Supabase - Internal Auditor
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Are proficient with Vanta or similar GRC platforms (Drata, Secureframe, etc.) and comfortable leveraging automation for compliance • proficient with Vanta • Can translate compliance requirements into practical, developer-friendly processes that don't slow down innovation • Communicate clearly across both technical and non-technical audiences—you can talk controls with engineers and risk with executives • Have experience in async or globally distributed teams—you're self-directed and know how to drive outcomes remotely • async or globally distributed teams • Are comfortable navigating ambiguity and moving quickly—you build the plane while flying it • navigating ambiguity and moving quickly • Bring a pragmatic, risk-based mindset rather than checkbox compliance; you understand when to push for rigor and when to be flexible • pragmatic, risk-based mindset
Responsibilities
• Lead audit readiness and execution for SOC 2, ISO 27001, PCI DSS, and other compliance frameworks relevant to our customer base • Lead audit readiness and execution • Manage the compliance lifecycle in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous monitoring • Manage the compliance lifecycle • Coordinate cross-functional audit activities with engineering, product, security, infrastructure, and support teams to gather evidence and remediate findings • Coordinate cross-functional audit activities • Design and implement internal audit programs that scale with our rapid growth, identifying gaps and driving process improvements • Design and implement internal audit programs • Partner with external auditors to facilitate smooth audits and ensure timely completion of certifications • Partner with external auditors • Document policies, procedures, and controls that align with industry standards and support our security-by-design approach • Document policies, procedures, and controls • Build relationships across the organization to embed compliance thinking into product development and operational workflows • Build relationships across the organization • Track and report on compliance metrics, providing visibility to leadership on audit status, risk areas, and remediation progress • Track and report on compliance metrics • You Might Be a Good Fit If You • Have 5**+ years of experience** in internal audit, compliance, or GRC roles, ideally in fast-growth SaaS or cloud infrastructure companies • Are able to understand modern engineering practices and how they can be leveraged for compliance without hindering engineering agility/velocity • understand modern engineering practices • Have hands-on experience with SOC 2, ISO 27001, and PCI DSS audits—you've led or contributed to successful certifications
Benefits
• Fully Remote • We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world. • Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together. • Tech Allowance • Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work. • Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us. • Annual Off-Sites • Annual Off-Sites • Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year. • Flexible Work • We operate asynchronously and trust you to manage your own time. You know what needs to be done and when. • Professional Development • Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth. • Supabase was born-remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love. • 180+ team members • 15+ languages spoken • 430,000+ community members • 30,000+ memes posted (and counting) • We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities. • We keep things simple, async-friendly, and respectful of your time: • Intro Call – A short video chat to get to know each other. • Interviews – Up to four calls with: • Future teammates • Someone cross-functional from product, growth, or engineering (depending on the role) • Decision – We may follow up with a final question or go straight to offer. • All communication is remote and we aim to move fast.
No credit card. Takes 10 seconds.