Internal Security Compliance Auditor

About Oneleet:

Oneleet is a cybersecurity startup with a mission to revolutionize the industry. We make effective cybersecurity easy and painless for companies by providing a comprehensive platform that helps them build, manage, and monitor their cybersecurity management program.

Backed by top-tier venture capital firms including Y Combinator, our founding team brings over 10 years of penetration testing and cybersecurity experience. Join our team of opinionated rebels and help us create a category-defining company reshaping the broken and fragmented cybersecurity industry.

The Role:

The Internal Security Compliance Auditor plays a critical role in ensuring the quality and completeness of client evidence before they undergo formal external compliance audits. Working behind the scenes as part of our internal quality assurance team, you'll partner with our Security Program Managers to review controls documentation, validate evidence quality, and perform final pre-audit quality assurance checks across multiple compliance frameworks including SOC2, ISO27001, PCI, HIPAA, and GDPR.

Your expertise will strengthen our clients' compliance posture and prepare them thoroughly for their audit processes, while maintaining the high standards that differentiate Oneleet in the marketplace. This position requires deep technical knowledge of compliance frameworks combined with meticulous attention to detail.

Key Responsibilities:

• Perform thorough internal reviews of client-uploaded evidence for compliance frameworks including SOC2, ISO27001, PCI, HIPAA, and GDPR
• Conduct detailed quality assurance checks on individual controls to verify completeness, accuracy, and sufficiency prior to their audits with third-party auditing firms.
• Execute comprehensive final QA reviews prior to clients engaging with an external auditor.
• Identify gaps or weaknesses in evidence documentation and recommend improvements
• Develop and maintain internal QA standards and review methodologies
• Create guidance documents to help clients improve evidence quality
• Collaborate with Security Program Engineers to address compliance gaps
• Stay current on evolving compliance requirements across multiple frameworks to ensure our pre-audit preparation meets industry standards
• Track audit readiness metrics and identify opportunities for process improvement
• Provide expert feedback to our product team for compliance platform enhancements to better support pre-audit readiness

Requirements:

• Deep understanding of SOC2, ISO27001, PCI, HIPAA, and GDPR requirements
• Strong technical knowledge of security controls and their implementation
• Experience reviewing and evaluating evidence for compliance audits, particularly in preparing organizations for external audit processes
• Excellent attention to detail and quality control mindset
• Strong written communication skills for documenting findings
• Ability to work independently while supporting multiple client engagements
• Familiarity with compliance automation platforms and tools
• Experience in pre-audit preparation and internal quality assurance, preferably with multiple frameworks
• Certification in relevant frameworks (e.g., CISA, ISO 27001 Lead Auditor) preferred

Why Oneleet:

At Oneleet, you'll join a tight-knit crew of cybersecurity rebels on a mission to reshape the industry. We move fast, take ownership, and aren't afraid to disrupt stagnant business models to make security effortless for companies.

Our "work hard, play hard" culture means we hold ourselves to high standards, then celebrate wins. Our leading-edge tech stack keeps things exciting for any geek. And our experienced team ensures you're always sharpening your skills.

You'll have a blast doing deeply meaningful work. Expect hard problems, lots of autonomy, and plenty of growth. If you want your work to drive real change, this is the place to make your impact.

We offer competitive compensation, equity, plenty of PTO, flexible remote work, and quarterly off-sites to cool places (most recent one was in Amsterdam). But our mission is what really sets us apart.

If you're a passionate cybersecurity professional ready to elevate compliance standards and help our clients succeed, join our crew today!