Security & Compliance Operations Associate
Bruno
About Bruno:
Bruno is an open-source, Git-native API client built for developers who prefer local-first workflows, minimal UI, and simplicity. We’re growing fast and looking for a Security & Compliance Operations Associate to help us prepare for major security certifications and customer trust initiatives.
Background:
This is a full-time, onsite role reporting to our COO and working closely with our engineering and operations teams.
We’re entering a phase of enterprise growth and need to formalize our security and compliance posture (SOC 2, ISO 27001, etc.). You’ll help us build and operationalize that foundation documenting controls, collecting audit evidence, and managing customer assurance activities.
What you’ll do:
Coordinate evidence collection and readiness activities for SOC 2 and ISO 27001.
Maintain Bruno’s standard security documentation (SIG, CAIQ, Trust Center materials).
Respond to customer security questionnaires.
Track compliance milestones, policy updates, and corrective actions.
Collaborate with engineering to document and verify security controls.
Support internal security awareness and training efforts.
Maintain vendor and third-party security documentation.
About you:
2–5 years in Compliance, GRC, IT Audit, or Security Operations.
Familiar with SOC 2, ISO 27001, GDPR, and SaaS vendor risk frameworks.
Strong writing and documentation skills.
Highly organized with attention to accuracy and consistency.
Able to translate technical practices into clear, audit-ready documentation.
Experience with tools like Vanta, Drata, or Tugboat Logic is a plus.
Bonus:
Prior experience supporting SOC 2 or ISO audits.
Technical literacy (basic understanding of cloud, CI/CD, and application security).
Interest in developer tooling or open-source ecosystems.