Head of Compliance & GRC

About Nametag

Nametag is building the future of secure digital identity. Our mission is to make it easy for people and organizations to prove who they are online - safely and seamlessly. We’re pioneering next-generation identity verification and account protection so that users can control their own identity, and companies can build trust without friction.

The Role

Nametag is seeking an experienced Compliance & GRC leader to own and evolve our security and compliance program. This role is ideal for someone who thrives in a fast-paced startup environment, has deep experience with SOC 2 and other compliance frameworks, and is comfortable building and running programs with limited resources. You'll report directly to the Head of Engineering and partner closely with the engineering team to ensure security is built into everything we do.

As the Head of Compliance & GRC, you will own the entire security and compliance function - maintaining our existing certifications, driving new compliance initiatives, coordinating penetration tests, and building trust with customers and prospects. This is a hands-on leadership role where you'll be the team initially, with a clear path to building and leading a team as Nametag scales. You'll work closely with engineering, product, sales, and customer success to ensure security enables the business rather than blocking it.

What You’ll Do

Compliance Program Management

• Own and maintain SOC 2 Type II certification, including evidence collection, control monitoring, and audit coordination
• Drive IAL3 compliance readiness and implementation
• Manage accessibility compliance (WCAG) requirements
• Identify and pursue additional certifications as needed based on customer and market requirements

Security Operations

• Coordinate penetration testing cycles and drive remediation with engineering
• Maintain a living view of organizational risk and surface it to leadership
• Develop and maintain security policies, procedures, and controls
• Respond to security incidents with speed and clarity

Customer Trust

• Respond to customer security questionnaires promptly and accurately
• Support sales in security-sensitive enterprise deals
• Maintain public-facing trust documentation

Interested in remote work opportunities in IT & Network Engineering? Discover IT & Network Engineering Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Participate in customer security calls and reviews as needed

Cross-Functional Partnership

• Partner with engineering to build security into the development process
• Provide clear security guidance and timely reviews so teams can ship with confidence
• Collaborate with product on security and accessibility features
• Work with customer success to address customer security concerns

Ideal Qualifications

We know that no candidate will perfectly match every requirement - and that’s okay. If you’re passionate about what we’re building and have most of the skills below, we’d love to hear from you.

• 7+ years of experience in security, compliance, or GRC, with demonstrated ownership of SOC 2 Type II programs
• Experience building or running compliance programs in startup or resource-constrained environments
• Strong understanding of how auditors think - ideally from auditor-side experience or running multiple audit cycles
• Technical fluency to read pen test reports, understand cloud architecture, and have informed conversations with engineers
• Knowledge of GRC tooling and vendors, with opinions on what's worth investing in at different company stages
• Excellent communication skills - able to translate security topics for executives, salespeople, and customers
• Experience with identity verification, authentication, or security-focused products is a strong plus
• Familiarity with IAL2/IAL3 or NIST 800-63 identity proofing standards is a strong plus
• CISSP, ISO 27001 Lead Auditor, or similar certifications are a plus but not required

What We Value

• Intellectual horsepower – quickly grasping complex technical and business concepts.

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Kindness and integrity – earning trust is central to how we build relationships with customers and colleagues.
• Bias for action – we move quickly to deliver impact and protect our customers against fast-moving threats.

Compensation

The base salary range for this full-time position is $120,000-$160,000, plus equity and benefits.

Nametag is a founding member of the Open Imperative, publicly committed to pay equity in the technology industry. We post positions with ranges to encourage people of different backgrounds and experiences to apply. Every offer is benchmarked against market data to ensure fairness and consistency.

Final compensation is determined by role, level, and additional factors such as skills, experience, and education. Your recruiter or hiring manager can share more details during the hiring process.

Culture and Perks

• At Nametag, we believe trust starts with how we treat each other. We’re a remote-first team that values autonomy, inclusivity, and collaboration - with regular in-person time to stay connected and innovate together.
• Remote-first: Work from anywhere in the US. Our team spans Seattle, San Francisco, Ann Arbor, Denver, New York City, and beyond.
• Quarterly off-sites: We bring the team together once per quarter for in-person collaboration - often off-site in new places.
• Flexible schedules: Work in your own time zone; we align key meetings across a shared window.

We Offer

• Competitive salary
• Meaningful equity ownership
• Comprehensive health benefits (medical, dental, vision)
• Flexible paid time off
• Quarterly team off-sites and travel support
• An inclusive environment where your voice has impact and your work drives change