Head of Compliance & GRC

Head of Compliance & GRC

About Nametag

Nametag is building the future of secure digital identity. Our mission is to make it easy for people and organizations to prove who they are online - safely and seamlessly. We’re pioneering next-generation identity verification and account protection so that users can control their own identity, and companies can build trust without friction.

The Role

Nametag is seeking an experienced Compliance & GRC leader to own and evolve our security and compliance program. This role is ideal for someone who thrives in a fast-paced startup environment, has deep experience with SOC 2 and other compliance frameworks, and is comfortable building and running programs with limited resources. You'll report directly to the Head of Engineering and partner closely with the engineering team to ensure security is built into everything we do.

Responsibilities

As the Head of Compliance & GRC, you will own the entire security and compliance function - maintaining our existing certifications, driving new compliance initiatives, coordinating penetration tests, and building trust with customers and prospects. This is a hands-on leadership role where you'll be the team initially, with a clear path to building and leading a team as Nametag scales. You'll work closely with engineering, product, sales, and customer success to ensure security enables the business rather than blocking it.

What You’ll Do

• Compliance Program Management

+ Own and maintain SOC 2 Type II certification, including evidence collection, control monitoring, and audit coordination + Drive IAL3 compliance readiness and implementation + Manage accessibility compliance (WCAG) requirements + Identify and pursue additional certifications as needed based on customer and market requirements

• Security Operations

+ Coordinate penetration testing cycles and drive remediation with engineering + Maintain a living view of organizational risk and surface it to leadership + Develop and maintain security policies, procedures, and controls + Respond to security incidents with speed and clarity

• Customer Trust

+ Respond to customer security questionnaires promptly and accurately + Support sales in security-sensitive enterprise deals + Maintain public-facing trust documentation + Participate in customer security calls and reviews as needed

• Cross-Functional Partnership

+ Partner with engineering to build security into the development process + Provide clear security guidance and timely reviews so teams can ship with confidence + Collaborate with product on security and accessibility requirements