audit readiness.
Next-generation framework adoption — Drive FedRAMP readiness: assess platform gaps, build roadmaps, and turn new certifications into planned projects rather than fire drills.
Enterprise risk management — Build and mature Atlan's risk management program. Identify, assess, and track risks across security, operational, compliance, and third-party domains. Turn abstract risk conversations into measurable metrics with clear ownership and quarterly leadership reviews.
Third-party risk management — Own Atlan's vendor security assessment program end-to-end: tiered vendor reviews, security questionnaires, risk scoring, and ongoing monitoring. Balance vendor risk against business need at scale.
Compliance automation infrastructure — Integrate our GRC platform with cloud infrastructure, CI/CD pipelines, HR systems, and product engineering tooling to automate evidence collection and continuous control testing. Reduce manual audit prep effort significantly.
Controls that prove themselves — Partner with engineering and product teams to design technical controls that automatically generate auditable evidence. Implement continuous testing that catches gaps before auditors do.
Continuous controls monitoring — Design and operate real-time visibility into control effectiveness: automated dashboards, live control status, and alerting that surfaces gaps before audit cycles begin — not during them.
Organizational compliance capability — Build awareness programs, run training for engineering and cross-functional teams, and create self-service dashboards that make compliance easy. Make secure-by-default the path of least resistance.
What makes you a strong matchCompliance depth
5+ years owning SOC 2 Type II and/or ISO 27001 audits end-to-end — you've been the point person coordinating auditors, collecting evidence, and managing findings
Hands-on experience across multiple frameworks: SOC 2, ISO 27001, ISO 42001, and at least two of GDPR, HIPAA, ISO 27701, FedRAMP, or CCPA
Regulatory intelligence mindset — you track emerging requirements and build readiness roadmaps before compliance becomes urgent
Technical automation
Experience with modern GRC platforms (Vanta, Drata, Secureframe, or similar) extended via API — not just out-of-box configuration
Comfortable with REST APIs, JSON, OAuth, and CI/CD integrations
Program and stakeholder maturity
Built or maintained risk registers, facilitated leadership risk reviews, and turned risk conversations into concrete action plans
Customer-facing experience: security questionnaires, trust portals, or supporting enterprise sales cycles with compliance documentation
Able to influence engineering, product, HR, legal, and IT without formal authority — you're an enabler, not a gatekeeper
AI-augmented GRC — You actively use AI tools to accelerate compliance work: drafting control narratives, triaging risk findings, generating evidence summaries, and building AI-assisted workflows for continuous monitoring. You understand enough about AI systems to assess their risk implications — not just use them as productivity tools.
High agency — You drive toward outcomes without waiting for perfect requirements. You identify problems and build solutions. You thrive in ambiguity.
Nice to haveCISA, CRISC, CISM, or CGRC certification
FedRAMP or NIST framework hands-on implementation experience
Prior security engineering background before moving into GRC
Vanta Trust Center or similar trust portal experience
Hands-on experience applying AI/LLMs to GRC workflows — automated questionnaire responses, AI-assisted risk triage, policy generation, or compliance gap analysis
Why Atlan?
Joining Atlan means being part of a global movement to help data teams do their life’s best work. Here’s what you can expect:
Competitive Compensation: We benchmark at the top of the market and keep compensation simple: strong base salary, performance‑based variable pay, and impact‑driven equity, so your total rewards grow in step with the value you create over time.
Health & Wellness: From Day‑1 health, dental, vision, and mental health to pet‑care perks and flexible health stipends, we design benefits offerings that lead in each country we're in.
Flexible Time Off & Leave Policies: We trust you to own your energy: flexible time off and modern leave so you can unplug properly, support yourself and your loved ones, and come back ready to drive an impact.
Accelerated Growth & Learning: Develop at an uncommon velocity through cutting-edge tech, complex implementations, and an experienced team that values mastery.
AI Native Culture: Atlan is where AI-native builders come to build the systems the future of work will run on. AI isn’t an add-on, it’s woven into how we build, think, and work every day, empowering every Atlanian to move faster and create a bigger impact.
Global, Remote-First, High-Trust: Work from anywhere with a diverse team across 15+ countries, in a trust-first, async environment that gives you true flexibility and ownership over how you work.
Equal Opportunity Employer
Atlan is committed to building an inclusive, diverse, and authentic workplace. We do not discriminate based on race, color, religion, national origin, age, disability, sex, gender identity or expression, sexual orientation, marital status, military or veteran status, or any other legally protected characteristic.
