
Job Description
Why Mintlify?
We're on a mission to empower builders.
Massive reach: Our docs platform serves 100 million+ developers every year and powers documentation for 20,000+ companies, including Anthropic, Microsoft, PayPal, Spotify, Coinbase, X, and over 20% of the last YC batch.
Small team, huge impact: We recently passed 65 employees and raised a $45 million Series B led by A16Z and Salesforce Ventures. Each new hire has a huge impact on shaping the company's trajectory.
Culture of slope over y-intercept: We value learning velocity, grit, and unapologetically unique personalities.
We grew in value faster than headcount and we’re looking to align the two quickly.
The Role
We're hiring our first dedicated GRC Program Manager to own the security & compliance program that our enterprise business runs on: SOC 2 Type II, ISO 27001, ISO 42001, GDPR, and Microsoft SSPA. The program exists and is well-documented — audits are mid-flight, the vCISO and auditors are engaged, the platform (Drata) is deployed. What it needs is a single accountable operator.
What You'll Do
Run five compliance programs end-to-end — own the audit calendar, evidence collection, remediation tracking, and auditor relationships (Sensiba for SOC 2/ISO; A-LIGN for Microsoft SSPA)
Administer Drata — keep monitors green, assign and validate evidence, manage policies and the trust center
Own the vendor bench — drive the weekly Rhymetec vCISO engagement, manage renewals and contracts across the security/compliance vendor portfolio
Run the standing processes — security questionnaire escalation, inbound vendor security reviews, bug bounty coordination (triage, researcher comms, payouts), trainings and access-review cadences
Be the customer-facing compliance voice — trust center, DPAs, subprocessor list, and enterprise security requirements (Microsoft, Coinbase, Okta-style programs)
Coordinate, don't silo — route technical work to Engineering DRIs with clear asks, and keep leadership out of the coordination loop
What We're Looking For
3+ years in GRC / compliance program management / security operations with direct audit ownership
Hands-on compliance-platform administration (Drata, Vanta, or similar)
Vendor and auditor relationship management as the accountable owner
Meticulous follow-through — in this job, a dropped thread is an audit finding
Bias toward automation and pushing work to tests/vendors rather than doing it manually forever
Bonus Points: ISO 42001 / AI governance exposure. GDPR operations (DSARs, RoPA, consent tooling). Early-stage startup experience as a sole compliance owner.
Company Benefits:
Competitive compensation and equity
20 days paid time off every year
401k or RRSP
$420/month wellness stipend
100% coverage for Health, dental, vision
Free Ubers to and from work
Free lunch and dinners
Annual team offsite (previously went to Alaska, Hawaii)
Optimize Your Resume for This Job
Get a match score and see exactly which keywords you're missing
Job Details
- Category
- Operations
- Employment Type
- Full Time
- Location
- San Francisco, CA
- Posted
- Compensation
- $120,000 - $180,000 per year
About Mintlify
Mintlify provides an intelligent platform that helps teams create, manage, and deliver documentation for products, APIs, and internal workflows. The platform integrates intelligence into writing, editing, and maintenance processes, ensuring content remains current and searchable for both users and machine understanding. It supports features such as context‑aware drafting, self‑updating knowledge bases, and AI assistants that guide users through documentation visits.
More Roles at Mintlify





Similar Operations Roles



Found this role interesting?