Principal Security & Compliance Advisor, Outpost

Pliancy is fundamentally changing the way businesses value technology. We're on a mission to prove that the right technology (and the right technologists) can help accelerate progress toward radical, ambitious goals. Pliancy specializes in partnering with life sciences organizations, capital management firms, and emerging startups, providing IT support to bold leaders pushing science and technology forward.

Our employees and clients find that we’re starkly different from other IT organizations because we challenge the status quo in two major ways: by putting people first in every decision we make, and by innovating towards simplicity every chance we get. As a people-first company that invests in the long-term success of our employees, we’re looking for creative thinkers who like to solve interesting problems. We prioritize curiosity and empathy in all of our hiring decisions.

Remote, United States

Outpost Security is Pliancy’s security and compliance brand for organizations that need practical, expert-led guidance without the fear-mongering or obfuscation that too often comes with cybersecurity. Our thesis is simple: security should be comprehensive and comprehensible. We translate complex policies, controls, and systems into straightforward action plans that help clients understand what they need, how they are protected, and why it matters.

Outpost is hiring a founding member of our service delivery team to help build, productize, and deliver our security, compliance, and AI governance offering for clients in finance, venture capital, private equity, hedge funds, family offices, technology, and biotech.

This is a senior, client-facing role for someone who can operate as both a trusted advisor and a practical implementer. You’ll help clients make sense of security, compliance, and AI risk decisions, translate business objectives into action plans, and guide the work required to improve their security posture while using emerging technologies responsibly. You’ll also work closely with the Managing Director of Outpost to shape how Outpost delivers services, packages its offerings, documents its playbooks, and scales over time. This is far more than a narrow compliance checklist role, and it is not a behind-the-scenes engineering-only role. The right person will care deeply about documentation, but even more about helping clients reach their business objectives and delivering an exceptional client experience along the way. You should be comfortable with ambiguity, energized by building something new, and excited to help define the operating model for an important and growing part of Pliancy.

A typical week might include leading a security roadmap conversation with a venture capital client, preparing a practical SEC-readiness action plan, reviewing a client’s access control and onboarding workflows, advising a leadership team on secure AI usage, drafting or improving documentation, helping evaluate tools such as compliance automation, MDR, SIEM, vulnerability management, AI productivity platforms, cyber insurance, and translating technical findings into clear executive-level recommendations.

You’ll spend a meaningful amount of time directly with clients, listening for what they are trying to accomplish as a business and helping them understand the security and compliance work required to get there. You’ll also spend time internally building the Outpost delivery engine: refining service packages, creating reusable templates, improving project plans, strengthening documentation standards, and sharing what you are seeing in the market so we can keep making the offering better.

Because Outpost is still being built, the work will evolve. Some days will be advisory-heavy. Some days will be implementation-heavy. Some days will require creating the playbook while you are delivering the work. 

You’re an attentive and curious person who loves connecting with the people you support. Clients are people, not ticket numbers, findings, or controls to close. You build relationships, and as a by-product, you build trust.

You understand that security and compliance are most valuable when they help the business move forward. You also understand that AI is quickly becoming part of how clients operate, and that the answer cannot simply be “no.” You can help clients evaluate where AI is useful, where it creates risk, how to adopt it securely, and how to create practical guardrails without slowing the business down. You can explain complex ideas in plain language, tailor recommendations to a client’s risk tolerance and operating reality, and balance best practices with practical judgment. You have strong opinions about what good looks like, but you are not rigid or theatrical about it.

You take pride in your work, follow through on commitments, and care about the details. You like documentation because it creates clarity, consistency, and leverage. You are comfortable working with executives, operators, technical teams, auditors, vendors, and non-technical stakeholders. You enjoy helping a team move swiftly and efficiently toward a common goal. Variety should energize and excite you!

• →Serve as a senior security and compliance advisor for Outpost clients, with an emphasis on finance firms, including VC, PE, hedge funds, family offices, both ERAs and RIAs, and other investment firms, as well as select technology and biotech startups.
• →Lead consultative client conversations around governance, risk, controls, compliance readiness, secure AI adoption, security roadmaps, vendor selection, audit preparation, DDQs, cybersecurity insurance, incident preparedness, and operational workflows.
• →Translate client business objectives into practical security and compliance action plans that are clear, prioritized, and realistic.
• →Help clients understand, evaluate, and securely adopt AI tools, including usage policies, data handling expectations, vendor risk considerations, access controls, employee guidance, and practical governance models.
• →Help design, document, and continuously improve Outpost’s service delivery playbooks, templates, project plans, assessment methods, and client-facing deliverables.
• →Deliver leadership-level roadmapping and project ownership across ongoing client engagements.
• →Support clients working toward or maintaining compliance with frameworks and requirements such as SOC 2, ISO 27001, NIST CSF, CIS Controls, CCPA, GDPR, HIPAA-adjacent requirements, and other relevant security or privacy obligations.
• →Assess and improve client processes such as onboarding, offboarding, access reviews, vendor risk management, business continuity, disaster recovery, incident response, policy management, and control monitoring.
• →Advise on and help implement systems and tools across categories such as compliance automation, identity and access management, endpoint security, MDR, SIEM, vulnerability management, MDM, backup and recovery, AI productivity platforms, and security awareness.
• →Partner with Pliancy teams to connect security and compliance recommendations to the underlying IT systems, workflows, and support model required to make them stick.
• →Create high-quality internal and client-facing documentation that improves clarity, repeatability, and client experience.
• →Share market observations, client feedback, recurring pain points, and delivery lessons with Outpost leadership to help productize the offering.
• →Help shape future hiring, operating processes, and service standards as Outpost grows.

• 5+ years of experience in security, compliance, GRC, vCISO, security consulting, advisory, MSP/MSSP, or a comparable client-facing security role.
• Strong working knowledge of security and compliance domains such as governance, risk management, control assessments, access controls, audit readiness, vendor risk, incident response, vulnerability management, business continuity, and data protection.
• Experience advising executives or senior operators on security and compliance decisions.
• Experience translating frameworks, audit requirements, regulatory expectations, or emerging technology risks into practical workstreams.
• Familiarity with frameworks and standards such as ISO 27001, NIST CSF, NIST 800-53, CIS Controls, CCPA, GDPR, and HIPAA.
• Comfort working with finance, investment management, venture capital, private equity, hedge fund, family office, startup, technology, or biotech clients.
• Comfort advising clients on responsible AI usage, including secure adoption, acceptable use, data protection, vendor review, employee enablement, and business-process implications.
• Ability to communicate clearly with both technical and non-technical audiences.
• Strong client-service instincts, including follow-up, follow-through, responsiveness, expectation-setting, and good judgment under pressure.
• Ability and willingness to properly document processes, decisions, risks, controls, assets, and recommendations.
• A practical understanding of common security tooling categories, including IAM, MDM, EDR/XDR, MDR, SIEM, vulnerability management, backup and recovery, compliance automation, and security awareness platforms.
• A practical understanding of how AI tools are being adopted inside modern businesses, including common risks around sensitive data, access, vendor terms, employee usage, workflow design, and governance.
• Demonstrated ability to learn new technologies, client environments, and business contexts quickly.
• A sense of ownership and pride in your work.
• A team-centric mentality, with a focus on collaboration, communication, documentation, improving processes, and succeeding together.
• Authorization to work in the United States for any employer.

• Experience supporting SEC-regulated investment advisers, Exempt Reporting Advisers, Registered Investment Advisers, private fund managers, broker-dealer-adjacent environments, or other financial services organizations.
• Experience with compliance automation platforms such as Drata, Vanta, Secureframe, Tugboat Logic, or similar tools.
• Experience developing AI acceptable-use policies, AI governance models, secure AI adoption plans, vendor review processes, or employee enablement materials.
• Experience with MDR, SIEM, vulnerability management, BCDR, cyber insurance, TPRM, penetration testing coordination, or incident response planning.
• Certifications such as CISSP, CISM, CISA, CCSP, CRISC, GIAC, or equivalent practical experience.
• Experience building or scaling a service delivery model, advisory practice, managed service, or productized consulting offering.
• Experience creating client-ready templates, assessment methods, roadmaps, policy libraries, or implementation playbooks.
• Familiarity with scripting, automation, APIs, or lightweight technical implementation work.
• Experience in MSP, MSSP, professional services, consulting, or high-touch client service environments.

This is a fully remote, US-based role. Most work will be performed from a home office or remote workspace, using a computer and standard office equipment for prolonged periods. The role may involve very occasional travel for team meetings, client workshops, conferences, or strategically important onsite engagements. Because Outpost supports clients across multiple time zones (EST to PST), you should be comfortable working with a distributed team and adjusting your schedule as client needs require.