Senior Security & Compliance Specialist

About the position Are you passionate about building privacy, security, and compliance programs that scale with innovation? Do you thrive in collaborative environments where your expertise helps shape the foundation of a growing technology platform? Are you energized by solving complex challenges and supporting cross-functional teams on their journey toward privacy, security, and regulatory alignment? If so, we invite you to be a part of our innovative team. Ridgeline is looking for a Senior Security and Compliance Specialist to support our expanding platform and growing team. In this role, you’ll work alongside leaders in Security, Engineering, Legal, and People to thoughtfully develop and maintain the controls, procedures, and governance frameworks that safeguard our platform and data. You’ll help translate compliance objectives into practical, scalable processes—contributing to the company’s ability to meet evolving regulatory expectations. You’ll also support training and awareness programs, while using modern tools—including AI technologies like ChatGPT—to improve documentation, workflows, and operational resilience. At Ridgeline, how we work matters as much as what we build. Ridgeliners act like owners, choose growth over comfort, and communicate with transparency. We assume positive intent, bias toward action, and bring solutions—not just problems. We celebrate wins, learn from setbacks, and thrive in a resilient, collaborative, high-performing culture. If this excites you, we’d love to meet you. You must be work authorized in the United States without the need for employer sponsorship. Responsibilities • Collaborate with cross-functional teams to embed privacy and security principles early in project design and planning • Establish and maintain scalable policies, controls, and procedures to support compliance with domestic and international data protection regulations • Support internal teams in understanding audit requirements and outcomes, and help prioritize meaningful remediation steps • Contribute to the development and delivery of privacy, security, and compliance training for Ridgeline employees • Draft and update internal security policies, technical documentation, and control narratives • Monitor evolving regulations and assess their impact on Ridgeline’s privacy and compliance programs • Manage and continuously improve auditing and monitoring processes to align with industry standards • Evaluate third-party and internal tools for regulatory compliance and security posture • Support program management across compliance-related initiatives in partnership with Security TPMs • Promote a culture of accountability, empathy, and shared learning across the company Requirements • Bachelor’s degree in Management Information Systems, Accounting, Computer Science, or equivalent practical experience • 4+ years in risk and controls, audit, project management, or information security compliance • Familiarity with key regulatory standards (e.g., SOC 1, SOC 2, ISO27001, ISO27018, CCPA, GDPR) • Experience implementing privacy and security controls aligned to frameworks such as GDPR • Understanding of security and compliance frameworks including CSA CCM, NIST, CoBIT, and Trust Service Criteria • Awareness of responsible AI practices, privacy regulations, and ethical use of technology • Strong organizational and prioritization skills across multiple initiatives • Ability to effectively collaborate and communicate across all levels of an organization • Commitment to continuous learning and adaptability in a dynamic environment • Serious interest in having fun at work Nice-to-haves • AWS Certified Cloud Practitioner (CCP) • Certified Information Systems Auditor (CISA) • Certified Information Privacy Professional (CIPP/E, CIPP/US, or CIPP/CA) • Experience with the ISO 42001 framework • Exposure to public cloud governance or Responsible AI compliance Benefits • unlimited vacation • educational and wellness reimbursements • $0 cost employee insurance plans Apply tot his job