Lead Compliance Manager

About Us

Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners specifically within cybersecurity, privacy, and financial audit. Put simply, we build software for the people who enable trust between businesses.

We’re based in San Francisco, CA, but built as a remote-first company that enables you to do your best work from anywhere. We're backed by top investors including Growth Equity at Goldman Sachs Alternatives, Bessemer Venture Partners, 8VC, Floodgate, Y Combinator, DNX Ventures, Global Founders Capital, Justin Kan, Elad Gil, and more.

We value diversity — in backgrounds and in experiences. We need people from all backgrounds and walks of life to help build the future of audit and advisory. Fieldguide’s team is inclusive, driven, humble and supportive. We are deliberate and self-reflective about the kind of team and culture that we are building, seeking teammates that are not only strong in their own aptitudes but care deeply about supporting each other's growth.

As an early stage start-up employee, you’ll have the opportunity to build out the future of business trust. We make audit practitioners’ lives easier by bringing together up to 50% of their work and giving them better work-life balance. If you share our values and enthusiasm for building a great culture and product, you will find a home at Fieldguide.

About the Role

Fieldguide is a Vertical AI company building Agents for the most complex workflows in audit. We partner with ambitious enterprise customers, including over 50 of the 100 largest accounting firms, and operate in a $100B+ market undergoing rapid transformation.

We’re looking for a Lead Compliance Manager to own and scale Fieldguide’s compliance programs end-to-end. Our customers are audit and assurance firms, the people whose job it is to evaluate trust and compliance, which means our compliance bar isn’t just high, it’s part of everything we do.

We maintain SOC 2 and ISO 42001 certifications today and are pursuing additional frameworks and certifications. You’ll own all of this: the frameworks, the auditor relationships, the automation, and the tooling that makes it all scale. This role combines compliance program leadership with hands-on GRC engineering. You’ll build the processes and the systems that support them.

What You’ll Own

Compliance program management

• Lead SOC 2 and ISO programs through the full audit lifecycle, scoping, evidence collection, control testing, auditor management, and remediation tracking.

• Drive Fieldguide’s journey towards additional compliance frameworks and standards from gap assessment to audits.

• Own the mapping of controls across overlapping frameworks. Maintain corporate policies, standards, and procedures.

• Manage external relationships with auditors, assessors, consultants, and customers. Coordinate audit timelines, responses, and remediation plans.

GRC automation and tooling

• Build integrations that continuously gather compliance evidence from AWS, GitHub, identity providers, and internal systems. Replace manual screenshots and spreadsheets with automated, auditable pipelines.

• Design and implement continuous control monitoring: surface drift, alert on failures, and maintain dashboards for compliance program health and KPIs.

• Own and operate the GRC platform. Configure control mappings, manage integrations, and ensure the platform accurately reflects our posture.

• Integrate compliance checks into CI/CD pipelines, infrastructure-as-code reviews, and deployment processes. Make compliance a natural part of how engineers ship code.

Customer trust and GTM enablement

• Build and maintain self-serve tools that streamline customer security questionnaires, trust center content, and due diligence processes.

• Partner with GTM teams to handle strategic customer security assessments. Help articulate Fieldguide’s compliance posture in sales processes.

• Reduce time-to-response on security reviews through automation and scalable processes.

Vendor risk and security awareness

• Evaluate and monitor third-party vendors for security and compliance risk. Build and maintain the vendor assessment program.

• Create and deliver security awareness training. Draft security best practices and drive company-wide adoption.

What Success Looks Like

• Fieldguide maintains continuous audit readiness across all frameworks. Audits are routine.

• Compliance with additional frameworks and standards progresses on a clear timeline aligned with business needs.

• Evidence collection and control monitoring are largely automated, freeing time for strategic compliance work.

• GTM teams can respond to customer security assessments quickly and confidently without pulling you into every conversation.

• Engineers experience compliance as a lightweight, integrated part of their workflow rather than a burden.

• You’ll dogfood and be an expert at Fieldguide’s products for many parts of your role.

Who You Are

• Framework expert and operator: You’ve managed SOC 2 and ISO 27001 programs through full audit cycles. You know the difference between controls on paper and controls that actually work.

• AI-native instincts: You see AI and agents as a way to fundamentally change how compliance operates. You're excited to use LLMs for tasks like evidence narrative generation, control gap analysis, policy drafting, and security questionnaire responses, so compliance scales through automation rather than grinding through spreadsheets.

• Builder and automator: You instinctively look for ways to eliminate manual work. You write code or build integrations to automate evidence collection, monitoring, and reporting.

• Technically credible: You understand cloud architectures (AWS), CI/CD pipelines, and modern software development well enough to evaluate controls and have productive conversations with engineers.

• Clear communicator: You explain compliance requirements to engineers without being bureaucratic, present to auditors and customers with confidence, and write clear policies.

• Comfortable with ambiguity: You’re building compliance infrastructure at a growth-stage company. You thrive in managing complex, multi-workstream programs with many moving pieces.

Experience

• 6+ years in security compliance, GRC, or audit with direct experience managing SOC 2 and ISO 27001 programs through full audit cycles.

• Experience with compliance automation platforms, especially building and automating controls and integrations.

• Working knowledge of AWS security services, CloudTrail, Config, Security Hub, IAM, and the ability to query and integrate them programmatically.

• Familiarity with infrastructure-as-code tools (Terraform, CloudFormation) and CI/CD pipelines.

• Experience with AI governance frameworks (ISO 42001) or the intersection of AI compliance and traditional security compliance is a plus.

• Prior experience in public accounting or audit firms, understanding our customers’ world from the inside, is a plus.

• CISA, CISSP, CISM, or ISO 27001 Lead Auditor certification is a plus.

• (Nice to have) Hands-on technical skills: you write production-quality code or scripts (Python, TypeScript, or similar) and can build integrations with APIs and cloud services.

• (Nice to have) FedRAMP experience: you’ve been through at least one authorization or significant assessment, including SSP development, 3PAO coordination, and ConMon.

More about Fieldguide

Fieldguide is a values-based company. Our values are:

• Fearless - Inspire & break down seemingly impossible walls.

• Fast - Launch fast with excellence, iterate to perfection.

• Lovable - Deliver happiness & 11 star experiences.

• Owners - Execute & run the business with ownership.

• Win-win - Create mutual value & earn trust for life.

• Inclusive - Scale the best ideas with inclusive teams.

Some of our benefits include

• Competitive compensation packages with meaningful ownership

• Flexible PTO

• 401k

• Wellness benefits

• Technology & Work from Home reimbursement

• Flexible work schedules