Home › Companies › UniUni › Senior Security Compliance Engineer
Senior Security Compliance Engineer
UniUni · Canada · Remote · Active · Rippling ATS
Job facts
| Field | Value |
|---|---|
| Company | UniUni |
| Title | Senior Security Compliance Engineer |
| Normalized title | - |
| Department / team | Technology, Product & Design |
| Location | Canada |
| Work model | Remote / Remote |
| Employment type | Full Time |
| Salary | - |
| Status | active |
| ATS provider | Rippling ATS |
| Posted / first seen | 2026-04-28 / 2026-05-29 |
| Changed / last seen | 2026-06-06 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from UniUni. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Rippling ATS. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| Department jobs | Active postings in Technology, Product & Design. | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | UniUni |
| Source | cda69ecc-4622-4b2d-afc8-27a9620c31e8 |
| ATS provider | Rippling ATS |
Description
company
About UniUni
UniUni is a late-stage last-mile logistics company moving millions of parcels across the United States and Canada for some of the largest e-commerce platforms in North America. Our technology is cloud-native on AWS. We hold an active ISO 27001 certification and SOC 2 Type II attestation, and security and compliance are central to how we operate and how our customers trust us. This role reports to the Information Security Officer and is based in North America (remote with periodic travel to UniUni hubs).
role
About the role
We are hiring a Senior Security Compliance Engineer to be the operational backbone of UniUni's governance, risk, and compliance function. You will run the day-to-day machinery that keeps our ISO 27001 certification and SOC 2 Type II attestation healthy, our policies current, our customers confident, and our regulatory obligations met. This is a hands-on senior IC role. The Information Security Officer designs the program; you make it work. You will run audit cycles, manage evidence, drive policy lifecycles, lead customer security reviews, operate the third-party risk program, and support privacy and regulatory work. We are looking for someone who automates what should be automated, writes clearly, and treats compliance as a real engineering problem. What you'll do
Core GRC
Run the ISO 27001 program operations, including surveillance audit prep, internal audits, the annual risk assessment, management reviews, and corrective action tracking. Run the SOC 2 Type II program operations, including continuous control monitoring, evidence collection, auditor coordination, and remediation tracking. Operate the information security policy lifecycle: drafting, stakeholder review, approval workflows, annual reviews, version control, and employee attestations. Maintain the risk register, drive risk treatment plans through to closure, and prepare risk reporting for the ISO and the executive team. Build and maintain compliance automation, including evidence collection workflows, control testing, and dashboarding. Treat the GRC platform as a system you actively engineer, not a passive system of record. Plan and run security awareness training and phishing simulation cycles, and report on outcomes. Privacy and Regulatory
Operate UniUni's privacy program in partnership with legal, including data inventories, data flow mapping, retention schedules, and privacy impact assessments. Execute on regulatory obligations relevant to our business, including the DOJ Data Security Program, Canadian PIPEDA, and applicable US state privacy laws. Coordinate the response to data subject access requests (DSARs) and privacy inquiries within statutory timelines. Track regulatory developments across the jurisdictions in which UniUni operates and translate them into concrete control changes, evidence requirements, and policy updates. Support data residency and data minimization commitments, working with engineering and the data security team to verify they hold in practice. Customer Reviews and Third-Party Risk
Lead the response to customer security questionnaires, RFP security sections, and prospect security reviews, in partnership with sales, legal, and the ISO. Review and negotiate the security and privacy clauses in customer and vendor contracts, escalating material issues to the ISO and legal. Run UniUni's third-party risk management program: vendor inventory, tiering by risk, due diligence, security review of new vendors, periodic reassessment of existing vendors, and remediation tracking. Operate the trust center and the security artifact library (SOC 2 reports, ISO certificates, pen test summaries, security overviews) and keep customer-facing materials current and accurate. Across All of It
Be a credible representative of UniUni's security posture in front of customers, auditors, and regulators. Write clearly and precisely. The work product of this role lands in front of customers, auditors, regulators, and executives, and it has to hold up. Partner with engineering, IT, legal, HR, and finance to make compliance a normal part of how the business runs, not an interrupt. Qualifications
5 to 8 years in security GRC, audit, or a closely related discipline, with hands-on ownership of ISO 27001 and SOC 2 program operations in a cloud-native organization. Direct experience driving SOC 2 Type II audit cycles end to end, including auditor coordination, evidence collection, and remediation. Working knowledge of common control frameworks beyond ISO and SOC (NIST CSF, NIST 800-53, CIS) and the ability to map between them. Experience operating a GRC platform (e.g., Vanta, Drata, Secureframe, Hyperproof, ServiceNow GRC, OneTrust) as a power user, including building automated evidence pipelines and control tests. Experience leading customer security questionnaires and security reviews for enterprise customers, including reviewing security and privacy clauses in contracts . Familiarity with privacy regulation in North America, including PIPEDA and US state privacy laws, and a working understanding of cross-border data transfer requirements. Experience operating a third-party risk management program at meaningful vendor volume. Strong written communication. You can produce auditor-ready documentation, customer-ready security narratives, and executive-ready risk summaries, and you know which is which. A pragmatic, automation-first mindset. You are bothered by manual evidence collection and you do something about it Nice to Have
Experience in logistics, supply chain, marketplaces, or other high-volume operational businesses. Familiarity with the DOJ Data Security Program and bulk data transfer rules. Light scripting ability (Python, SQL) for automating evidence collection or building control queries against AWS, identity providers, and SaaS platforms. Relevant certifications such as ISO 27001 Lead Auditor or Lead Implementer, CISA, CISM, CIPP, or CRISC. Prior experience supporting a company through a customer-driven security maturation, an investor due diligence cycle, or IPO readiness.
Why This Role
This is a senior IC role with end-to-end ownership and visible impact. You will work directly with the Information Security Officer in a security function with executive commitment, a live ISO 27001 certification, and an active SOC 2 Type II attestation. You will be in the room for customer security conversations, in the loop on regulatory questions, and in the driver's seat on the audit cycles that protect both.
Full job record
| Job ID | a83bbdd562ec963fc528b89ce53d4e1e012e2e5f |
| Org ID | 262cb4c0-ea94-4203-8e83-dfbc641e7046 |
| Source ID | cda69ecc-4622-4b2d-afc8-27a9620c31e8 |
| Board ID | cda69ecc-4622-4b2d-afc8-27a9620c31e8 |
| Provider | rippling |
| Provider Job Key | 606b567b-b63e-4879-a622-f1c2dc888d7b |
| Title | Senior Security Compliance Engineer |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | Canada |
| Department | Technology, Product & Design |
| Team | — |
| Employment Type | full_time |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | Canada |
| Region | — |
| City | — |
| Salary Raw | — |
| Salary Min | — |
| Salary Max | — |
| Salary Currency | — |
| Salary Period | — |
| Source URL | https://ats.rippling.com/uniuni/jobs/606b567b-b63e-4879-a622-f1c2dc888d7b |
| Apply URL | https://ats.rippling.com/uniuni/jobs/606b567b-b63e-4879-a622-f1c2dc888d7b |
| First Seen At | 2026-05-29 07:15:35Z |
| Last Seen At | 2026-06-06 08:45:55Z |
| Last Checked At | 2026-06-06 08:45:55Z |
| Last Changed At | 2026-06-06 08:45:55Z |
| Inactive At | — |
| Source Posted At | 2026-04-28 21:05:15Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=rippling/board=uniuni/date=2026-06-06/2026-06-06T08-45-51-996Z-ee38071e54f2b93a80e5cfe1504b68bd9167dc2cc21984a1f536cbe114acb31c.json |
Event Fields
{
"content_hash": "453f35225cb6151030674d018ad7dcb43117e9113d0c168afba10357c3934c34",
"source_hash": "fb8884c162d92d5817af0eabb02b744d5c31f3720aaae5261a3cb7c73916f245",
"last_changed_at": "2026-06-06T08:45:55.939Z",
"active_status": "active"
}Parsed Structured
{
"language": "en-us",
"location": {
"raw": "Canada",
"city": null,
"region": null,
"country": "Canada",
"is_remote": true,
"confidence": 0.98,
"workplace_type": "remote"
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-06T08:45:55.933Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en-us",
"location": {
"raw": "Canada",
"city": null,
"region": null,
"country": "Canada",
"is_remote": true,
"confidence": 0.98,
"workplace_type": "remote"
},
"countries": [
"Canada"
]
},
"remote_policy": "remote",
"salary_period": null,
"workplace_type": "remote",
"salary_currency": null
}Extensions
{}Native Structured
{
"list_job": {
"id": "606b567b-b63e-4879-a622-f1c2dc888d7b",
"url": "https://ats.rippling.com/uniuni/jobs/606b567b-b63e-4879-a622-f1c2dc888d7b",
"name": "Senior Security Compliance Engineer ",
"language": "en-US",
"locations": [
{
"city": null,
"name": "Canada",
"state": null,
"country": "Canada",
"stateCode": null,
"countryCode": "CA",
"workplaceType": "REMOTE"
}
],
"department": {
"name": "Technology, Product & Design"
}
},
"detail_job": {
"url": "https://ats.rippling.com/uniuni/jobs/606b567b-b63e-4879-a622-f1c2dc888d7b",
"name": "Senior Security Compliance Engineer ",
"uuid": "606b567b-b63e-4879-a622-f1c2dc888d7b",
"board": {
"logo": {
"url": "https://secured-assets.ripplingcdn.com/us1/ats/6834eb36f7f3cb49175b15d9/ats_public/6285ee53727b4dd08423dfef9761947b-sensitive.jpg?Expires=1780821955&Signature=hyrBYPWzN~xUGkZRaxxbCyOPrGAWdfAFRKWMmUMmdP353jsPXtAzLyg2-esjp3jFMd~HGmz9khtdTUD9t5yaZwdE2w284VAeyoIIG2cC10fkvVOdzH5L3raYkUSBBQskzlOOedrHCfS68~~Rq7j4BdG13m7QJHj-wr70RtbGerWpt6xyJbBBJ~fswy9xNZgd-mm8bHqAoJ2oM5yIhnJ5EmXyS9mK1OcAVMZKcgKVI95dpEQ47URwmiwStQoVTptLmDLCk5ns8JdsSp5skG7MZWx3oDnkOckAszN1~MbiC6-VtXrfX294ev-B-qFMdEThLAx4RZiJhuBJG42erjaRNA__&Key-Pair-Id=K2SM3GXN9F9XGM",
"name": "unilogo.jpg",
"type": "image/jpeg"
},
"slug": "uniuni",
"title": "UniUni Job Openings",
"banner": {
"url": null,
"name": "",
"type": ""
},
"boardURL": "https://ats.rippling.com/uniuni/jobs",
"fontType": null,
"subtitle": null,
"boardType": "RIPPLING",
"linkColor": "#101820",
"buttonColor": "#ff8f1c",
"legalNotice": "<meta name=\"rteConfig\" content=\"{"version":"0.376.0","producedBy":"block","themeName":"berry"}\"><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">uniuni.com</span></p>",
"buttonTextColor": null,
"noOpeningsMessage": null,
"groupJobsByLocation": false,
"showBoardLogoOnJobPost": true,
"showCompanyInfoUnderJobPost": false
},
"createdOn": "2026-04-28T14:05:15.075000-07:00",
"department": {
"name": "Technology, Product & Design",
"base_department": "Technology, Product & Design",
"department_tree": [
"Technology, Product & Design"
]
},
"companyName": "UniUni",
"description": {
"role": "<meta><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">About the role</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:12pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"white-space:pre-wrap;\">We are hiring a Senior Security Compliance Engineer to be the operational backbone of UniUni's governance, risk, and compliance function. You will run the day-to-day machinery that keeps our ISO 27001 certification and SOC 2 Type II attestation healthy, our policies current, our customers confident, and our regulatory obligations met. </span></li><li style=\"font-size:12pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"white-space:pre-wrap;\">This is a hands-on senior IC role. The Information Security Officer designs the program; you make it work. You will run audit cycles, manage evidence, drive policy lifecycles, lead customer security reviews, operate the third-party risk program, and support privacy and regulatory work. We are looking for someone who automates what should be automated, writes clearly, and treats compliance as a real engineering problem. </span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">What you'll do</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:14pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">Core GRC</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:12pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Run the ISO 27001 program operations, including surveillance audit prep, internal audits, the annual risk assessment, management reviews, and corrective action tracking.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Run the SOC 2 Type II program operations, including continuous control monitoring, evidence collection, auditor coordination, and remediation tracking.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Operate the information security policy lifecycle: drafting, stakeholder review,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">approval</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">workflows, annual reviews, version control, and employee attestations.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Maintain the risk register, drive risk treatment plans through to closure, and prepare risk reporting for the ISO and the executive team.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Build and</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">maintain</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">compliance automation, including evidence</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">collection</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">workflows, control testing, and dashboarding. Treat the GRC platform as a system you actively engineer, not a passive system of record.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Plan and run security awareness training and phishing simulation cycles, and report on outcomes.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">Privacy and Regulatory</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Operate</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">UniUni's</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">privacy program in partnership with legal, including data inventories, data flow mapping, retention schedules, and privacy impact assessments.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Execute on regulatory obligations relevant to our business, including the DOJ Data Security Program, Canadian PIPEDA, and applicable US state privacy laws.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Coordinate the response to data subject access requests (DSARs) and privacy inquiries within statutory timelines.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Track regulatory developments across the</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">jurisdictions</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">in which</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">UniUni</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">operates and translate them into concrete control changes, evidence requirements, and policy updates.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Support data residency and data minimization commitments, working with engineering and the data security team to verify they hold in practice.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">Customer Reviews and Third-Party Risk</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Lead the response to customer security questionnaires, RFP security sections, and prospect security reviews, in partnership with sales, legal, and the ISO.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Review and negotiate the security and privacy clauses in customer and vendor contracts, escalating material issues to the ISO and legal.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Run</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">UniUni's</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">third-party risk management program: vendor inventory,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">tiering by</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">risk, due diligence, security review of new vendors, periodic reassessment of existing vendors, and remediation tracking.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Operate the trust center and the security artifact library (SOC 2 reports, ISO certificates, pen test summaries, security overviews) and keep customer-facing materials current and</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">accurate.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">Across All of It</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Be a credible representative of</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">UniUni's</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">security posture in front of customers, auditors, and regulators.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Write clearly and precisely.</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">The work product of this role lands in front of customers, auditors, regulators, and executives, and it has to hold up.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Partner with engineering, IT, legal, HR, and finance to make compliance a normal part of how the business runs, not</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">an interrupt.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">Qualifications</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:12pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">5 to 8 years in security GRC, audit, or a closely related discipline, with hands-on ownership of ISO 27001 and SOC 2 program operations in a cloud-native organization.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Direct experience driving SOC 2 Type II audit cycles end to end, including auditor coordination, evidence collection, and remediation.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Working knowledge of common control frameworks beyond ISO and SOC (NIST CSF, NIST 800-53, CIS) and the ability to map between them.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Experience</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">operating</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">a GRC platform (e.g., Vanta,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">Drata,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">Secureframe,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">Hyperproof, ServiceNow GRC,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">OneTrust) as a power user, including building automated evidence pipelines and control tests.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Experience leading customer security questionnaires and security reviews for enterprise customers, including reviewing security and privacy clauses in contracts</span><span style=\"color:rgb(0,0,0);background-color:rgb(198,198,198);font-size:11pt;white-space:pre-wrap;\">.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Familiarity with privacy regulation in North America, including PIPEDA and US state privacy laws, and a working understanding of cross-border data transfer requirements.</span></li><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Experience</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">operating</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">a third-party risk management program at meaningful vendor volume.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Strong written communication. You can produce auditor-ready documentation, customer-ready security narratives, and executive-ready risk summaries, and you know which is which.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">A pragmatic, automation-first mindset. You are bothered by manual evidence</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">collection</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">and you do something about it</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:16pt;white-space:pre-wrap;\">Nice to Have</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Experience in</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">logistics, supply</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">chain, marketplaces, or other high-volume operational businesses.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Familiarity with the DOJ Data Security Program and bulk data transfer rules.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Light scripting ability (Python, SQL) for automating evidence collection or building control queries against AWS, identity providers, and SaaS platforms.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Relevant certifications such as ISO 27001 Lead Auditor or Lead Implementer, CISA, CISM, CIPP, or CRISC.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Prior experience supporting a company through a customer-driven security maturation, an investor due diligence cycle, or IPO readiness.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:14pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">Why This Role</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><span style=\"font-size:12pt;white-space:pre-wrap;\">This is a senior IC role with end-to-end ownership and visible impact. You will work directly with the Information Security Officer in a security function with executive commitment, a live ISO 27001 certification, and an active SOC 2 Type II attestation. You will be in the room for customer security conversations, in the loop on regulatory questions, and in the driver's seat on the audit cycles that protect both.</span></p>",
"company": "<meta><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">About UniUni</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><span style=\"font-size:12pt;white-space:pre-wrap;\">UniUni</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">is a late-stage last-mile</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">logistics</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">company moving millions of parcels across the United States and Canada for some of the largest e-commerce platforms in North America. Our technology is cloud-native on AWS. We hold an active ISO 27001 certification and SOC 2 Type II attestation, and security and compliance are central to how we</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">operate</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">and how our customers trust us. This role reports to the Information Security Officer and is based in North America (remote with periodic travel to</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">UniUni</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">hubs).</span></p>"
},
"workLocations": [
"Remote (United States)",
"Canada"
],
"employmentType": {
"id": "Salaried, full-time",
"label": "SALARIED_FT"
},
"payRangeDetails": [],
"activeJobApplication": {
"basicQuestions": [
{
"oid": "first_name",
"title": "First name",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "last_name",
"title": "Last name",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "email",
"title": "Email",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "pronouns",
"title": "Pronouns",
"required": false,
"fieldType": "PRONOUN"
},
{
"oid": "current_company",
"title": "Current company",
"required": false,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "phone_number",
"title": "Phone number",
"required": true,
"fieldType": "PHONE_NUMBER"
},
{
"oid": "location",
"title": "Location (city only)",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "resume",
"title": "Resume",
"required": true,
"fieldType": "FILE"
},
{
"oid": "cover_letter",
"title": "Cover letter",
"required": false,
"fieldType": "FILE"
}
],
"customQuestions": {
"fields": [
{
"oid": "first_name",
"title": "First name",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "last_name",
"title": "Last name",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "email",
"title": "Email",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "pronouns",
"title": "Pronouns",
"required": false,
"fieldData": {},
"fieldType": "PRONOUN"
},
{
"oid": "current_company",
"title": "Current company",
"required": false,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "phone_number",
"title": "Phone number",
"required": true,
"fieldData": {},
"fieldType": "PHONE_NUMBER"
},
{
"oid": "location",
"title": "Location (city only)",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "resume",
"title": "Resume",
"required": true,
"fieldData": {},
"fieldType": "FILE"
},
{
"oid": "cover_letter",
"title": "Cover letter",
"required": false,
"fieldData": {},
"fieldType": "FILE"
}
]
},
"additionalQuestions": null
},
"hasAIEvaluationsEnabled": true,
"eeocQuestionnaireEnabled": true,
"applicationConfirmationTemplate": "68ae07f79d9850d51974d25d",
"eeocQuestionnaireEnabledForJobPost": true
},
"detail_meta": {
"url": "https://ats.rippling.com/api/v2/board/uniuni/jobs/606b567b-b63e-4879-a622-f1c2dc888d7b",
"http_status": 200,
"content_type": "application/json",
"response_bytes": 30520
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/a83bbdd562ec963fc528b89ce53d4e1e012e2e5f?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/262cb4c0-ea94-4203-8e83-dfbc641e7046JSONGET https://api.bluedoor.sh/job-postings/v1/sources/cda69ecc-4622-4b2d-afc8-27a9620c31e8JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/a83bbdd562ec963fc528b89ce53d4e1e012e2e5f/eventsJSON