open position

Security and Compliance Lead

About us

Weave Grid builds software to make it cheaper and safer for utilities to serve electric vehicles, add renewable energy resources, and save customers money. Our mission is to drive rapid decarbonization in the global transport and power sectors by intelligently connecting electric vehicles to the grid.

We are currently in market with early utility clients, and we must rapidly build and deliver product improvements to serve existing customers and win new deals from our deep pipeline. As a rapidly growing company, we are building a thoughtful, capable team that can adapt with our rapidly evolving circumstances.

Industry context

We are living through historic changes in the ways people use transportation — a sector that is now one of the largest and fastest-growing sources of greenhouse gas emissions.

Electric vehicle (EV) sales are growing at over 60% a year, with vehicle manufacturers spending billions to get ready for an electric future. Boston Consulting Group estimates EVs will account for over half of all vehicle sales by 2030. Electric utilities see massive opportunities in this transformation, as the rise of EVs could drive more growth in energy demand over the next 10 years than any decade since the 1950s.  

‍Larger EV fleets can also help support renewable energy sources on the grid. But to accommodate growth in EVs, utilities will need to make substantial investments in infrastructure and technology. Weave Grid's software helps meet the challenge of our transition to electrified transport.

Culture and mission

Beyond your core skills and track record, you are someone who will expand the culture and cumulative wisdom of the team as a whole. This can take many forms - relevant past projects, hard-won perspective from personal history, an unusual or adjacent skillset, a motivating passion, and so on. We are whole individuals, not just functional role-fillers, and we value everything that you can bring to the team.

Finally, you should be strongly motivated by Weave Grid’s mission. Energy and transportation expertise are not necessary, but it is important that you are passionate about tackling the climate crisis head on, by improving societal and environmental health.

Compensation and location

We are looking to fill this position as soon as possible. Compensation will include competitive salary, equity, and benefits. Weave Grid is based in San Francisco but is open to considering remote candidates in the US for some roles.

About the role

A successful Security and Compliance Lead will be an expert in a variety of information security frameworks. This role will be directly responsible for driving compliance, including responding to information security questions that arise during the sales cycle, and then ensuring that all contractual requirements related to governance, risk and compliance (GRC) are satisfied by liaising with the Product and Engineering Teams. This role will also serve as the primary administrator of the company’s GRC tooling, including our vendor risk management and cloud security compliance solutions.

This role will also serve as the primary point of contact for external security audits, whether initiated by the company or at the request of partners or customers, as well as any third-party pen testing or vulnerability scanning activities.

Core Responsibilities
  • Operate our Governance, Risk-Management and Compliance (GRC) program, including administering our GRC tooling
  • Own achieving compliance with upcoming information security and privacy requirements - those mandated by law, our client contracts, and industry leading goals
  • Work with People Operations, Product, Engineering, and vendors to ensure adherence to existing commitments
  • Leverage your own understanding of the space and work with the go-to-market and Product teams to understand the next internal objective, and formulate a plan to implement successfully
  • Manage audits and certification programs (including SOC 2)
  • Manage penetration and vulnerability testing engagements
  • Work with go-to-market team to answer security questionnaires and contract requirements from prospective and current clients

About you

First and foremost, you’re mission driven and fully dedicated to driving solutions for our climate crisis. You’re excited about supporting a world with 100% clean transportation, while maintaining high grid reliability. While you may not have experience working directly with utilities, you understand that they require rigorous information security infrastructure and practices that need to be communicated to several stakeholders within WeaveGrid.

You understand that this is an industry where trust is paramount, and that your role will be critical in building and maintaining the trust our clients have in us now. You want to grow and leverage WeaveGrid’s positive reputation in our industry by ensuring that we deliver not only a secure platform, but also a supporting organization that is prepared for contingencies. You enjoy working in a fast-paced environment at a high growth company, while demonstrating a high degree of empathy for clients and team members across departments.

To meet the needs of this role, you will bring
  • Significant domain expertise through industry experience in several of the following areas: NIST CSF, CIS, OWASP, SOC 2, CCPA, ISO-27001, NERC CIP
  • Experience with at least two of the following areas: policy administration, GRC tooling administration, security questionnaires, requirements gathering and communication to stakeholders
  • Demonstrated track record of empathy, individual initiative, a spirit of inquiry, and solutions-orientation
  • Attention to detail and ability to function effectively under time pressure
  • Ability to work with diverse teams and translate between various areas of expertise
  • Flexibility and willingness to take on a variety of tasks in response to immediate needs
  • Excellent written and oral communication skills
  • Strong interpersonal skills and excellent work ethic
  • Comfort with remote collaboration tools. Travel required, when appropriate in accordance with health guidelines
  • 3+ years of full-time experience working directly in GRC for a SaaS product
  • Preference for experience in data intensive Enterprise SaaS and/or multi-sided platforms
  • BA/BS, or equivalent experience, in technical field
Apply to this job