Security and Compliance Engineer

Hevo (www.hevodata.com) is a simple, intuitive, and powerful No-code Data Pipeline platform that enables companies to consolidate data from multiple software for faster analytics.

Hevo powers data analytics for 2000+ data-driven companies across multiple industry verticals, including Cult.fit, Postman, ThoughtSpot, Jawa Motorcycles. By automating complex data integration tasks, Hevo allows data teams to focus on deriving groundbreaking insights and driving their businesses forward.

Hevo’s mission is simple but bold: Build technology from India, for the world that is simple to adopt and easy to access so that everyone can unlock the potential of data.

Based in San Francisco and Bangalore, Hevo has seen exponential growth since its inception. With total funding of $42 million from Sequoia India, Qualgro, and Chiratae Ventures, Hevo is now entering a new phase of hyper-growth.

Hevoites are a bunch of thoughtful, helpful problem solvers who are obsessed with making a difference in the lives of their customers, colleagues, and their own individual trajectory. If you are someone who is passionate about redefining the future of technology, then Hevo is the place for you.

As a Senior Compliance Engineer at Hevo, you will be the primary owner of our security compliance posture — ensuring that Hevo's infrastructure, engineering practices, and internal processes meet the highest standards of regulatory and framework compliance. This is a unique, high-visibility role sitting at the intersection of security engineering and compliance, working closely with Engineering, Product, Legal, and Customer-facing teams. You will not only maintain and evolve Hevo's existing compliance certifications but also proactively build the systems and culture that make compliance a continuous, scalable practice rather than a point-in-time exercise.

• Own and manage Hevo's compliance certifications end-to-end — including SOC 2 Type II, ISO 27001, GDPR, and any other applicable frameworks — across audit cycles, evidence collection, and remediation

• Lead internal readiness assessments and gap analyses against compliance frameworks; define and drive remediation roadmaps in partnership with Engineering and Infrastructure teams

• Serve as the primary point of contact for external auditors, certification bodies, and customer security review teams

• Respond to customer security questionnaires, due diligence requests, and vendor assessments with accuracy and speed

• Design, implement, and continuously improve security controls across Hevo's cloud infrastructure, access management, data handling, and software development lifecycle (SDLC)

• Collaborate with DevOps and Engineering teams to embed security and compliance requirements into CI/CD pipelines, infrastructure-as-code, and deployment practices

• Conduct regular security risk assessments, vulnerability reviews, and internal audits — prioritizing findings and driving resolution within defined timelines

• Define and enforce policies around data classification, access controls, encryption, logging, monitoring, and incident response

• Develop, maintain, and operationalize security policies, standards, and procedures aligned with industry frameworks and Hevo's risk appetite

• Build and run a compliance awareness and training program across the organization — making security and compliance a shared responsibility

• Establish and maintain a continuous compliance monitoring framework using GRC tooling and automation where possible

• Track and report on compliance metrics, audit findings, and risk posture to leadership on a regular cadence

• Partner with Product and Engineering to assess compliance implications of new features, integrations, and infrastructure changes early in the development cycle

• Work with the Legal and Finance teams on contractual obligations, data processing agreements (DPAs), and regulatory requirements across geographies

• Support Sales and Customer Success in closing security-sensitive deals by providing timely, accurate responses to enterprise security reviews