Pulse Job logoPulse Job
HomeJobsBlogPricingContact
Pulse Job logoPulse Job

Trusted global job portal connecting talented professionals with top companies worldwide.

support@pulsjob.com

For Job Seekers

  • Browse Jobs
  • Premium Jobs
  • Create Profile
  • Pricing
  • Career Tips

For Employers

  • Hire someone
  • Employer Dashboard
  • Success Stories

Career Tools

  • AI Auto-Apply
  • Expert Resume Review
  • Set Job Alerts

Company

  • About Us
  • Contact
  • Blog

Support

  • FAQ
  • 14-Day Refund Policy
  • Privacy Policy
  • Terms of Service
  • Community Guidelines

Copyright © 2026 Pulse Job. All rights reserved.

FacebookTwitterLinkedInInstagram

Get the Pulse Job app for the best experience.

Disclaimer: Pulse Job is a platform connecting job seekers with employers. We do not guarantee employment or verify all employer claims. Users should exercise due diligence when applying for jobs or hiring candidates.

  1. Home
  2. Jobs
  3. Sr. Security Controls & Com...

Sr. Security Controls & Compliance Engineer (Contract)

Back to Jobs
UP.Labs logo

Sr. Security Controls & Compliance Engineer (Contract)

UP.Labs

Location

Remote

Experience

Senior

Posted

Jul 7, 2026

Apply by

August 6, 2026

Applicants

0

Early applicantContractWork from Home

Sign in to apply on web or download the app for more options.

Job Description

### **About the Role** UP.Labs is a venture studio that builds and launches vertical AI enterprise SaaS companies with corporate partners in transportation, mobility, logistics, and industrial markets. We are hiring a Senior Security Controls & Compliance Engineer on a 6+ month contract to build, implement, and operate the security control foundation across multiple venture applications. This is a hands-on security execution role. We are not looking for someone who documents gaps, manages a compliance tool, and routes work to engineering. We need an operator who can understand enterprise customer security requirements, identify the controls required, implement or configure those controls directly, and verify they are operating effectively. You will prepare our venture applications for SOC 2 readiness while supporting enterprise customer data, information security, and TPRM requirements. Because our ventures are built alongside large corporate partners, the security bar is set by real enterprise buyers from day one, not by an internal checklist. The goal is a repeatable security baseline that each venture application can inherit, operate against, and carry forward as it matures or spins out into an independent company. ### **What You'll Own** Given the contract timeline, you should expect to operate independently across both the technical implementation and the compliance and customer-facing sides of security. Specifically, you will: - Build, implement, and operate security and compliance controls across multiple venture applications and supporting systems. - Translate enterprise customer security, data handling, and TPRM requirements into practical technical controls, operational workflows, evidence requirements, and remediation plans. - Create a reusable security control baseline that can be applied across current and future venture applications. - Select, configure, and operate a compliance automation platform (evaluating options such as Vanta, Drata, or Secureframe), including evidence integrations across cloud, GitHub, identity providers, ticketing, device management, and productivity tools. - Implement identity and access controls: SSO, MFA, role-based access, least privilege, access review workflows, and offboarding evidence. - Implement secure SDLC controls: branch protection, required code reviews, code scanning, dependency scanning, secret scanning, vulnerability management, and release/change management evidence. - Implement cloud security controls: IAM policies, encryption settings, logging, monitoring, backups, network restrictions, and security alerting. - Implement operational security workflows: vendor review, risk review, change management, policy attestation, incident response evidence, exception tracking, and recurring control reviews. - Maintain a centralized control library mapped to SOC 2 Trust Services Criteria, customer-specific requirements, and relevant frameworks (ISO 27001, NIST CSF, CIS Controls). - Support SOC 2 readiness end to end: control mapping, evidence requirements, gap tracking, audit prep, and control verification. - Identify launch-blocking security gaps and close them directly where possible. - Partner with product engineering only where application-specific code, architecture, or deeper infrastructure changes are required, writing clear technical requirements and acceptance criteria for that work. - Support customer security questionnaires, audits, evidence requests, and enterprise security reviews with accurate technical detail. - Track control gaps, remediation status, launch blockers, and compliance risk for leadership. - Produce a repeatable security implementation playbook that future ventures can inherit, and support the handoff of a venture's security posture when it spins out. ### **What Success Looks Like** - Enterprise customer requirements are translated into implemented controls, not just documented gaps. - Each venture application has a working security baseline across identity, cloud, source control, CI/CD, logging, monitoring, evidence, and operational processes. - SOC 2 readiness is actively tracked with clear control ownership, evidence collection, and operating cadence. - Compliance tooling is selected, configured, and producing useful evidence across the required systems. - Engineering teams are engaged only when product-specific implementation is required, not overloaded with generic security tasks. - Security launch blockers are identified early, prioritized clearly, and remediated quickly. - Customer security reviews, audits, and questionnaires are handled with accurate technical detail and supporting evidence. - Leadership has clear visibility into control maturity, launch risk, audit readiness, and open remediation items. - A reusable security control baseline and playbook exists that can be applied to new ventures and carried forward as they spin out. ### **Required Qualifications** - 7+ years in security engineering, cloud security, DevSecOps, security operations, security compliance, or GRC, including hands-on control implementation in cloud/SaaS environments. - At least one full SOC 2 readiness-through-audit cycle owned or driven end to end. - Demonstrated ability to configure and operate security and compliance systems directly, not just document requirements. - Strong command of security controls, audit evidence, policy requirements, control testing, and control operation. - Proven experience translating enterprise customer security requirements into practical technical controls. - Hands-on experience with identity and access controls (SSO, MFA, RBAC, least privilege, access reviews, offboarding). - Hands-on experience with secure SDLC controls (source control permissions, code review, branch protection, vulnerability management, dependency and secret scanning, change management evidence). - Hands-on experience with cloud security controls (IAM, encryption, logging, monitoring, backups, network restrictions, alerting). - Experience standing up and operating a compliance automation / GRC platform (e.g., Vanta, Drata, Secureframe) from scratch. - Familiarity with our core stack: GitHub, Jira or Linear, Okta, Google Workspace, Slack, and a major cloud provider (AWS, Azure, or GCP). - Strong written communication for policies, procedures, audit documentation, technical requirements, and customer-facing security responses. - Ability to operate independently in an ambiguous, fast-moving venture environment and deliver on a compressed timeline. ### **Preferred Qualifications** - Experience supporting enterprise customers with strict security, data handling, or TPRM requirements. - Experience in venture-backed startups, enterprise SaaS, or venture studio environments. - Experience carving a company's security posture out of a parent or shared-services environment during a spin-out or standalone build. - Familiarity with SOC 2 Trust Services Criteria, ISO 27001, NIST CSF, or CIS Controls. - Experience with GitHub security features, CI/CD security controls, vulnerability management tools, and cloud security monitoring. - Relevant certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer, AWS Security Specialty, or Security+. ##

Key Responsibilities

  • Build, implement, and operate security and compliance controls across multiple venture applications.
  • Translate enterprise customer security and TPRM requirements into technical controls and remediation plans.
  • Create a reusable security control baseline applicable to current and future applications.
  • Select, configure, and operate a compliance automation platform with evidence integrations.
  • Implement identity and access controls including SSO, MFA, and role-based access.
  • Implement secure SDLC controls such as branch protection, code scanning, and vulnerability management.
  • Implement cloud security controls including IAM policies, encryption, and monitoring.
  • Maintain a centralized control library mapped to SOC 2 and other frameworks.
  • Support SOC 2 readiness through control mapping, evidence collection, and audit prep.
  • Identify and close launch-blocking security gaps directly.
  • Partner with engineering teams for application-specific security implementation.
  • Support customer security questionnaires, audits, and enterprise reviews.
  • Track control gaps, remediation status, and compliance risk for leadership.
  • Produce a repeatable security implementation playbook for future ventures.

Skills Required

Security EngineeringCloud SecurityDevSecOpsSecurity OperationsSecurity ComplianceGRCSOC 2 ReadinessIdentity and Access ControlsSSOMFARBACLeast PrivilegeSecure SDLCSource ControlCode ReviewBranch ProtectionVulnerability ManagementDependency ScanningSecret ScanningChange ManagementIAMEncryptionLoggingMonitoringBackupsNetwork RestrictionsAlertingCompliance Automation PlatformsVantaDrataSecureframeGitHubJiraLinearOktaGoogle WorkspaceSlackAWSAzureGCPWritten CommunicationIndependent OperationProblem SolvingAttention to DetailSOC 2 Trust Services CriteriaISO 27001NIST CSFCIS ControlsGitHub security featuresCI/CD security controlsVulnerability management toolsCloud security monitoring

App exclusive · Free

Smart Job AI Coach

Your personal interview coach on every job — readiness tips, profile improvements, and role-specific prep. Available only in the Pulse Job app.

Interview readiness

See how prepared you are and what to improve for each role.

Personalized tips

Actionable suggestions based on your profile and the job.

After you apply

Keep coaching momentum from job detail through application success.

Get Smart Job AI Coach in the appFree on iOS and Android

Job Overview

Salary

—

Job Type

Contract

Experience

Senior

Location

Remote

Application Deadline

August 6, 2026

Total Applicants

0

About UP.Labs

UP.Labs logo

UP.Labs is a leading company in the Technology sector, known for innovation and employee-centric culture.

View Company

Similar roles for you

Matched using this role's title and skills. Open the job search anytime to see every listing.

Believe logo

Senior Cybersecurity GRC

Believe

Full-timeEasy applyHybrid
Paris·Senior·Jul 10
Lloyds Banking Group logo

AI Engineer - (Grade "F")

Lloyds Banking Group

92,701–109,060 / Year

Full-timeEasy applyHybrid
Manchester·Senior·Jul 10
P

IN_Senior Associate_Azure DevOps _Digital Integration_Advisory_Gurgaon

PwC

Full-timeEasy applyWork from Office
Gurugram 10 C·Senior·Jul 11
NetSuite logo

Senior Software Developer (OCI - Health Infrastructure)

NetSuite

89,200–209,500 / Year

Full-timeEasy applyWork from Office
Nashville·Senior·Jul 10
P

Senior Associate - Cyber Security (Pentest)

PwC

Full-timeWork from Office
Hanoi·Senior·Jul 7
Brightvision logo

Oracle Cloud Security Engineer

Brightvision

100,000–150,000 / Year

Full-timeEasy applyWork from Home
Remote·Senior·Jul 10
Browse all jobs