IT & Compliance Lead

About Zamp:

Mission -

Zamp is not a company, we’re a humanity catalyst. We’re on a mission to enable people to move at the speed of thought.

This decade, we’re focused on building digital employees for the future of work, unlocking human creativity at a scale the world has never seen. We work with 50+ top global organizations and banks (including DoorDash, Uber, and Stripe) with billions in revenue. We raised a $22M seed round in 2022 from Sequoia Capital, Dara Khosrowshahi (CEO, Uber), Tony Xu (CEO, DoorDash), and other global leaders.

One aspect of our purpose is to build what we believe to be the world’s best team, passionate, authentic, and relentlessly curious people who want to do their life’s best work, learn as much as possible, and create outsized impact.

Hear more from our founders here.

About the Role

We’re looking for a hands-on SecOps / IT & Compliance Lead to own and scale our security, compliance, and internal IT operations. This role is the primary owner for audits, risk management, endpoint security, and customer security reviews, while also acting as the escalation point for complex IT and security issues across identity, devices, and infrastructure.

You’ll balance strategic ownership with deep execution — building secure, compliant systems while keeping the company moving fast.

You Will:

• Own end-to-end audits and continuous compliance across required frameworks (e.g. SOC 2, ISO) using Sprinto, ensuring audit readiness at all times.

• Act as the single owner for compliance posture, including evidence collection, control effectiveness, and remediation tracking.

• Drive company-wide security and compliance trainings (Infosec, AI, etc.) and ensure consistent adoption across teams.

• Lead evaluation and onboarding of new compliance frameworks as customer, regulatory, and business needs evolve.

• Stay ahead of regulatory changes and translate requirements into practical, scalable security controls and processes.

• Partner closely with Legal, Engineering, Product, and Finance to embed security, compliance, and risk ownership into day-to-day workflows.

• Own and maintain the organizational risk register end-to-end, including identification, mitigation, ownership, and closure.

• Act as the escalation point and lead for security incidents related to compliance, data protection, or operational risk, including post-incident reviews.

• Own third-party and vendor security reviews, ensuring contractual, regulatory, and operational security requirements are met.

• Own internal IT and security operations, including identity and access management (JumpCloud), endpoint security (MDM, EDR), data loss prevention (DLP), and centralized logging/monitoring (SIEM).

• Define, implement, and enforce system hardening standards and secure baseline configurations across endpoints and cloud environments.

• Lead proof-of-concept (POC) initiatives for new security, IT, or access management solutions and drive production rollouts.

• Own password management and reset workflows, ensuring secure, scalable, and low-friction access management.

• Own asset and inventory management across all devices and systems, including lifecycle tracking and compliance alignment.

• Serve as the primary owner for customer security reviews, questionnaires, audits, and due-diligence requests, clearly representing the company’s security posture.

What we are looking for

• 5+ years of experience in IT, Security, SecOps, or Compliance roles within a high-growth company.

• Proven ownership of major audits end-to-end including SOC 2 Type II, ISO 27001,GDPR, ISO 42001 / AI governance frameworks etc.

• Strong IT / SysAdmin foundation, with hands-on experience managing: Identity & access management (SSO, SCIM, RBAC, lifecycle automation), Endpoint management (MDM, EDR, device hardening), Password managers, access workflows, and user provisioning/de-provisioning etc

• Comfortable being the single-threaded owner for compliance and audit readiness.

• Deep understanding of security controls, risk management, and evidence mapping, with the ability to translate abstract requirements into real, enforceable processes.

• Experience running continuous compliance using tools like Sprinto, Vanta, Drata, or similar.

• Strong working knowledge of cloud security fundamentals (preferably GCP or AWS), including logging, monitoring, access controls, and baseline hardening.

• Experience owning or contributing to: Risk registers and remediation tracking Vendor and third-party security reviews, Customer security questionnaires and due-diligence processes

• Ability to partner cross-functionally with Engineering, Legal, Product, Finance, and Leadership — influencing without slowing teams down.

• Comfortable acting as the escalation point during security or compliance incidents, including driving root cause analysis and post-incident reviews.

• Strong documentation and communication skills — able to clearly explain security posture to auditors, customers, and internal teams.

• Bias toward automation, scalability, and pragmatism over checkbox compliance.

• High ownership mindset - you don’t wait to be told what’s broken; you find it, fix it, and prevent it from breaking again.

Our Culture and Benefits:

At Zamp, we promote a culture of open communication, collaboration, and empowerment. We

value transparency, meritocracy, and a strong work ethic. Join our early team and help us build

something exceptional.

Perks:

• Competitive salaries and stock options with substantial potential upside.

• Collaborate with top talent.

• Diverse and inclusive workspace.

• Comprehensive medical insurance for employees, spouses, and children.

• A culture celebrating every victory.

• Continuous learning and skill development opportunities.

• Enjoy good food, games, and a comfortable office environment.