About Middesk: Revolutionizing Business Identity Verification
At Middesk, we believe in a world where businesses can trust each other implicitly. Since 2018, we've been at the forefront of transforming business identity verification, replacing outdated, manual processes with a seamless, data-driven platform. Our cutting-edge technology empowers companies across diverse industries to confidently verify business identities, accelerate customer onboarding, and mitigate risk throughout the entire customer lifecycle.
We're not just innovators; we're industry leaders. A proud Y Combinator alum, Middesk is backed by powerhouses like Sequoia Capital and Accel Partners. Our impact has been recognized by inclusion in the prestigious Forbes Fintech 50 List, and we've been cited as an industry leader in business verification by digital identity strategy firm, Liminal.
The Opportunity: Governance, Risk & Compliance Professional
Are you a GRC expert eager to shape the future of security and compliance in a high-growth fintech environment? We're seeking a dynamic and technically fluent Governance, Risk & Compliance professional to own, scale, and mature Middesk’s comprehensive security, privacy, and compliance programs.
This pivotal role acts as the essential bridge across our Engineering, Legal, Security, Operations, and Go-to-Market teams. You'll be instrumental in ensuring we consistently exceed customer, regulatory, and internal expectations, all while fostering agility and innovation. While not purely technical, this role demands a strong technical understanding to effectively liaise, translate, and interpret complex requirements between our technical and non-technical stakeholders.
What You'll Drive: Compliance & Trust Leadership: Own and optimize Middesk’s trust and compliance platform (currently Vanta), ensuring continuous monitoring, efficient evidence collection, and robust control maintenance. Risk & Vendor Management Oversight: Maintain a precise and up-to-date inventory of subprocessors and vendors, with a keen focus on access to customer data and PII. Customer & Partner Trust Building: Serve as the primary owner for responding to due diligence questionnaires (DDQs), comprehensive security reviews, and trust-related inquiries from our valued customers and partners. Governance & Policy Stewardship: Chair Middesk’s internal oversight or security committee, managing agenda setting, thorough documentation, and effective follow-ups. Cross-Functional Technical & Business Alignment: Develop and maintain a robust conceptual understanding of Middesk’s intricate data flows, systems, and architecture. IT Management & Strategy: Serve as the internal point of contact for our external IT vendor, or champion the strategic decision to bring IT management in-house. What You'll Bring: Proven experience owning or materially contributing to SOC 2 and/or ISO 27001 programs within a SaaS or data-driven organization.
Lead and sustain compliance efforts for critical frameworks and assessments including SOC 2, ISO 27001, and external penetration tests.
Orchestrate end-to-end coordination with internal teams and external auditors to successfully execute audits and assessments.
Collaborate strategically with Legal, Operations, and Engineering to meticulously assess vendor risk, implementing appropriate controls and contractual safeguards.
Develop and refine reusable artifacts and scalable processes to streamline security and compliance reviews as Middesk continues its rapid growth.
Own the complete lifecycle of security and compliance policies: from drafting and review to approval, rollout, and periodic refresh.
Ensure that policies are not just theoretical, but deeply aligned with actual practices and system behavior—moving beyond mere “paper compliance.”
Act as the vital translator between technical teams (Engineering, Security, Data) and non-technical teams (Legal, Sales, Customer Success, Operations).
Proactively identify and drive remediation for any gaps between business operations and their representation in compliance artifacts.
Hands-on proficiency with leading compliance automation tools such as Vanta, Drata, Delve, or similar platforms.
A strong understanding of fundamental data protection concepts, vendor risk management, and critical security controls, even if your background isn't purely engineering.
Exceptional ability to manage multiple stakeholders, navigate demanding deadlines, and clarify ambiguous requirements with sound judgment.
Superior written and verbal communication skills, adept at articulating complex information clearly to auditors, customers, and internal leadership.
Familiarity with prominent privacy frameworks (e.g., GDPR, CCPA) and their intersection with security and vendor management practices.