Program Manager (Security & Compliance)
FluidStack
Location
New York City, San Francisco
Employment Type
Full time
Location Type
On-site
Department
Security
The Security Compliance Lead at Fluidstack will play a critical role in scaling our compliance program across fast-paced startup operations, remote workforce practices, and datacenter environments. This role is dedicated purely to compliance management and readiness, ensuring our teams are always audit-ready and continuously improving how we meet industry standards. The Security Compliance Lead will help Fluidstack achieve and maintain key certifications such as SOC 2, ISO 27001, and tailored NIST subset controls as required by customers, while also preparing the organization for future frameworks like FedRAMP and Rand. This position offers the opportunity to make a direct impact on Fluidstack’s growth by strengthening trust with customers, partners, and regulators.
Key Responsibilities
Scale and enhance Fluidstack’s compliance program, aligning it with business goals and regulatory frameworks.
Develop compliance roadmaps, policies, and procedures tailored to startup speed, remote workforces, and datacenter environments.
Implement automated systems for evidence collection and tracking to ensure Fluidstack is always audit-ready.
Lead compliance initiatives focused on SOC 2, ISO 27001, and NIST subsets, while preparing for future certifications like FedRAMP and Rand.
Manage audits and certifications end-to-end, serving as the main point of contact for auditors, regulators, consultants, and customers.
Scope compliance requirements to balance short-term certifications with long-term program growth.
Build and maintain a control framework across applicable standards; monitor and test controls regularly to validate readiness.
Use GRC platforms (Vanta, Drata, Tugboat Logic, Archer, SecureFrame, or equivalent) and Atlassian tools (Jira, Confluence) to streamline compliance management.
Provide compliance training and reminders to staff involved in audits.
Deliver dashboards and reports on compliance status, program maturity, and audit outcomes for leadership and stakeholders.
Support customer and partner assurance by responding to compliance inquiries.
Collaborate with customers, datacenter owners, consultants, and partners to align compliance requirements across shared projects.
Required Qualifications
5+ years in compliance or IT audit, with experience scaling programs in high-growth startups.
Hands-on experience with SOC 2, ISO 27001, and some NIST subsets.
Exposure to datacenter compliance and physical security assessments.
Experience scoping compliance requirements across frameworks and customer needs.
Familiarity with GRC tools (Vanta, Drata, Tugboat Logic, Archer, SecureFrame, or equivalent) and Atlassian (Jira, Confluence).
Strong project management and communication skills.
Preferred Qualifications
Relevant certifications (e.g., CISA, CRISC, ISO 27001 Lead Auditor).
Experience scaling compliance programs in high-growth startups with hybrid (cloud + datacenter) infrastructure.
Familiarity with frameworks such as FedRAMP and Rand.
Experience with customer assurance processes (security questionnaires, RFPs, compliance addendums) and communicating compliance posture directly to customers, auditors, and regulators.