Director, Security Risk & Compliance
Nscale, Seattle, WA, United States
Nscale is the GPU cloud engineered for AI. We provide cost-effective, high-performance infrastructure for AI start-ups and large enterprise customers. Nscale enables AI-focused companies to achieve superior results by reducing the complexity of AI development. Our GPU cloud bolsters technical capabilities and directly supports strategic business outcomes, including cost management, rapid innovation, and environmental responsibility.
We thrive on a culture of relentless innovation, ownership, and accountability, where every team member takes pride in their work and drives it with excellence and urgency. As an Nscaler, you’ll build trust through openness and transparency, where everyone is inspired to do their best work. If you join our team, you’ll be contributing to building the technology that powers the future.
About the Role (Job Purpose) Nscale is seeking a Director, Security Risk & Compliance to lead our global security governance, risk, compliance, and customer assurance programs.
Reporting to the CISO, this executive will be responsible for enterprise security risk management, issue management, regulatory compliance, certifications, policy governance, security awareness, data governance, and customer trust.
This is a highly strategic role at the center of Nscale’s enterprise growth. As we sign large enterprise and regulated customers with significant security requirements, this leader will ensure Nscale’s security posture meets — and exceeds — global standards while enabling business velocity.
Please apply only if you have hands-on experience designing and implementing AI-driven cybersecurity programs, and can demonstrate prior work (e.g., case studies, architectures, or deployed solutions).
What You’ll be Doing (Responsibilities) Security Risk & Governance
Establish and lead Nscale’s global security risk management framework aligned to NIST Cybersecurity Framework (CSF) and international best practices.
Maintain enterprise risk registers and oversee issue identification, tracking, and remediation.
Develop and report security KPIs, KRIs, and board-level metrics.
Drive structured governance processes across engineering, infrastructure, and corporate functions.
Ensure continuous improvement across Identify, Protect, Detect, Respond, and Recover domains.
Compliance & Certifications
Oversee global compliance programs including ISO 27001, SOC 2, NIST CSF, NIS2, Cyber Essentials Plus, and other applicable regulatory frameworks.
Lead certification efforts, surveillance audits, and recertifications.
Ensure technical controls are mapped and aligned across ISO, SOC 2, and NIST CSF domains.
Anticipate and prepare for evolving regulatory requirements across North America, EMEA, and APAC.
Customer Trust & Deal Support
Own the security component of enterprise deal enablement.
Support RFPs, security questionnaires, and customer due diligence assessments.
Engage directly with enterprise security and risk teams during negotiations.
Develop standardized trust materials (security whitepapers, control matrices, assurance packages).
Policy Management & Assurance
Oversee security policy development, lifecycle management, and governance alignment to NIST CSF and ISO controls.
Ensure policies are operationalized, measurable, and auditable.
Lead internal control testing, assurance reviews, and continuous monitoring activities.
Coordinate cross-functional remediation efforts.
Training & Awareness
Develop and scale global security awareness and role-based training programs.
Foster a culture of shared security ownership across engineering and corporate teams.
Data Governance & Privacy Alignment
Partner with Legal, Product, and Engineering to mature data governance frameworks.
Oversee data classification, handling standards, retention, and cross-border data controls.
Align governance practices with regulatory and enterprise customer expectations.
Leadership & Cross‑Functional Partnership
Build and lead a high‑performing global GRC and assurance organization.
Partner closely with Engineering, Product, Legal, Sales, Finance, and Executive Leadership.
Contribute to overall security strategy in partnership with the CISO.
About You (Skills / Qualifications) Required
15+ years of experience in security risk management, compliance, or governance leadership.
Experience leading global compliance programs in cloud, infrastructure, SaaS, or regulated environments.
Deep familiarity with NIST CSF, ISO 27001, SOC 2, and NIS2, and experience mapping controls across multiple frameworks.
Experience supporting enterprise sales cycles and large‑customer security due diligence.
Demonstrated ability to build scalable risk and issue management programs.
Experience presenting security risk and compliance posture to executive leadership and boards.
Nice to Have
Experience in AI, GPU, cloud, or infrastructure platforms.
Background in regulated industries or critical infrastructure.
Experience operating across North America, EMEA, and APAC.
Professional certifications (e.g., CISSP, CISM, CRISC, ISO Lead Auditor).
What We Can Offer You
Highly competitive package (base + equity) with reviews every 12 months.
Join the fastest‑growing tech startup, your chance to push boundaries, collaborate with brilliant minds, and make your mark on cutting‑edge AI.
Expect a dynamic progression plan tailored to your ambitions. Grow by trying new things, leading, challenging the status quo, and owning your impact, always with our full support.
Human‑First Flexibility: We treat you as humans first. Our flexible workplace trusts Nscalers to deliver, giving you the autonomy to shape your day around life's moments.
Join our thriving remote‑first team. Geography is no barrier to impact or connection. We build seamless virtual collaboration, empowering you, wherever you work.
We strongly encourage applications from people of color, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio‑economic backgrounds.
If there’s anything we can do to accommodate your specific situation, please let us know.
The responsibilities outlined in this job description are not exhaustive and are intended to provide a general overview of the position. The employee may be required to perform additional duties, tasks, and responsibilities as assigned by management, consistent with the skills and qualifications required for the role.
For information on how Nscale handles candidate personal data, please see our Employee & Candidate Privacy Notice: Here.
#J-18808-Ljbffr
We thrive on a culture of relentless innovation, ownership, and accountability, where every team member takes pride in their work and drives it with excellence and urgency. As an Nscaler, you’ll build trust through openness and transparency, where everyone is inspired to do their best work. If you join our team, you’ll be contributing to building the technology that powers the future.
About the Role (Job Purpose) Nscale is seeking a Director, Security Risk & Compliance to lead our global security governance, risk, compliance, and customer assurance programs.
Reporting to the CISO, this executive will be responsible for enterprise security risk management, issue management, regulatory compliance, certifications, policy governance, security awareness, data governance, and customer trust.
This is a highly strategic role at the center of Nscale’s enterprise growth. As we sign large enterprise and regulated customers with significant security requirements, this leader will ensure Nscale’s security posture meets — and exceeds — global standards while enabling business velocity.
Please apply only if you have hands-on experience designing and implementing AI-driven cybersecurity programs, and can demonstrate prior work (e.g., case studies, architectures, or deployed solutions).
What You’ll be Doing (Responsibilities) Security Risk & Governance
Establish and lead Nscale’s global security risk management framework aligned to NIST Cybersecurity Framework (CSF) and international best practices.
Maintain enterprise risk registers and oversee issue identification, tracking, and remediation.
Develop and report security KPIs, KRIs, and board-level metrics.
Drive structured governance processes across engineering, infrastructure, and corporate functions.
Ensure continuous improvement across Identify, Protect, Detect, Respond, and Recover domains.
Compliance & Certifications
Oversee global compliance programs including ISO 27001, SOC 2, NIST CSF, NIS2, Cyber Essentials Plus, and other applicable regulatory frameworks.
Lead certification efforts, surveillance audits, and recertifications.
Ensure technical controls are mapped and aligned across ISO, SOC 2, and NIST CSF domains.
Anticipate and prepare for evolving regulatory requirements across North America, EMEA, and APAC.
Customer Trust & Deal Support
Own the security component of enterprise deal enablement.
Support RFPs, security questionnaires, and customer due diligence assessments.
Engage directly with enterprise security and risk teams during negotiations.
Develop standardized trust materials (security whitepapers, control matrices, assurance packages).
Policy Management & Assurance
Oversee security policy development, lifecycle management, and governance alignment to NIST CSF and ISO controls.
Ensure policies are operationalized, measurable, and auditable.
Lead internal control testing, assurance reviews, and continuous monitoring activities.
Coordinate cross-functional remediation efforts.
Training & Awareness
Develop and scale global security awareness and role-based training programs.
Foster a culture of shared security ownership across engineering and corporate teams.
Data Governance & Privacy Alignment
Partner with Legal, Product, and Engineering to mature data governance frameworks.
Oversee data classification, handling standards, retention, and cross-border data controls.
Align governance practices with regulatory and enterprise customer expectations.
Leadership & Cross‑Functional Partnership
Build and lead a high‑performing global GRC and assurance organization.
Partner closely with Engineering, Product, Legal, Sales, Finance, and Executive Leadership.
Contribute to overall security strategy in partnership with the CISO.
About You (Skills / Qualifications) Required
15+ years of experience in security risk management, compliance, or governance leadership.
Experience leading global compliance programs in cloud, infrastructure, SaaS, or regulated environments.
Deep familiarity with NIST CSF, ISO 27001, SOC 2, and NIS2, and experience mapping controls across multiple frameworks.
Experience supporting enterprise sales cycles and large‑customer security due diligence.
Demonstrated ability to build scalable risk and issue management programs.
Experience presenting security risk and compliance posture to executive leadership and boards.
Nice to Have
Experience in AI, GPU, cloud, or infrastructure platforms.
Background in regulated industries or critical infrastructure.
Experience operating across North America, EMEA, and APAC.
Professional certifications (e.g., CISSP, CISM, CRISC, ISO Lead Auditor).
What We Can Offer You
Highly competitive package (base + equity) with reviews every 12 months.
Join the fastest‑growing tech startup, your chance to push boundaries, collaborate with brilliant minds, and make your mark on cutting‑edge AI.
Expect a dynamic progression plan tailored to your ambitions. Grow by trying new things, leading, challenging the status quo, and owning your impact, always with our full support.
Human‑First Flexibility: We treat you as humans first. Our flexible workplace trusts Nscalers to deliver, giving you the autonomy to shape your day around life's moments.
Join our thriving remote‑first team. Geography is no barrier to impact or connection. We build seamless virtual collaboration, empowering you, wherever you work.
We strongly encourage applications from people of color, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio‑economic backgrounds.
If there’s anything we can do to accommodate your specific situation, please let us know.
The responsibilities outlined in this job description are not exhaustive and are intended to provide a general overview of the position. The employee may be required to perform additional duties, tasks, and responsibilities as assigned by management, consistent with the skills and qualifications required for the role.
For information on how Nscale handles candidate personal data, please see our Employee & Candidate Privacy Notice: Here.
#J-18808-Ljbffr