Compliance Strategist – Security & Privacy

DevRev

DevRev’s AgentOS, purpose-built for SaaS companies, comprises three modern CRM apps for support, product, and growth teams. It connects end users, sellers, support, product people, and developers, reducing 9 business apps and converging 6 teams onto a common platform.

Unlike horizontal CRMs, DevRev takes a blank canvas approach to collaboration, AI, and analytics, enabling SaaS companies to increase product velocity and reduce customer churn. DevRev is used by thousands of companies in search of low latency analytics and customizable LLMs to thrive in this era of GenAI.

Headquartered in Palo Alto, California, DevRev has offices in seven global locations. We have raised $100 million in funding from investors like Khosla Ventures and Mayfield at a $1.1 billion valuation. We are also honored to be named on the Forbes 2024 list of America’s Best Startup Employers. Founded in October 2020 by Dheeraj Pandey, former co-founder and CEO of Nutanix, and Manoj Agarwal, former SVP of Engineering at Nutanix, DevRev continues to push the boundaries of innovation, helping thousands of companies thrive in the rapidly evolving landscape of AI-driven SaaS.

Key Responsibilities:

• Lead and manage security certification programs, including SOC 2 Type II, ISO 27001, HIPAA, FedRAMP, GDPR, and ensure ongoing audit-readiness and regulatory compliance.
• Develop and evolve compliance strategy, aligning it with evolving global regulatory landscapes and business needs.
• Drive the adoption and continuous optimization of GRC platforms (e.g., Drata, Vanta) to automate control testing, evidence collection, and reporting.
• Conduct internal risk assessments, gap analyses, vendor risk reviews, and control testing to maintain a strong security and compliance posture.
• Partner with Engineering, Legal, Product, HR, and leadership to implement, track, and document technical and administrative controls aligned with compliance frameworks (e.g., NIST 800-53, ISO 27001 Annex A).
• Support the legal and privacy team in reviewing and operationalizing data protection agreements, international data transfers, and GDPR obligations.
• Prepare responses to customer security questionnaires, RFPs, and third-party due diligence requests.
• Lead security awareness and compliance training programs across the organization to drive a culture of security-first.
• Monitor, track, and report on compliance and risk metrics, KPIs, and remediation plans to stakeholders and leadership.
• Stay current on emerging security/privacy regulations, threats, and industry trends to advise on strategic risk and compliance impacts.

Required Qualifications:

• 5 –7 years of relevant experience in Information Security Compliance, GRC, or Risk Management within SaaS or cloud-native environments.
• Deep expertise in multiple compliance and risk frameworks, including:
• SOC 2, ISO 27001, NIST 800-53, HIPAA, GDPR, FedRAMP.
• Proven experience with GRC tools such as Drata, Vanta, Tugboat Logic, or similar.
• Strong working knowledge of cloud infrastructure environments (AWS, GCP) and how they map to compliance controls.
• Strong project management and cross-functional collaboration skills.
• Excellent written and verbal communication, with the ability to influence across technical and non-technical teams.
• Experience developing and operationalizing compliance playbooks, control libraries, and audit processes.

Culture

The foundation of DevRev is its culture -- our commitment to those who are hungry, humble, honest, and who act with heart. Our vision is to help build the earth’s most customer-centric companies. Our mission is to leverage design, data engineering, and machine intelligence to empower engineers to embrace their customers. 

That is DevRev!