Who We Are
Atlan is building the missing context layer for data and AI, helping enterprises close the AI value chasm. Today, 95% of AI pilots fail because AI systems don’t understand the context behind data: what it means, how it’s governed, and how it should be used.
Atlan connects to every part of the modern data and AI stack to unify this context into a single, shared layer that both humans and AI agents can rely on.
With Atlan, teams can discover, understand, and trust their data; build and collaborate on a shared body of knowledge; and activate that context across analytics, operations, and AI workflows.Trusted by global enterprises like Mastercard, Workday, General Motors, Unilever, Ralph Lauren, FOX, Nasdaq, and Medtronic, we’re backed by world-class investors including GIC, Insight Partners, Meritech, Peak XV, and Salesforce Ventures
Why this Role Matters?
At Atlan, compliance isn't overhead — it's a competitive advantage that closes deals. We serve 450+ enterprise customers across healthcare, finance, and other regulated industries where security posture directly influences buying decisions.
You'll own and mature our compliance program across SOC 2, ISO 27001, ISO 42001, GDPR, and HIPAA — while building toward next-generation certifications like FedRAMP. But this isn't a maintenance role. You're joining as the technical architect of our Continuous GRC Maturity Program: a 12-month, executive-sponsored initiative to transform compliance from manual firefighting into automated, scalable infrastructure.
This role sits on our GRC & Platform Security team and operates with significant autonomy. If you've ever thought "there has to be a better way to do compliance," this is your chance to build it.
What you'll ownCompliance program maturity — Lead end-to-end audit execution across SOC 2, ISO 27001, ISO 42001, ISO 27701, HIPAA, and GDPR. Own auditor relationships, coordinate cross-functional evidence collection, and maintain year-round audit readiness.
Next-generation framework adoption — Drive FedRAMP readiness: assess platform gaps, build roadmaps, and turn new certifications into planned projects rather than fire drills.
Enterprise risk management — Build and mature Atlan's risk management program. Identify, assess, and track risks across security, operational, compliance, and third-party domains. Turn abstract risk conversations into measurable metrics with clear ownership and quarterly leadership reviews.
Third-party risk management — Own Atlan's vendor security assessment program end-to-end: tiered vendor reviews, security questionnaires, risk scoring, and ongoing monitoring. Balance vendor risk against business need at scale.
Compliance automation infrastructure — Integrate our GRC platform with cloud infrastructure, CI/CD pipelines, HR systems, and product engineering tooling to automate evidence collection and continuous control testing. Reduce manual audit prep effort significantly.
Controls that prove themselves — Partner with engineering and product teams to design technical controls that automatically generate auditable evidence. Implement continuous testing that catches gaps before auditors do.
Continuous controls monitoring — Design and operate real-time visibility into control effectiveness: automated dashboards, live control status, and alerting that surfaces gaps before audit cycles begin — not during them.
Organizational compliance capability — Build awareness programs, run training for engineering and cross-functional teams, and create self-service dashboards that make compliance easy. Make secure-by-default the path of least resistance.
What makes you a strong matchCompliance depth
5+ years owning SOC 2 Type II and/or ISO 27001 audits end-to-end — you've been the point person coordinating auditors, collecting evidence, and managing findings
Hands-on experience across multiple frameworks: SOC 2, ISO 27001, ISO 42001, and at least two of GDPR, HIPAA, ISO 27701, FedRAMP, or CCPA
Regulatory intelligence mindset — you track emerging requirements and build readiness roadmaps before compliance becomes urgent
Technical automation
Experience with modern GRC platforms (Vanta, Drata, Secureframe, or similar) extended via API — not just out-of-box configuration
Comfortable with REST APIs, JSON, OAuth, and CI/CD integrations
Program and stakeholder maturity
Built or maintained risk registers, facilitated leadership risk reviews, and turned risk conversations into concrete action plans
Customer-facing experience: security questionnaires, trust portals, or supporting enterprise sales cycles with compliance documentation
Able to influence engineering, product, HR, legal, and IT without formal authority — you're an enabler, not a gatekeeper
AI-augmented GRC — You actively use AI tools to accelerate compliance work: drafting control narratives, triaging risk findings, generating evidence summaries, and building AI-assisted workflows for continuous monitoring. You understand enough about AI systems to assess their risk implications — not just use them as productivity tools.
High agency — You drive toward outcomes without waiting for perfect requirements. You identify problems and build solutions. You thrive in ambiguity.
Nice to haveCISA, CRISC, CISM, or CGRC certification
FedRAMP or NIST framework hands-on implementation experience
Prior security engineering background before moving into GRC
Vanta Trust Center or similar trust portal experience
Hands-on experience applying AI/LLMs to GRC workflows — automated questionnaire responses, AI-assisted risk triage, policy generation, or compliance gap analysis
More About Us
Atlan is building the shared context layer that enterprises need so AI can operate on trusted, governed context. The conversation has moved from data leaders asking: “Can we trust the data in our stack?” to businesses asking: “Can we trust AI inside the business?”
We are the missing infrastructure for businesses becoming AI-forward - the connective tissue between their data stack, operational systems, and AI agents.
Recognized as an industry-leading metadata, catalog, and data governance platform, we’ve been named a Leader by both Gartner and Forrester across enterprise data catalogs, metadata management, and governance.
To learn more, visit www.atlan.com and follow us on LinkedIn
Equal Opportunity Employer
Atlan is committed to building an inclusive, diverse, and authentic workplace. We do not discriminate based on race, color, religion, national origin, age, disability, sex, gender identity or expression, sexual orientation, marital status, military or veteran status, or any other legally protected characteristic.
Top Skills
What We Do
Built by a data team for data teams, Atlan is the active metadata platform for the modern data stack. It stitches together metadata from various sources (Snowflake, dbt, Databricks, Looker, Tableau, Postgres, etc.) to create a unified data discovery, cataloging, lineage, and governance experience across all your data assets, from columns and queries to metrics and dashboards. Atlan facilitates a two-way movement of metadata, bringing context back into the tools and workflows that your data team uses every day — for example, in your BI tool when you wonder what a metric on the dashboard means.
A pioneer in the space, Atlan was named a Leader in Forrester Wave™️: Enterprise Data Catalogs for DataOps in 2022 and was recognized by Gartner seven times in 2021, including as a Cool Vendor in DataOps and in the inaugural Market Guide for Active Metadata Management. Today, we power pioneering data teams like WeWork, Plaid, Postman, Unilever, and Ralph Lauren. We recently raised a Series B, backed by top investors (including Insight Partners, Sequoia, and Salesforce Ventures) and founders & CEOs from the modern data stack (including Snowflake, Looker, and Stitch).
For more information, visit http://www.atlan.com/ or follow us on Twitter at AtlanHQ.
