GRC Operations Lead bei Adaptive Security

About Adaptive

Adaptive is a cybersecurity startup on a mission to stop AI-powered cyberattacks, founded by Brian Long and Andrew Jones—proven entrepreneurs behind Attentive (Forbes Cloud 100, $10B+ valuation) and TapCommerce (acquired by Twitter). In April 2025, Adaptive raised $43M, led by a16z and the OpenAI Fund, marking OpenAI's first-ever cybersecurity investment.

As generative AI drives new cyber threats, Adaptive is building the defense layer every organization needs. Our platform combines personalized security training, AI-driven attack simulations, and automated threat triage, all powered by the Adaptive Risk Intelligence Engine to quantify human risk at the individual level. Trusted by top banks, tech companies, and healthcare organizations, we protect teams from emerging threats like deepfakes, smishing, and voice scams. With a solid product foundation and a $200B+ market to transform, we're just getting started.

About the Role

We’re seeking a mid-senior IC to take a leadership role in how Adaptive builds its IT and security foundation. You’ll partner with leadership to shape our roadmap, evaluate and select vendors (e.g. MDM, IAM, monitoring tools), and guide our SOC2, GDPR, CCPA, and HIPAA processes. You’ll identify compliance and operational gaps, propose improvements, and then execute the rollout.

This is not a narrow IT support role. You’ll influence how the company scales its IT/security posture, while still running core processes like SaaS administration, onboarding/offboarding, and endpoint security. We’re looking for someone who can outline the processes and systems necessary and implement them.

Core Responsibilities

• Serve as the accountable owner for Adaptive’s compliance and IT/security operations, ensuring alignment across leadership, auditors, and employees.

• Partner with leadership to shape and evolve our IT/security roadmap.

• Lead vendor evaluation/selection for key IT/security tools (MDM, IAM, EDR, etc.).

• Drive compliance operations: gather evidence, maintain controls, and co-lead SOC2, GDPR, CCPA, and HIPAA compliance.

• Identify gaps in IT/security operations and propose/implement solutions.

• Own IAM and SaaS administration (Okta, Google, Slack, Zoom, etc.).

• Ensure device security posture (encryption, patching, MDM).

• Support onboarding/offboarding with scalable, automated processes.

What You Bring

• 4-8 years experience in IT/security operations.

• Proven experience evaluating and implementing IT/security tools.

• Hands-on with SaaS/IAM configuration and endpoint management.

• Familiarity with compliance frameworks (SOC2, HIPAA, CCPA, GDPR) and audit support.

• Strategic operator mindset: able to identify gaps, propose a plan, and execute.

• Organized, detail-oriented, and thrives in a fast-paced startup.