Security and Compliance Manager
Company: Sierra
Location: San Francisco
Posted on: April 3, 2026
|
|
|
Job Description:
About us At Sierra, we’re creating a platform to help businesses
build better, more human customer experiences with AI. We are
primarily an in-person company based in San Francisco, with growing
offices in Atlanta, New York, London, Paris, Madrid, Munich,
Singapore, Japan, and Sydney. We are guided by a set of values that
are at the core of our actions and define our culture: Trust,
Customer Obsession, Craftsmanship, Intensity, and Family. These
values are the foundation of our work, and we are committed to
upholding them in everything we do. Our co-founders are Bret Taylor
and Clay Bavor . Bret currently serves as Board Chair of OpenAI.
Previously, he was co-CEO of Salesforce (which had acquired the
company he founded, Quip) and CTO of Facebook. Bret was also one of
Google's earliest product managers and co-creator of Google Maps.
Before founding Sierra, Clay spent 18 years at Google, where he
most recently led Google Labs. Earlier, he started and led Google’s
AR/VR effort, Project Starline, and Google Lens. Before that, Clay
led the product and design teams for Google Workspace. What you'll
do Own independent audits and regulatory programs including ISO
42001, PCI DSS, NIST 800-53, FedRAMP, HIPAA, and related
frameworks. Drive scope definition, readiness assessments, auditor
engagement, remediation planning, and executive level reporting.
Develop a strong working understanding of Sierra’s Conversational
AI Platform, model providers, and cloud architecture. Partner with
Platform and Agent Engineering to design and operationalize
controls across multi cloud environments, infrastructure, inference
and data platforms. Build a centralized and evolving security
controls library mapped to compliance, regulatory and customer
requirements. Continuously assess control effectiveness, identify
gaps, prioritize risk, and drive remediation that strengthens
Sierra’s security and compliance posture. Define and enforce
security baselines for cloud infrastructure, containerized
workloads, Kubernetes, identity, encryption, logging, and network
security controls. Partner with engineering teams to integrate
security requirements into configuration and change management.
Design and operate automated compliance workflows using AI,
infrastructure as code, and security tooling to reduce manual
effort, improve control assurance, and scale with platform
evolution. Who you’ll work with You will act as a strategic partner
to Platform, Product, Agent Development, Legal, and GTM, ensuring
security and compliance requirements are embedded into architecture
decisions, product roadmaps, and go to market execution while
supporting product velocity and technical complexity. What you’ll
bring 8 years of experience in security compliance or GRC or
security adjacent roles within fast growing technology companies.
Deep expertise in security compliance frameworks including ISO
42001, PCI DSS, NIST 800-53, FedRAMP, and similar regulatory
environments. A systems oriented and engineering focused GRC
mindset, with the ability to reason about cloud architecture, data
flows, and control effectiveness alongside engineers. Experience
owning complex audits and driving risk based remediation across
distributed teams. Hands-on experience with multi-cloud
infrastructure (AWS, Azure, GCP). Strong experience implementing
and automating security controls across cloud infrastructure,
configuration management, container security, Kubernetes,
encryption, identity, and authentication systems. Ability to
clearly communicate compliance requirements internally to
engineering teams and externally to customers in a technically
credible way. Relevant certifications such as CISSP, CISA, PCI ISA,
ISO 27001 Lead Auditor, or equivalent experience. Even better
Experience supporting AI platforms, fintech, healthcare, or other
highly regulated environments. Familiarity with global regulatory
environments including GDPR, DORA, the EU AI Act, and emerging
security and AI governance requirements across APAC regions.
Experience supporting public sector or FedRAMP aligned
environments. Why join us? You will operate at the center of AI
systems, cloud infrastructure, and global compliance, shaping how
security controls are designed and scaled for modern AI platforms.
This role offers high ownership, deep technical partnership with
engineering, and the opportunity to define what strong GRC looks
like at Sierra. Our values Trust: We build trust with our customers
with our accountability, empathy, quality, and responsiveness. We
build trust in AI by making it more accessible, safe, and useful.
We build trust with each other by showing up for each other
professionally and personally, creating an environment that enables
all of us to do our best work. Customer Obsession: We deeply
understand our customers’ business goals and relentlessly focus on
driving outcomes, not just technical milestones. Everyone at the
company knows and spends time with our customers. When our customer
is having an issue, we drop everything and fix it. Craftsmanship:
We get the details right, from the words on the page to the system
architecture. We have good taste. When we notice something isn’t
right, we take the time to fix it. We are proud of the products we
produce. We continuously self-reflect to continuously self-improve.
Intensity: We know we don’t have the luxury of patience. We play to
win. We care about our product being the best, and when it isn’t,
we fix it. When we fail, we talk about it openly and without blame
so we succeed the next time. Family: We know that balance and
intensity are compatible, and we model it in our actions and
processes. We are the best technology company for parents. We
support and respect each other and celebrate each other’s personal
and professional achievements. What we offer We want our benefits
to reflect our values and offer the following to full-time
employees: Flexible (Unlimited) Paid Time Off Medical, Dental, and
Vision benefits for you and your family Life Insurance and
Disability Benefits Retirement Plan (e.g., 401K, pension) with
Sierra match Parental Leave Fertility and family building benefits
through Carrot Lunch, as well as delicious snacks and coffee to
keep you energized Discretionary Benefit Stipend giving people the
ability to spend where it matters most Free alphorn lessons These
benefits are further detailed in Sierra's policies, may vary by
region, and are subject to change at any time, consistent with the
terms of any applicable compensation or benefits plans. Eligible
full-time employees can participate in Sierra's equity plans
subject to the terms of the applicable plans and policies. Be you,
with us We're working to bring the transformative power of AI to
every organization in the world. To do so, it is important to us
that the diversity of our employees represents the diversity of our
customers. We believe that our work and culture are better when we
encourage, support, and respect different skills and experiences
represented within our team. We encourage you to apply even if your
experience doesn't precisely match the job description. We strive
to evaluate all applicants consistently without regard to race,
color, religion, gender, national origin, age, disability, veteran
status, pregnancy, gender expression or identity, sexual
orientation, citizenship, or any other legally protected class.
Keywords: Sierra, Berkeley , Security and Compliance Manager, IT / Software / Systems , San Francisco, California
