Security Compliance Specialist

About Prophecy

The leader in AI-native data preparation and analysis, Prophecy is revolutionizing how the world’s top enterprises turn data chaos into reliable insights. We introduce the AI-native data lifecycle (generate, refine, deploy) where our industry leading AI agents and humans work hand-in-hand in visual and document interfaces to analyze, transform and prepare data, to ship trusted insights at enterprise scale. To learn more, visit us on LinkedIn.

Don’t miss the rocket ship—join Prophecy and build the next data revolution.

Position Summary
We're hiring a Security Compliance Specialist to help us both define and implement our security and compliance posture. This is an individual contributor role with leadership and project management requirements with policy-level responsibilities like working with auditors, drafting policies, and helping the organization navigate regulatory frameworks. This is an amazing opportunity to be an early engineer in a high-growth, high-potential startup starting in Prophecy’s India Office. You will be working with a team of dynamic engineers who take pride in solving complex problems. We're seeking A players to work with A players. We're a high-growth company on a once-in-a-lifetime journey to revolutionise the way data engineering is done. Be a part of it.

The impact you will have
Enable secure, compliant AI at scale
Help the company build and operate trustworthy AI by establishing and maintaining security and privacy compliance foundations (e.g., SOC 2, ISO 27001, GDPR/CCPA where applicable). You’ll turn requirements into practical controls that support fast, safe product delivery.Own audits and customer trust from end to end
Lead readiness, evidence collection, and continuous improvement for internal and external audits. Partner with Sales, Security, Engineering, and Legal to respond to customer security reviews, questionnaires, and due diligence—translating technical reality into clear, credible assurance.
Build “compliance-by-design” into engineering workflows
Embed policies, risk assessments, and control checks into everyday processes (SDLC, change management, incident response, access reviews, vendor management). You’ll reduce friction by making the secure path the easiest path—especially for AI/ML systems and data pipelines.
Operate like an owner
Define success metrics (audit cycles, control coverage, risk closure time, vendor review SLAs) and continuously raise the bar. Take full ownership of programs and outcomes—driving alignment, execution, and measurable risk reduction without relying on hierarchy.

What You’ll Do?

• Own and build Information Security Compliance and Privacy program.
• Plan and manage audits end-to-end (e.g., SOC 2 / ISO 27001 or similar), including scoping, readiness, evidence collection, auditor coordination, and remediation tracking.
• Design, implement, and monitor cybersecurity controls across policies, processes, and technical systems; ensure controls remain effective through continuous review and testing.
• Build and maintain the compliance framework by mapping organizational controls to relevant standards and regulations (security, privacy, and emerging AI-related requirements).
• Develop and maintain security & privacy documentation, including policies, procedures, standards, guidelines, risk assessments, and exception processes—ensuring they are practical, adopted, and measurable.
• Handle customer security/compliance requests (security questionnaires, audits, attestations, RFP/security sections, and contractual security exhibits), ensuring timely, accurate, and consistent responses.
• Own and maintain the customer trust content: security documentation pack, compliance evidence library, standard responses, and “source of truth” artifacts to reduce turnaround time and improve consistency.
• Support privacy and data protection initiatives, working with stakeholders to operationalize data handling requirements (data inventory, retention, access, and third-party data processing).
• Manage third-party/vendor risk by leading security assessments, reviewing security addendums, and ensuring vendors meet required security and privacy obligations.
• Create compliance metrics and reporting for leadership—translating risk into actionable insights and balancing innovation/speed with appropriate controls.
• Enable strong security culture through clear communication, stakeholder training, and collaborative guidance that helps teams move fast while staying compliant.

What We Are Looking For

• 4+ years of relevant experience in information security compliance, risk management, data privacy, and/or information assurance (startup or high-growth environment preferred).
• Hands-on audit and control experience, including managing audits end-to-end and implementing/operationalizing cybersecurity controls, standards, and frameworks (e.g., SOC 2, ISO 27001, HIPAA, PCI DSS or similar).
• Strong policy and program-building skills—you’ve written and maintained security/privacy policies, procedures, and standards that teams actually adopt.
• Comfortable in cloud-native environments, with working knowledge of AWS/Azure/GCP and modern engineering workflows including CI/CD and secure SDLC practices.
• Exposure to AI-related compliance and risk, including familiarity with regulations/standards impacting AI and the ability to translate them into practical governance and controls.
• Customer-facing compliance capability, able to handle security questionnaires, customer assurance requests, and support sales cycles with clear, consistent security and compliance responses.
• Builder mindset and ownership, able to work independently, create structure from ambiguity, and scale a compliance function/program from scratch.
• Strong communication and collaboration, able to partner with engineering, product, legal, and sales—explaining risk clearly and driving alignment.
• Pragmatic judgment, balancing risk reduction with innovation and speed, and knowing when to escalate vs. unblock.

What You'll Have At Prophecy

• Great company culture.
• Competitive compensation.
• Fair and Open Equity awards for everyone.
• Amazing work.
• Private medical insurance.
• Manage your own growth and career.
• Experience building a transformative product.
• High learning opportunity.
• End-to-end ownership of your project.

Our Commitment to Diversity and Inclusion

At Prophecy, we hire for merit and foster an inclusive culture where people from diverse backgrounds can excel and do their best work. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Prophecy are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and any other protected characteristics under applicable laws.