About Oneleet

Oneleet is one of the fastest-growing security and compliance platforms in history. We are on a mission to change the compliance and security industry by making cybersecurity and compliance effective, easy, and painless. We provide a platform that helps companies build, manage, and monitor their cybersecurity programs and achieve compliance standards such as SOC 2 and ISO 27001 efficiently, without cutting corners.

Having just raised a $33 million Series A, we are rapidly growing in customers and employees. Our team has decades of experience in security and compliance. Join our team of opinionated rebels and help us build a category-defining company reshaping the broken and fragmented compliance and cybersecurity industry.

Who we’re looking for:

We value passionate self-starters with a growth mindset and a bias for action and personal accountability. If you love solving hard problems, thrive in ambiguity, and want to make a real impact, you’ll fit right in.

We’re especially drawn to:

• Rebels with a cause — frustrated with the status quo and eager to disrupt it.

• Opinionated (but not obstinate) builders — decisive yet collaborative, who help us move fast.

• Clear communicators — who own their ideas and follow through.

Our mission is simple: make effective cybersecurity painless. We believe cybersecurity should empower, not burden. This belief unites our team and drives every decision we make.

If you’re ready to challenge the status quo and help shape the future of cybersecurity, we’d love to meet you.

The Role:

The Internal Security Compliance Auditor plays a critical role in ensuring the quality and completeness of client evidence before they undergo formal external compliance audits. Working behind the scenes as part of our internal quality assurance team, you'll partner with our Security Program Managers to review controls documentation, validate evidence quality, and perform final pre-audit quality assurance checks across multiple compliance frameworks including SOC2, ISO27001, PCI, HIPAA, and GDPR.

Your expertise will strengthen our clients' compliance posture and prepare them thoroughly for their audit processes, while maintaining the high standards that differentiate Oneleet in the marketplace. This position requires deep technical knowledge of compliance frameworks combined with meticulous attention to detail.

Key Responsibilities:

• Perform thorough internal reviews of client-uploaded evidence for compliance frameworks including SOC2, ISO27001, PCI, HIPAA, and GDPR

• Conduct detailed quality assurance checks on individual controls to verify completeness, accuracy, and sufficiency prior to their audits with third-party auditing firms.

• Execute comprehensive final QA reviews prior to clients engaging with an external auditor.

• Identify gaps or weaknesses in evidence documentation and recommend improvements

• Develop and maintain internal QA standards and review methodologies

• Create guidance documents to help clients improve evidence quality

• Collaborate with Security Program Engineers to address compliance gaps

• Stay current on evolving compliance requirements across multiple frameworks to ensure our pre-audit preparation meets industry standards

• Track audit readiness metrics and identify opportunities for process improvement

• Provide expert feedback to our product team for compliance platform enhancements to better support pre-audit readiness

Requirements:

• Deep understanding of SOC2, ISO27001, PCI, HIPAA, and GDPR requirements

• Strong technical knowledge of security controls and their implementation

• Experience reviewing and evaluating evidence for compliance audits, particularly in preparing organizations for external audit processes

• Excellent attention to detail and quality control mindset

• Strong written communication skills for documenting findings

• Ability to work independently while supporting multiple client engagements

• Familiarity with compliance automation platforms and tools

• Experience in pre-audit preparation and internal quality assurance, preferably with multiple frameworks

• Certification in relevant frameworks (e.g., CISA, ISO 27001 Lead Auditor) preferred

Why Oneleet?

At Oneleet, you’ll join a tight-knit team of rebels redefining the cybersecurity industry. We move fast, own our work, and challenge outdated models to make security effortless and effective for companies.

Here’s what makes us special:

• We value impact over titles, autonomy over micromanagement, and clarity over jargon.

• You’ll tackle meaningful, hard problems with real-world consequences.

• You’ll work with smart, kind, and ambitious teammates who lift each other up.

Perks & Benefits

• Comprehensive health & wellness benefits

• 20 days PTO per year, plus 8 floating holiday

• Remote work culture

• Team off-sites in stunning places (Amsterdam, Italy, etc).

• Competitive compensation & equity

We hire globally and compensate competitively within each market using geographic pay bands. The range for this role reflects a US national baseline. Offers for candidates in higher cost-of-labor markets (e.g., San Francisco, New York, Zurich) may fall at or above the top of the posted range, while offers in other markets are benchmarked to local standards and are lower. Within any range, individual compensation is determined by work location, skills and experience demonstrated through the interview process, and relevant education or training. This posting reflects base salary only and does not include equity or benefits.

Remote-First & Global Hiring

We’re a remote-first company and hire globally in regions where we can legally engage talent directly or via our employer-of-record (EOR) partner. If you’re based outside the U.S., we’ll explore the most compliant hiring arrangement for your location. We make hiring decisions based on merit, skills, and potential regardless of location.

U.S. Hiring & E-Verify

For U.S.-based candidates, Oneleet participates in E-Verify to confirm employment eligibility, in accordance with federal regulations. We are an equal opportunity employer. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other characteristic protected by applicable law.