[Hiring] Head of Compliance @Treeline

Role Description

This is a dual-mandate role. Half of your job is building and owning Treeline's internal security and compliance program — maintaining our SOC 2 Type II posture, driving our ISO 27001 certification, and ensuring we operate at the standard we sell. The other half is delivering compliance outcomes directly for customers as the foundation of our growing Compliance-as-a-Service (CaaS) offering.

You'll be the person who knows how auditors think — because you've been one, worked alongside them, or spent years understanding exactly what they're looking for and why. You'll take that knowledge and use it to build frameworks from scratch, prepare customers for audits before the auditors arrive, and operate with credibility at every level of a customer organization — from a security engineer to a Series A CEO.

Responsibilities

• Build & own the foundation
  • Own Treeline's compliance program end-to-end — controls, evidence collection, Vanta/Drata hygiene, and auditor coordination — driving from gap assessment through certification
  • Build and maintain security policies, risk registers, vendor assessments, and ISMS documentation from the ground up
  • Partner with engineering, GTM, operations, and our portfolio companies to embed security and compliance into how Treeline builds and delivers
  • Serve as the internal point of contact for all compliance inquiries, customer security questionnaires, and audit requests
• Deliver for customers
  • Lead SOC 2 and ISO 27001 readiness engagements end-to-end — scoping, gap assessment, control implementation, and audit preparation
  • Manage the audit partner relationship and coordinate penetration testing as part of a complete compliance delivery package
  • Operate at every altitude: technical deep-dives with security engineers, roadmap presentations with founders and key stakeholders
  • Independently project manage multiple concurrent customer engagements — nothing slips, nothing waits on someone else
• Build the machine
  • Help build and grow Treeline's Compliance-as-a-Service offering into a repeatable, revenue-generating product line
  • Define the frameworks, scoping standards, and customer-facing artifacts that make compliance delivery scalable — so every engagement gets better, not just bigger
  • Feed what you learn in the field directly back into the platform — your customer work is upstream of product decisions, not downstream of them

Qualifications

• 5–8+ years in compliance, security, or risk — with meaningful time at or alongside an audit or advisory firm (SOC 2 audit shop, Big 4 risk practice, compliance consultancy)
• Personally run SOC 2 and ISO readiness projects end-to-end, not just supported them — you know what auditors will ask before they ask it
• Hands-on experience building compliance frameworks from scratch, not just maintaining established programs
• Deep familiarity with SOC 2 and ISO 27001; FedRAMP familiarity a plus
• Vanta or Drata experience strongly preferred — you know the platform, not just the concept
• Exceptional project management discipline — you can carry multiple engagements simultaneously and nothing slips
• Customer-facing communication skills that work at every level — as comfortable with a CISO as with a 5-person founding team
• Energized by building programs from scratch — blank-page problems don't intimidate you, they motivate you
• You want compliance to be a business driver, not a checkbox — and you know how to make that case
• US-based, available to travel occasionally to customer sites as the program scales

Benefits

• Founding equity at an a16z-backed company transforming a $200B+ market — you're joining at the inflection point, not after it
• Your work directly informs what Treeline's engineering team builds into the platform — you're upstream of product decisions, not downstream
• Direct partnership with Engineering and leadership; no layers, no ticket queues for your own ideas
• A team that values execution over hierarchy — small, collaborative, and genuinely building something new in a market that hasn't seen real innovation in decades
• Competitive base salary + equity
• Comprehensive health, dental, and vision coverage
• Flexible PTO and remote-first work environment