[Hiring] Senior Risk & Audit Specialist @Remote Woman

Role Description

As a Senior Risk & Audit Specialist at Upsun, you help keep our security, risk, audit, and compliance work moving with clarity, care, and consistency. Reporting to the Director, Risk & Audit, you'll work closely with teams across Security, Engineering, IT, Legal, Product, and Sales to keep key audits and certifications (including ISO 27001, SOC 2, PCI DSS, and HIPAA) on track and our global business audit-ready.

• Support active and upcoming audits, including ISO 27001, SOC 2, PCI DSS, HIPAA, and other relevant assurance work by coordinating evidence collection, reviewing evidence quality, scheduling walkthroughs, and following up with control owners.
• Support risk assessments, risk register updates, control monitoring, issue tracking, and risk treatment follow-up by working with teams to identify control gaps, agree on practical actions, and track remediation through to completion.
• Conduct third-party risk management reviews to support a comprehensive view of organizational risk.
• Support ongoing compliance activities across established frameworks and emerging readiness work (including Australia ISM/IRAP/HCF, NIS2, and ISO 42001/AIM) while maintaining policies, procedures, control narratives and supporting documentation.
• Respond to customer and prospect security or compliance questions in partnership with Sales, Legal, Security, and Product, and support updates to the Trust Center and other trust documentation.
• Prepare clear updates on audit status, risks, blockers, metrics, and remediation progress for leadership and look for opportunities to simplify repeatable processes and reduce audit friction for control owners.
• Use risk, audit, and compliance tools to keep work organized, traceable, and easy to report on.
• Support internal audit and review activities as needed.

Qualifications

• 5+ years of experience in risk, audit, compliance, governance, security assurance, or a closely related area.
• Hands-on experience supporting audits, evidence collection, control testing or monitoring, and remediation tracking.
• Working knowledge of security and compliance frameworks such as ISO 27001, SOC 2, PCI DSS, HIPAA, ISO 42001, GDPR, PIPEDA or similar standards.
• Ability to explain requirements clearly to both technical and non-technical audiences.
• Strong organization and prioritization skills, especially when managing several deadlines at once.
• Good judgement, attention to detail, and a practical approach to solving problems.
• Comfort working in a remote, global environment with cross-functional teams across varied timezones.

Bonus Points

• Experience with governance, risk, and compliance tools or audit management platforms.
• Experience supporting customer assurance, security questionnaires, or trust documentation.
• Working knowledge of Third-party risk management (TPRM).
• Relevant certifications such as CISA, CRISC, CISSP, CC, CISM, CGEIT, ISO 27001, ISO 42001 or similar.

Benefits

• Flexible PTO
• Comprehensive healthcare coverage (UK, Canada, France, Spain, USA)
• Company stock options
• Professional development budget
• Office equipment budget
• Wellness budget
• Annual team gatherings
• Internet reimbursement
• Inclusive parental leave
• Remote work travel program

Company Description

Upsun is the cloud application platform humans and robots love. It is built for today’s hybrid teams, where AI agents write and test code and humans focus on solving the problems that really matter. Our core belief is that software should power brighter solutions and greater innovation.

• Upsunners are a remote, global workforce, and we thrive in a multicultural team.
• We are committed to open source and an open, welcoming environment.
• Our values include making a positive impact, aiming for the stars, and caring for each other.