Skip to content
All roles
Governance & Compliance

Head of Compliance (vCISO)

Principalfull-timeRemote (US/EU)$220k–$300k + equity
As Head of Compliance (vCISO) at Overnox, you build and lead our governance and compliance practice — and you personally serve as the executive-level security and compliance leader our clients rely on. You'll take startups and enterprises from "we have no framework" to audited, certified, and continuously compliant across SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR, while also standing up the AI governance programs enterprises increasingly need as they deploy AI at scale. This is a hybrid leadership and delivery role. You'll act as fractional vCISO across multiple client accounts — owning risk assessments, control design, policy programs, auditor relationships, and board/executive reporting — while also shaping Overnox's own compliance methodology, tooling, and playbooks so the whole team can deliver readiness faster and more repeatably. You'll partner closely with our security engineering practice to ensure controls aren't just documented but actually implemented and evidenced. This role matters because compliance is a top reason enterprises can't move fast on AI — and it's central to Overnox's promise of compliance-ready platforms. You are the leader who turns compliance from a blocker into a competitive advantage for our clients, and into a durable, differentiated service line for Overnox.

What you'll do

  • Serve as fractional vCISO across multiple client accounts, owning security and compliance strategy, risk posture, and executive/board reporting
  • Lead clients end to end through SOC 2 (Type I/II), ISO 27001, HIPAA, PCI DSS, and GDPR — gap assessments, control mapping (Trust Services Criteria, Annex A), remediation, and audit
  • Serve as the single point of contact for external auditors, defending control decisions and driving efficient audit cycles
  • Design and stand up AI governance programs: AI risk assessments, model/usage policies, and controls aligned to frameworks like the NIST AI RMF and ISO 42001
  • Build and maintain policy suites, ISMS documentation, risk registers, and continuous-compliance processes (access reviews, evidence collection, control monitoring)
  • Define Overnox's compliance methodology, playbooks, and tooling (including compliance-automation platforms) to make delivery faster and repeatable
  • Partner with security engineering to ensure controls are implemented and evidenced, not just written, and translate technical risk for business stakeholders
  • Build and mentor the governance & compliance team as the practice scales

What we're looking for

  • 12+ years in security, GRC, or compliance leadership, including CISO, vCISO, or Head of Compliance-level responsibility
  • Deep, hands-on expertise leading organizations through SOC 2 and ISO 27001, plus working knowledge of HIPAA, PCI DSS, and GDPR
  • Proven track record owning audits end to end and serving as the primary auditor interface
  • Strong command of control frameworks (AICPA TSC, ISO 27001 Annex A, NIST CSF) and the ability to map, implement, and evidence controls
  • Experience building security programs, policies, and ISMS documentation from the ground up
  • Ability to advise executives and boards and to translate risk into business decisions
  • Familiarity with cloud and modern SaaS/AI architectures well enough to assess real technical risk
  • Excellent client-facing communication and the gravitas to lead in the room with client leadership

Nice to have

  • Experience designing AI governance programs (NIST AI RMF, ISO 42001, EU AI Act readiness)
  • Relevant certifications (CISSP, CISA, CISM, ISO 27001 Lead Auditor/Implementer)
  • Hands-on experience with compliance-automation platforms (Vanta, Drata, or similar)
  • Consulting or MSP background serving multiple clients concurrently
  • Experience in regulated industries (healthcare, fintech, or public sector)

About Overnox

Overnox is an AI engineering and infrastructure consultancy. We help startups and enterprises securely adopt AI, automate operations, and scale cloud infrastructure with enterprise-grade engineering — building, securing, and operating production AI systems as one accountable senior team. Security-first, product-minded, no outsourcing.

What we offer

  • Fully remote — work from anywhere, with a few hours of overlap for collaboration
  • Competitive base plus meaningful equity in the company you're helping build
  • Senior-only team — real peers, no juniors to babysit, no offshore handoffs
  • Top-tier hardware and a generous learning, certification, and conference budget
  • Direct ownership of outcomes and a genuine say in how we build and operate
  • Region-appropriate health, time-off, and wellbeing support

Compensation

The listed range ($220k–$300k + equity) is a good-faith estimate. Final compensation is based on your experience, level, and location, and includes meaningful equity. We benchmark pay against the market and review it regularly.

Equal opportunity & accommodations

Overnox is an equal opportunity employer. We celebrate diversity and are committed to an inclusive environment for everyone. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, veteran status, or any other characteristic protected by applicable law.

If you need a reasonable accommodation at any point in the application or interview process, email hello@overnox.com and we'll work with you.

Apply for this role

Attach your resume and tell us why you're a fit.