Information Security Associate
Company: Middesk
Location: New York City
Posted on: April 1, 2026
|
|
|
Job Description:
About Middesk Middesk makes it easier for businesses to work
together. Since 2018, we’ve been transforming business identity
verification, replacing slow, manual processes with seamless access
to complete, up-to-date data. Our platform helps companies across
industries confidently verify business identities, onboard
customers faster, and reduce risk at every stage of the customer
lifecycle. Middesk came out of Y Combinator, is backed by Sequoia
Capital and Accel Partners, and was recently named to Forbes
Fintech 50 List. The Role: We’re looking for a Governance, Risk &
Compliance professional to own and scale Middesk’s security,
privacy, and compliance programs. This person will act as the
connective tissue between engineering, legal, security, operations,
and go-to-market teams—ensuring we meet customer, regulatory, and
internal expectations without slowing the business down. This is
not a purely technical role, but it requires technical fluency and
the ability to act as a liaison (and sometimes interpreter) between
the technical and non-technical teams. What You'll Do: Compliance &
Trust Own Middesk’s trust and compliance platform (currently
Vanta), including continuous monitoring, evidence collection, and
control maintenance. Manage and maintain compliance with frameworks
and assessments such as SOC 2, ISO 27001, and external penetration
tests. Coordinate with internal teams and external auditors to
support audits and assessments end-to-end. Risk & Vendor Oversight
Maintain a current and accurate inventory of subprocessors and
vendors, with particular focus on access to customer data and PII.
Partner with Legal, Ops, and Engineering to assess vendor risk and
ensure appropriate controls and contractual safeguards are in
place. Customer & Partner Trust Own and respond to due diligence
questionnaires (DDQs), security reviews, and trust-related
inquiries from customers and partners. Develop reusable artifacts
and processes to streamline security and compliance reviews as
Middesk scales. Governance & Policy Chair Middesk’s internal
oversight or security committee, including agenda setting,
documentation, and follow-ups. Own the lifecycle of security and
compliance policies: drafting, review, approval, rollout, and
periodic refresh. Ensure policies are aligned with actual practices
and system behavior—not just “paper compliance.” Cross-Functional
Liaison Develop and maintain a strong understanding of Middesk’s
data flows, systems, and architecture at a conceptual level. Act as
a translator between technical teams (Engineering, Security, Data)
and non-technical teams (Legal, Sales, Customer Success,
Operations). Identify gaps between how the business operates and
how it is represented in compliance artifacts, and drive
remediation. IT Management Be the internal point of contact for our
external IT vendor (or be the person that makes the case that this
needs to be brought in-house). What We're Looking For: Experience
owning or materially contributing to SOC 2 and/or ISO 27001
programs at a SaaS or data-driven company. Hands-on experience with
compliance automation tools such as Vanta, Drata, Delve, or
similar. Strong understanding of data protection concepts, vendor
risk, and security controls, even if not an engineer by background.
Ability to manage multiple stakeholders, deadlines, and ambiguous
requirements with good judgment. Clear written and verbal
communication skills, particularly with auditors, customers, and
internal leadership. Familiarity with privacy frameworks (e.g.,
GDPR, CCPA) as they intersect with security and vendor
management.
Keywords: Middesk, Hicksville , Information Security Associate, IT / Software / Systems , New York City, New York
