Hyperproof Visa Sponsorship USA
Hyperproof is a compliance operations platform in the technology and software space, known for helping organizations manage risk and regulatory frameworks. The company does sponsor H-1B visas, making it a realistic target for skilled foreign nationals pursuing roles in compliance tech.
See All Hyperproof JobsOverview
Showing 5 of 6+ Hyperproof Visa Sponsorship USA jobs
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
See all 6+ Hyperproof Visa Sponsorship USA jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Hyperproof Visa Sponsorship USA roles.
Get Access To All JobsThe Mission
As the Director of GRC, you are a revenue enabler and a cornerstone of our enterprise growth strategy. Reporting to the SVP of Operations, you will transform compliance from a reactive exercise into a Continuous Assurance engine. You will be responsible for building a gold-standard compliance program that not only meets the highest regulatory bars but also serves as a primary driver of customer trust. This role offers rare visibility across the full spectrum of enterprise security and compliance, from direct engagement with 3PAOs to front-line conversations with Fortune 500 security teams during the sales cycle. You will build and own programs from the ground up, establishing the institutional foundations that will scale with the company. For a security leader looking to move beyond maintaining inherited programs, this is a high-ownership, high-impact seat at a company where GRC is treated as a core business function. Your work will be visible to the board, referenced by customers, and directly tied to revenue outcomes.
Framework Mastery, Expansion & Product Advocacy
- Audit Ownership: Lead the end-to-end strategy and lifecycle for SOC 2 Type II and FedRAMP Moderate authorizations. You will act as the primary liaison for 3PAOs and agency sponsors, ensuring our continuous monitoring (ConMon) remains flawless.
- Strategic Roadmap: Architect the expansion of our compliance program into new frameworks as we scale, including ISO 27001, NIST AI RMF, and other emerging global standards.
- The "Showcase User": Serve as the internal owner of our own platform implementation. You will ensure we are the industry's premier "gold standard" user of our GRC tools, providing a referenceable model for our customers and partnering with Product to drive innovation.
- Security Awareness & Training: Own and mature the company-wide security awareness and role-based training program, satisfying NIST 800-53 AT control family requirements and FedRAMP ConMon obligations. Ensure training content is current, measurable, and tied directly to threat trends and audit findings.
External Trust & Third-Party Governance
- Sales Enablement & Trust Center: Act as the technical authority representing our security posture to prospective and current enterprise customers. You will establish and manage a scalable process for responding to security questionnaires and proactively managing our Trust Center to accelerate sales cycles.
- Vendor Risk Management: Direct the assessment of all current and prospective third-party providers. You will ensure our vendor ecosystem adheres to our strict security and compliance standards, managing risk throughout the supply chain.
- Penetration Testing & External Validation: Govern the annual penetration testing program and any third-party security assessments, ensuring scope, methodology, and findings are managed to closure and available as evidence for customer due diligence and audit purposes.
- Cross-Functional Partnership: Partner deeply with DevOps, IT, and Engineering to automate evidence collection. You will move the company toward a model where compliance is a natural byproduct of our engineering excellence.
Incident Response & Operational Resilience
- IR Leadership: Serve as the designated Primary Lead for all security events and incident response activities. You will define and maintain the response playbooks used to identify, contain, and remediate security events.
- Continuous Readiness: Institutionalize and lead Annual Tabletop Exercises (minimum 1x per year) to stress-test our response processes and uncover gaps in our cross-functional communication.
- Operational Integration: Ensure that lessons learned from security events are integrated back into our governance and technical controls to prevent recurrence.
- Business Continuity & Disaster Recovery Governance: Oversee the governance of Business Continuity and Disaster Recovery plans, ensuring BCP/DRP documentation, RTOs/RPOs, and annual testing satisfy NIST 800-53 CP control family requirements and FedRAMP obligations.
Data Privacy & Risk Strategy
- Global Privacy: Oversee our GDPR and US privacy compliance efforts, ensuring "Privacy by Design" is integrated into our product development and data handling practices.
- Quantified Risk: Maintain and evolve the corporate risk register. You will provide the SVP of Operations with data-driven, quantified risk insights to guide resource allocation and strategic business decisions.
- Security Metrics & KRI Reporting: Define and maintain a security metrics program including Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs). Report to leadership a consistent, board-ready view of security posture, program maturity, and trend data over time.
Secure Software Development & Vulnerability Management
- Secure SDLC Governance & Framework Alignment: Embed security controls across the SDLC, from threat modeling and secure design through static/dynamic analysis and pre-production gates, ensuring demonstrable alignment to appropriate compliance frameworks.
- CVE Management & Vulnerability Lifecycle: Coordinate vulnerability management program end-to-end working with SVP of engineering to enable SLA-driven remediation of CVEs across product and infrastructure, using a CVSS-informed risk-based approach with executive-level reporting on residual risk posture.
- Developer Security Enablement: Collaborate with DevOps engineering to integrate security tooling into CI/CD pipelines, defining guardrails for container images, IaC, and dependency management that enforce secure defaults without impeding engineering velocity.
- Bug Intake & Coordinated Disclosure Program: Maintain and improve the formalized security bug intake program and Coordinated Vulnerability Disclosure (CVD) policy. Ensure tracking and ownership process for routing for internally discovered and externally reported vulnerabilities, tracking all findings to closure.
Requirements & Qualifications
- Certification: CISSP is strictly required.
- Experience: 8+ years in GRC or Information Security leadership within a high-growth SaaS environment.
- Framework Expertise: Direct experience achieving or maintaining a FedRAMP Moderate ATO; deep familiarity with NIST 800-53 controls is essential.
- Incident Response: Proven ability to lead through security events and design robust response frameworks.
- Technical Literacy: Ability to discuss cloud architecture (AWS/Azure), IAM roles, and containerization with senior engineering and DevOps leads.
- Communication: High-level executive presence for board and customer reporting, paired with a "roll-up-your-sleeves" attitude required in a small, agile team.
Full compensation packages are based on candidate experience and certifications.
WA pay input: $146,000 USD - $206,000 USD
CA pay input: $146,000 USD - $206,000 USD
NY pay input: $146,000 USD - $206,000 USD
USA pay input: $146,000 USD - $206,000 USD
WHERE YOU’LL GO
Hyperproof also loves to see an internal transfer. If a linear career path is not what you’re looking for, you can work with your manager and our people team to explore lateral moves to other parts of the organization as you continue to grow with us.
WHAT WE OFFER TO OUR EMPLOYEES
Please note: Benefits listed below are for employees in the United States; contractor roles or international positions may differ
- Annual compensation reviews + equity
- Unlimited PTO: strongly encouraged to unplug and recharge
- Health: coverage for medical, dental, and vision - employee and dependents
- 401K, which vests immediately, complete with a 4% company match
- 12 weeks of Parental leave and 1 year free diapers and wipes with Honest
- Annual company in-person events and quarterly in-person connects
- $500 home office stipend - at the time of hire. Any additional home office needs are requested as needed.
- $100 quarterly paid wellness stipend
- Pet insurance discount
- Slack channel notifications turn off after 5 pm based on your time zone
- Two Hypercharge weeks of rest where we close company-wide (July & Dec)
It’s an exciting time to be at Hyperproof — we recently raised $40 million in our Series B financing, further cementing Hyperproof as the emerging leader in the risk and compliance management space. At Hyperproof’s core are our passionate team members who focus on user experience, beautiful design, and evangelize a positive social impact of our cloud-based platform. We help organizations streamline their risk and compliance workflows so our customers can spend more time strategically managing programs and less time wrangling spreadsheets. We are disrupting the governance, risk, and compliance software space with our innovative platform by helping traditionally unsung heroes (compliance professionals) do the right things so the wrong things don’t happen. Learn more about the @hyperproof culture and how it all started.
A NOTE ABOUT OUR INTERVIEW PROCESS
We’re committed to creating a fair, respectful, and secure hiring experience for everyone. As part of that commitment, we use standard verification steps throughout our interview process. Here’s what that means for you:
- We may conduct routine verification checks during the hiring process.
- You might be asked additional questions to better understand your experience and background.
- For video interviews, we ask that candidates be on camera without filters or visual modifications. These steps are applied consistently for all candidates and are designed to ensure an equitable experience for everyone.
EQUAL OPPORTUNITY EMPLOYER
Hyperproof is committed to a diverse and inclusive workplace — it’s one of our core values! Hyperproof is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. Our company is dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role, but your experience doesn't perfectly fit every qualification, we encourage you to apply anyway. You may be just the right person for this role or others.
To ensure a smooth interview process, all candidates will be required to provide a valid phone number that is not a VOIP (Voice Over Internet Protocol) number. This helps us maintain clear and reliable communication throughout your interview experience.
The Mission
As the Director of GRC, you are a revenue enabler and a cornerstone of our enterprise growth strategy. Reporting to the SVP of Operations, you will transform compliance from a reactive exercise into a Continuous Assurance engine. You will be responsible for building a gold-standard compliance program that not only meets the highest regulatory bars but also serves as a primary driver of customer trust. This role offers rare visibility across the full spectrum of enterprise security and compliance, from direct engagement with 3PAOs to front-line conversations with Fortune 500 security teams during the sales cycle. You will build and own programs from the ground up, establishing the institutional foundations that will scale with the company. For a security leader looking to move beyond maintaining inherited programs, this is a high-ownership, high-impact seat at a company where GRC is treated as a core business function. Your work will be visible to the board, referenced by customers, and directly tied to revenue outcomes.
Framework Mastery, Expansion & Product Advocacy
- Audit Ownership: Lead the end-to-end strategy and lifecycle for SOC 2 Type II and FedRAMP Moderate authorizations. You will act as the primary liaison for 3PAOs and agency sponsors, ensuring our continuous monitoring (ConMon) remains flawless.
- Strategic Roadmap: Architect the expansion of our compliance program into new frameworks as we scale, including ISO 27001, NIST AI RMF, and other emerging global standards.
- The "Showcase User": Serve as the internal owner of our own platform implementation. You will ensure we are the industry's premier "gold standard" user of our GRC tools, providing a referenceable model for our customers and partnering with Product to drive innovation.
- Security Awareness & Training: Own and mature the company-wide security awareness and role-based training program, satisfying NIST 800-53 AT control family requirements and FedRAMP ConMon obligations. Ensure training content is current, measurable, and tied directly to threat trends and audit findings.
External Trust & Third-Party Governance
- Sales Enablement & Trust Center: Act as the technical authority representing our security posture to prospective and current enterprise customers. You will establish and manage a scalable process for responding to security questionnaires and proactively managing our Trust Center to accelerate sales cycles.
- Vendor Risk Management: Direct the assessment of all current and prospective third-party providers. You will ensure our vendor ecosystem adheres to our strict security and compliance standards, managing risk throughout the supply chain.
- Penetration Testing & External Validation: Govern the annual penetration testing program and any third-party security assessments, ensuring scope, methodology, and findings are managed to closure and available as evidence for customer due diligence and audit purposes.
- Cross-Functional Partnership: Partner deeply with DevOps, IT, and Engineering to automate evidence collection. You will move the company toward a model where compliance is a natural byproduct of our engineering excellence.
Incident Response & Operational Resilience
- IR Leadership: Serve as the designated Primary Lead for all security events and incident response activities. You will define and maintain the response playbooks used to identify, contain, and remediate security events.
- Continuous Readiness: Institutionalize and lead Annual Tabletop Exercises (minimum 1x per year) to stress-test our response processes and uncover gaps in our cross-functional communication.
- Operational Integration: Ensure that lessons learned from security events are integrated back into our governance and technical controls to prevent recurrence.
- Business Continuity & Disaster Recovery Governance: Oversee the governance of Business Continuity and Disaster Recovery plans, ensuring BCP/DRP documentation, RTOs/RPOs, and annual testing satisfy NIST 800-53 CP control family requirements and FedRAMP obligations.
Data Privacy & Risk Strategy
- Global Privacy: Oversee our GDPR and US privacy compliance efforts, ensuring "Privacy by Design" is integrated into our product development and data handling practices.
- Quantified Risk: Maintain and evolve the corporate risk register. You will provide the SVP of Operations with data-driven, quantified risk insights to guide resource allocation and strategic business decisions.
- Security Metrics & KRI Reporting: Define and maintain a security metrics program including Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs). Report to leadership a consistent, board-ready view of security posture, program maturity, and trend data over time.
Secure Software Development & Vulnerability Management
- Secure SDLC Governance & Framework Alignment: Embed security controls across the SDLC, from threat modeling and secure design through static/dynamic analysis and pre-production gates, ensuring demonstrable alignment to appropriate compliance frameworks.
- CVE Management & Vulnerability Lifecycle: Coordinate vulnerability management program end-to-end working with SVP of engineering to enable SLA-driven remediation of CVEs across product and infrastructure, using a CVSS-informed risk-based approach with executive-level reporting on residual risk posture.
- Developer Security Enablement: Collaborate with DevOps engineering to integrate security tooling into CI/CD pipelines, defining guardrails for container images, IaC, and dependency management that enforce secure defaults without impeding engineering velocity.
- Bug Intake & Coordinated Disclosure Program: Maintain and improve the formalized security bug intake program and Coordinated Vulnerability Disclosure (CVD) policy. Ensure tracking and ownership process for routing for internally discovered and externally reported vulnerabilities, tracking all findings to closure.
Requirements & Qualifications
- Certification: CISSP is strictly required.
- Experience: 8+ years in GRC or Information Security leadership within a high-growth SaaS environment.
- Framework Expertise: Direct experience achieving or maintaining a FedRAMP Moderate ATO; deep familiarity with NIST 800-53 controls is essential.
- Incident Response: Proven ability to lead through security events and design robust response frameworks.
- Technical Literacy: Ability to discuss cloud architecture (AWS/Azure), IAM roles, and containerization with senior engineering and DevOps leads.
- Communication: High-level executive presence for board and customer reporting, paired with a "roll-up-your-sleeves" attitude required in a small, agile team.
Full compensation packages are based on candidate experience and certifications.
WA pay input: $146,000 USD - $206,000 USD
CA pay input: $146,000 USD - $206,000 USD
NY pay input: $146,000 USD - $206,000 USD
USA pay input: $146,000 USD - $206,000 USD
WHERE YOU’LL GO
Hyperproof also loves to see an internal transfer. If a linear career path is not what you’re looking for, you can work with your manager and our people team to explore lateral moves to other parts of the organization as you continue to grow with us.
WHAT WE OFFER TO OUR EMPLOYEES
Please note: Benefits listed below are for employees in the United States; contractor roles or international positions may differ
- Annual compensation reviews + equity
- Unlimited PTO: strongly encouraged to unplug and recharge
- Health: coverage for medical, dental, and vision - employee and dependents
- 401K, which vests immediately, complete with a 4% company match
- 12 weeks of Parental leave and 1 year free diapers and wipes with Honest
- Annual company in-person events and quarterly in-person connects
- $500 home office stipend - at the time of hire. Any additional home office needs are requested as needed.
- $100 quarterly paid wellness stipend
- Pet insurance discount
- Slack channel notifications turn off after 5 pm based on your time zone
- Two Hypercharge weeks of rest where we close company-wide (July & Dec)
It’s an exciting time to be at Hyperproof — we recently raised $40 million in our Series B financing, further cementing Hyperproof as the emerging leader in the risk and compliance management space. At Hyperproof’s core are our passionate team members who focus on user experience, beautiful design, and evangelize a positive social impact of our cloud-based platform. We help organizations streamline their risk and compliance workflows so our customers can spend more time strategically managing programs and less time wrangling spreadsheets. We are disrupting the governance, risk, and compliance software space with our innovative platform by helping traditionally unsung heroes (compliance professionals) do the right things so the wrong things don’t happen. Learn more about the @hyperproof culture and how it all started.
A NOTE ABOUT OUR INTERVIEW PROCESS
We’re committed to creating a fair, respectful, and secure hiring experience for everyone. As part of that commitment, we use standard verification steps throughout our interview process. Here’s what that means for you:
- We may conduct routine verification checks during the hiring process.
- You might be asked additional questions to better understand your experience and background.
- For video interviews, we ask that candidates be on camera without filters or visual modifications. These steps are applied consistently for all candidates and are designed to ensure an equitable experience for everyone.
EQUAL OPPORTUNITY EMPLOYER
Hyperproof is committed to a diverse and inclusive workplace — it’s one of our core values! Hyperproof is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. Our company is dedicated to building a diverse, inclusive, and authentic workplace. If you're excited about this role, but your experience doesn't perfectly fit every qualification, we encourage you to apply anyway. You may be just the right person for this role or others.
To ensure a smooth interview process, all candidates will be required to provide a valid phone number that is not a VOIP (Voice Over Internet Protocol) number. This helps us maintain clear and reliable communication throughout your interview experience.
Job Roles at Hyperproof Companies
How to Get Visa Sponsorship in Hyperproof Visa Sponsorship USA
Target roles aligned with compliance and security engineering
Hyperproof's core product focuses on compliance automation, so engineering and security roles are where sponsorship is most likely to occur. Prioritize applying to technical positions that directly support the platform's risk and audit capabilities.
Research Hyperproof's product before your interview
Hyperproof builds compliance workflow software used by enterprises managing SOC 2, ISO 27001, and similar frameworks. Demonstrating familiarity with these standards signals genuine interest and shows you can contribute from day one in a technical or product role.
Reach out to Hyperproof's talent team directly
Given the company's size and sponsorship activity in technology and software, a direct conversation with their recruiter about visa support early in the process saves time. Ask specifically whether the role you're targeting is open to H-1B sponsorship.
Filter for verified sponsors before applying
Not every job listing from a tech company confirms sponsorship willingness. Migrate Mate surfaces verified sponsors so you can filter by real sponsorship history and find Hyperproof openings alongside other companies with a confirmed H-1B track record.
Time your application around H-1B cap season
If you need a new H-1B cap filing, applications must be submitted in March for an October start. Engage with Hyperproof's recruiting team well before the lottery window so both sides can align on your start date and sponsorship requirements.
Hyperproof jobs are hiring across the US. Find yours.
Find Hyperproof JobsSee all 6+ Hyperproof jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Hyperproof roles.
Get Access To All JobsFrequently Asked Questions
Does Hyperproof sponsor H-1B visas?
Yes, Hyperproof does sponsor H-1B visas. The company operates in the technology and software sector, where H-1B sponsorship is common for specialized technical roles. If you're targeting Hyperproof, confirm sponsorship availability for the specific role you're applying to by asking the recruiter directly early in the process.
What types of roles at Hyperproof are most likely to receive visa sponsorship?
Sponsorship at Hyperproof is most commonly associated with technical roles in software engineering, security, and product development, the functions central to building and maintaining a compliance automation platform. Roles requiring specialized skills in areas like cloud infrastructure, application security, or software architecture are strong candidates for H-1B sponsorship.
How do I find open visa-sponsored jobs at Hyperproof?
The most reliable way is to browse Migrate Mate, which aggregates roles from companies with verified sponsorship histories, including Hyperproof. This lets you filter specifically for H-1B-sponsoring employers in the technology sector without wading through listings from companies that don't sponsor. Checking Hyperproof's own careers page alongside Migrate Mate gives you the most complete picture.
What is the typical application timeline for a sponsored role at Hyperproof?
The timeline depends on your current visa status. If you need a new H-1B cap filing, the process runs on an annual cycle with registrations in March and work authorization starting October 1. If you're transferring an existing H-1B, Hyperproof can file a petition year-round and you can often start work once it's received by USCIS. Build in at least two to three months for the process.
Is Hyperproof a strong employer for international candidates seeking sponsorship?
Hyperproof has a documented history of H-1B sponsorship, which makes it a credible target for international candidates in technical roles. As a compliance technology company, it operates in a domain where specialized expertise is valued and sponsorship is part of the hiring calculus. That said, sponsorship is not guaranteed for every role, so clarifying this directly with the recruiter is essential.
See which Hyperproof employers are hiring and sponsoring visas right now.
Search Hyperproof Jobs