Security and Compliance Engineer
About Hevo:
Hevo (www.hevodata.com) is a simple, intuitive, and powerful No-code Data Pipeline platform that enables companies to consolidate data from multiple software for faster analytics.
Hevo powers data analytics for 2000+ data-driven companies across multiple industry verticals, including Cult.fit, Postman, ThoughtSpot, Jawa Motorcycles. By automating complex data integration tasks, Hevo allows data teams to focus on deriving groundbreaking insights and driving their businesses forward.
Hevo’s mission is simple but bold: Build technology from India, for the world that is simple to adopt and easy to access so that everyone can unlock the potential of data.
Based in San Francisco and Bangalore, Hevo has seen exponential growth since its inception. With total funding of $42 million from Sequoia India, Qualgro, and Chiratae Ventures, Hevo is now entering a new phase of hyper-growth.
Hevoites are a bunch of thoughtful, helpful problem solvers who are obsessed with making a difference in the lives of their customers, colleagues, and their own individual trajectory. If you are someone who is passionate about redefining the future of technology, then Hevo is the place for you.
About the Role
As a Senior Compliance Engineer at Hevo, you will be the primary owner of our security compliance posture — ensuring that Hevo's infrastructure, engineering practices, and internal processes meet the highest standards of regulatory and framework compliance. This is a unique, high-visibility role sitting at the intersection of security engineering and compliance, working closely with Engineering, Product, Legal, and Customer-facing teams. You will not only maintain and evolve Hevo's existing compliance certifications but also proactively build the systems and culture that make compliance a continuous, scalable practice rather than a point-in-time exercise.
What You Will Own
Compliance Program Ownership
Own and manage Hevo's compliance certifications end-to-end — including SOC 2 Type II, ISO 27001, GDPR, and any other applicable frameworks — across audit cycles, evidence collection, and remediation
Lead internal readiness assessments and gap analyses against compliance frameworks; define and drive remediation roadmaps in partnership with Engineering and Infrastructure teams
Serve as the primary point of contact for external auditors, certification bodies, and customer security review teams
Respond to customer security questionnaires, due diligence requests, and vendor assessments with accuracy and speed
Security Engineering & Controls
Design, implement, and continuously improve security controls across Hevo's cloud infrastructure, access management, data handling, and software development lifecycle (SDLC)
Collaborate with DevOps and Engineering teams to embed security and compliance requirements into CI/CD pipelines, infrastructure-as-code, and deployment practices
Conduct regular security risk assessments, vulnerability reviews, and internal audits — prioritizing findings and driving resolution within defined timelines
Define and enforce policies around data classification, access controls, encryption, logging, monitoring, and incident response
Policy & Governance
Develop, maintain, and operationalize security policies, standards, and procedures aligned with industry frameworks and Hevo's risk appetite
Build and run a compliance awareness and training program across the organization — making security and compliance a shared responsibility
Establish and maintain a continuous compliance monitoring framework using GRC tooling and automation where possible
Track and report on compliance metrics, audit findings, and risk posture to leadership on a regular cadence
Cross-Functional Collaboration
Partner with Product and Engineering to assess compliance implications of new features, integrations, and infrastructure changes early in the development cycle
Work with the Legal and Finance teams on contractual obligations, data processing agreements (DPAs), and regulatory requirements across geographies
Support Sales and Customer Success in closing security-sensitive deals by providing timely, accurate responses to enterprise security reviews
What We Are Looking For
5–8 years of experience in security engineering, information security, or a compliance-focused engineering role
Hands-on experience owning SOC 2 Type II audits end-to-end — from scoping and evidence collection to audit management and remediation; ISO 27001 experience is a strong plus
Strong understanding of cloud security fundamentals — AWS, GCP, or Azure — including IAM, network security, encryption, and logging/monitoring best practices
Familiarity with GDPR, CCPA, and other data privacy regulations relevant to a SaaS data company
Experience with GRC platforms (e.g., Sprinto, Tugboat Logic, or equivalent) for continuous compliance monitoring
Solid grasp of secure SDLC practices, vulnerability management, and DevSecOps principles
Ability to translate complex compliance requirements into practical, implementable engineering controls
Experience responding to enterprise customer security questionnaires and participating in vendor risk assessments
Strong written communication skills — able to author policies, procedures, and audit evidence documentation with clarity and precision
Key Traits for Success
High ownership and accountability — you treat compliance as a product, not a checklist
Detail-oriented with a structured, process-driven approach
Ability to work cross-functionally and influence without authority — getting Engineering teams to prioritize compliance alongside feature work
Proactive risk-thinking — you anticipate gaps before auditors find them
Comfortable operating independently in a role with no direct peer — you define the playbook