Security and Privacy Lead

About the company Braintrust is the AI observability platform. By connecting evals and observability in one workflow, Braintrust gives builders the visibility to understand how AI behaves in production and the tools to improve it. Teams at Notion, Stripe, Zapier, Vercel, and Ramp use Braintrust to compare models, test prompts, and catch regressions — turning production data into better AI with every release. About the Role We’re looking for a Security and Privacy Lead to own our security and compliance programs as we scale. This is a foundational role: you’ll be the company’s primary owner of security and privacy policies, certifications, and customer trust. You’ll partner closely with engineering, legal, and operations teams to ensure Braintrust meets the expectations of enterprise customers and regulators alike. You’ll manage our security compliance initiatives (including SOC 2), lead vendor and customer security reviews, monitor compliance tools like Vanta, and drive a culture of security and privacy-by-design across the company. What You’ll Do • Implement and maintain company-wide security and privacy policies. • Manage Braintrust’s compliance certifications (SOC 2 and others as needed). • Partner with legal and operations to ensure alignment with GDPR, CCPA, and global data protection standards. • Lead responses to customer security and privacy inquiries. • Oversee continuous security monitoring tools (e.g., Vanta) and coordinate remediation. • Conduct periodic risk assessments and support penetration testing and vendor audits. • Establish metrics, dashboards, and reporting to track security posture. • Own the incident response process and ensure clear communication across teams. • Advise on access management, encryption standards, and data retention practices. • Serve as the primary point of contact for internal and external data privacy and security matters. • Support teams during enterprise due diligence and procurement processes. What We’re Looking For • 6+ years of experience in information security, privacy, or compliance roles at a fast-growing startup. • Experience with frameworks such as SOC 2, ISO 27001, and GDPR. • Familiarity with monitoring and compliance tools (e.g., Vanta, Drata, or similar). • Strong understanding of enterprise customer security expectations and documentation. • Excellent written and verbal communication skills; ability to simplify complex topics for diverse audiences. • A proactive, ownership-oriented mindset - you thrive in fast-paced environments, enjoy building processes from the ground up, and enjoy wearing multiple hats. Benefits include • Medical, dental, and vision insurance • 401k plan • Daily lunch, snacks, and beverages • Flexible time off • Competitive salary and equity • AI Stipend Equal opportunity Braintrust is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. Apply tot his job