Senior IS&T Governance Partner

Parloa•New York City, NY

21h•$100,000 - $140,000•Hybrid

About The Position

YOUR MISSION: As a Senior IS&T Governance Partner at Parloa, you will play a key role in safeguarding the trust and credibility of our platform by ensuring the highest standards of governance, security, and regulatory compliance. You will be entrusted with one of the organization’s most critical responsibilities: enabling Parloa to scale rapidly while remaining compliant, secure, and audit-ready at all times. at Parloa, you will play a key role in safeguarding the trust and credibility of our platform by ensuring the highest standards of governance, security, and regulatory compliance. You will be entrusted with one of the organization’s most critical responsibilities: enabling Parloa to scale rapidly while remaining compliant, secure, and audit-ready at all times. Our IS&T Governance Department is building a world-class framework for governance, assurance, and risk management. We are establishing a mature structure of internal controls, reviews, and audits to certify our products and operations against the highest international standards, including ISO 27001, ISO 22301, PCI DSS, HIPAA , and other relevant regulatory and industry frameworks. Today, our team consists of four specialists covering Risk Management, Compliance, Business Continuity, and Information Security Management . We are now expanding this function to scale with the company’s growth and increasing regulatory and security demands. This is a rare opportunity to become an early member of Parloa’s internal Governance function and play a pivotal role in shaping how security, compliance, and risk management are embedded into a high-growth, AI-driven organization. You will help ensure that Parloa not only complies with all applicable regulatory and contractual obligations, but set IN THIS ROLE YOU WILL: Act as a core member of the remotely distributed IS&T Governance team, fostering a strong culture of security and compliance awareness across planning, development, and operational activities. Ensure that changes in product, development, and operational processes are properly documented, risk-assessed, and reviewed in a timely and structured manner. Partner with the Commercial organization by supporting security and compliance questionnaires, contributing to contract and DPA reviews, and participating in customer calls as a trusted subject matter expert. Manage and respond to incoming requests related to compliance, information security, and regulatory topics, providing clear, pragmatic, and actionable guidance to internal stakeholders. Serve as the internal authority on information security best practices, continuously promoting industry standards and driving their consistent adoption across the organization. Lead and support the preparation, execution, and continuous maintenance of security certifications and regulatory frameworks (e.g., ISO 27001, ISO 22301, SOC 2, PCI DSS, HIPAA). When new certifications or regulatory frameworks are required, take ownership of understanding the applicable security and legal requirements in close alignment with Legal and the DPO, and translate them into hands-on guidance for engineering, product, and operations teams. Drive the practical implementation and adoption of compliance controls by embedding governance and security requirements into daily workflows and technical designs. Contribute to the definition and continuous improvement of governance processes, policies, and standards to ensure scalability and long-term audit readiness. Support risk assessments, DPIAs, and control design activities for new products, features, and architectural changes.

Requirements

A seasoned GRC / Information Security professional with 6–10+ years of experience across information security, compliance, risk management, and regulatory frameworks in technology-driven environments.
Deeply experienced in security and compliance standards such as ISO 27001, SOC II, FedRAMP, PCI DSS v4, ISO 42001, and data protection regulations (e.g., GDPR, CCPA), with a strong understanding of how they apply in modern SaaS and AI platforms.
A trusted advisor who can confidently engage with engineers, product leaders, legal teams, auditors, and enterprise customers, translating complex regulatory requirements into clear, practical actions.
A hands-on operator who is comfortable moving between strategic governance design and detailed control implementation, audits, and evidence generation.
A builder of scalable governance who designs processes and controls that enable speed and innovation rather than slow them down.
A culture carrier who naturally embeds security, privacy, and compliance thinking into everyday decision-making across the organization.
Analytical and pragmatic , balancing regulatory rigor with business reality to deliver solutions that are both compliant and operationally efficient.
Resilient under pressure , remaining structured, credible, and decisive in audits, customer security reviews, and high-stakes compliance discussions.
A continuous learner who stays current on emerging regulations, security standards, and best practices in cloud security, AI governance, and data protection.

Responsibilities

Act as a core member of the remotely distributed IS&T Governance team, fostering a strong culture of security and compliance awareness across planning, development, and operational activities.
Ensure that changes in product, development, and operational processes are properly documented, risk-assessed, and reviewed in a timely and structured manner.
Partner with the Commercial organization by supporting security and compliance questionnaires, contributing to contract and DPA reviews, and participating in customer calls as a trusted subject matter expert.
Manage and respond to incoming requests related to compliance, information security, and regulatory topics, providing clear, pragmatic, and actionable guidance to internal stakeholders.
Serve as the internal authority on information security best practices, continuously promoting industry standards and driving their consistent adoption across the organization.
Lead and support the preparation, execution, and continuous maintenance of security certifications and regulatory frameworks (e.g., ISO 27001, ISO 22301, SOC 2, PCI DSS, HIPAA).
When new certifications or regulatory frameworks are required, take ownership of understanding the applicable security and legal requirements in close alignment with Legal and the DPO, and translate them into hands-on guidance for engineering, product, and operations teams.
Drive the practical implementation and adoption of compliance controls by embedding governance and security requirements into daily workflows and technical designs.
Contribute to the definition and continuous improvement of governance processes, policies, and standards to ensure scalability and long-term audit readiness.
Support risk assessments, DPIAs, and control design activities for new products, features, and architectural changes.

Benefits

The opportunity to join a rapidly growing Conversational AI startup with offices in Berlin, New York, and Munich.
Enjoy an immersive company onboarding experience, where you’ll have the chance to delve into the Parloa product and immerse yourself in our dynamic company culture.
Hybrid work environment - we believe in hiring the best talent, no matter where they are based. However, we love to build real connections and want to welcome everyone in the office on certain days.
Attractive compensation package with equity.
Training and development budget which can be used for conferences and attending development courses to ensure continuous professional growth.
Flexible working hours, Unlimited PTO and travel opportunities.
Regular team events, game nights, and other social activities.
A beautiful office with flair in the heart of NYC with all the conveniences, such as social area, snacks, and drinks.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume