Internal Auditor

📋 Description

• • Supabase is seeking a highly motivated and experienced Internal Auditor to join our dynamic Security & Compliance team. In this pivotal role, you will be instrumental in fortifying our governance, risk, and compliance (GRC) framework as we continue our rapid global expansion. You will collaborate closely with a diverse range of teams, including engineering, product, security, and various business units across Supabase, taking the lead on comprehensive audit processes. Your primary objective will be to ensure that Supabase consistently upholds the most rigorous standards of compliance and security, safeguarding our operations and customer trust.
• • This position is perfectly suited for an individual who thrives in an asynchronous, fast-paced, and highly collaborative remote environment. You will be excited by the prospect of building and refining robust compliance programs within a rapidly growing, developer-centric company that values innovation and agility. Your contributions will directly impact our ability to scale securely and maintain the trust of our extensive user base.
• • A core responsibility will be to lead the end-to-end audit readiness and execution for critical compliance frameworks such as SOC 2, ISO 27001, and PCI DSS. You will also be responsible for identifying and addressing other compliance frameworks that are pertinent to our diverse and expanding customer base, ensuring we meet all relevant regulatory and industry requirements.
• • You will be the primary manager for our compliance lifecycle within a dedicated compliance platform, such as Vanta, Drata, or similar solutions. This involves meticulous evidence collection, precise control mapping against established standards, and the implementation of continuous monitoring strategies to ensure ongoing adherence and identify potential deviations proactively.
• • Effective coordination of cross-functional audit activities will be paramount. You will work hand-in-hand with engineering, product management, security operations, infrastructure teams, and customer support to efficiently gather necessary evidence, facilitate remediation efforts, and ensure timely resolution of any identified findings.
• • A significant part of your role will involve designing and implementing internal audit programs that are inherently scalable. These programs must be capable of evolving alongside our rapid growth trajectory, proactively identifying potential gaps in our controls and processes, and driving continuous improvements to enhance our overall GRC posture.
• • You will serve as the key liaison with external auditors, facilitating smooth and efficient audit processes. Your role will be crucial in ensuring the timely completion of certifications and maintaining strong relationships with our audit partners.
• • A critical function will be the comprehensive documentation of our policies, procedures, and internal controls. This documentation must align with established industry standards and robustly support our foundational security-by-design philosophy, ensuring that security and compliance are embedded from the outset of any initiative.
• • Building and nurturing strong, collaborative relationships across the entire organization will be essential. You will partner with teams to embed a proactive compliance mindset into product development cycles and day-to-day operational workflows, fostering a culture of shared responsibility for GRC.
• • You will be responsible for tracking and reporting on key compliance metrics. This includes providing clear, concise, and regular visibility to leadership regarding audit status, identifying emerging risk areas, and monitoring the progress of remediation efforts, enabling informed decision-making.
• • Your expertise will help translate complex compliance requirements into practical, actionable, and developer-friendly processes. This approach ensures that compliance does not become a bottleneck but rather an enabler of secure and efficient innovation, maintaining engineering agility and velocity.
• • You will leverage your understanding of modern engineering practices to identify opportunities where technology and automation can be effectively employed to enhance compliance efforts without impeding development speed or creativity.
• • Clear and effective communication is vital. You will communicate complex technical and compliance concepts to both technical and non-technical audiences, adeptly discussing control frameworks with engineers and risk implications with executive leadership.
• • Experience operating within asynchronous or globally distributed teams is highly valued. You will demonstrate a high degree of self-direction, proactivity, and the ability to drive significant outcomes effectively in a remote setting.
• • You will possess the ability to navigate ambiguity with confidence and move with agility in a dynamic environment, embodying a spirit of continuous improvement and adaptation.
• • A pragmatic, risk-based approach to compliance is preferred over a purely checklist-driven methodology. You will possess the judgment to discern when to apply rigorous standards and when flexibility is appropriate, always prioritizing the most significant risks.
• • This role offers a unique opportunity to shape the future of compliance at a leading open-source company, contributing directly to our mission of building tools developers love while maintaining the highest levels of trust and security. Your work will be foundational to Supabase's continued success and growth in the global market.