United States onlyAbout Treeline
Treeline is building a comprehensive software stack to transform traditional Managed Service Providers — firms that handle ongoing IT, security, and a majority of software purchasing for small and mid-market businesses — into a software-defined model powered by automation and AI. Valued at more than $150 billion, the MSP market comprises 45,000 providers across the U.S. and Canada, serving the majority of SMB and mid-market enterprises. Founded by Stanford alumni with over a decade of experience in Silicon Valley, Treeline is backed by top VC firms.
We're a small, highly effective team that values impactful execution, modern tooling, and minimal bureaucracy. We prioritize making Treeline a truly enjoyable, long-term workplace — one where communication is open, politics are absent, and our team has the autonomy and support to tackle challenging problems.
Job summary
This is a dual-mandate role. Half of your job is building and owning Treeline's internal security and compliance program — maintaining our SOC 2 Type II posture, driving our ISO 27001 certification, and ensuring we operate at the standard we sell. The other half is delivering compliance outcomes directly for customers as the foundation of our growing Compliance-as-a-Service (CaaS) offering.
You'll be the person who knows how auditors think — because you've been one, worked alongside them, or spent years understanding exactly what they're looking for and why. You'll take that knowledge and use it to build frameworks from scratch, prepare customers for audits before the auditors arrive, and operate with credibility at every level of a customer organization — from a security engineer to a Series A CEO.
Responsibilities include
Build & own the foundation
- Own Treeline's compliance program end-to-end — controls, evidence collection, Vanta/Drata hygiene, and auditor coordination — driving from gap assessment through certification
- Build and maintain security policies, risk registers, vendor assessments, and ISMS documentation from the ground up
- Partner with engineering, GTM, operations, and our portfolio companies to embed security and compliance into how Treeline builds and delivers
- Serve as the internal point of contact for all compliance inquiries, customer security questionnaires, and audit requests
Deliver for customers
- Lead SOC 2 and ISO 27001 readiness engagements end-to-end — scoping, gap assessment, control implementation, and audit preparation
- Manage the audit partner relationship and coordinate penetration testing as part of a complete compliance delivery package
- Operate at every altitude: technical deep-dives with security engineers, roadmap presentations with founders and key stakeholders
- Independently project manage multiple concurrent customer engagements — nothing slips, nothing waits on someone else
Build the machine
- Help build and grow Treeline's Compliance-as-a-Service offering into a repeatable, revenue-generating product line
- Define the frameworks, scoping standards, and customer-facing artifacts that make compliance delivery scalable — so every engagement gets better, not just bigger
- Feed what you learn in the field directly back into the platform — your customer work is upstream of product decisions, not downstream of them
What you bring
- 5–8+ years in compliance, security, or risk — with meaningful time at or alongside an audit or advisory firm (SOC 2 audit shop, Big 4 risk practice, compliance consultancy)
- Personally run SOC 2 and ISO readiness projects end-to-end, not just supported them — you know what auditors will ask before they ask it
- Hands-on experience building compliance frameworks from scratch, not just maintaining established programs
- Deep familiarity with SOC 2 and ISO 27001; FedRAMP familiarity a plus
- Vanta or Drata experience strongly preferred — you know the platform, not just the concept
- Exceptional project management discipline — you can carry multiple engagements simultaneously and nothing slips
- Customer-facing communication skills that work at every level — as comfortable with a CISO as with a 5-person founding team
- Energized by building programs from scratch — blank-page problems don't intimidate you, they motivate you
- You want compliance to be a business driver, not a checkbox — and you know how to make that case
- US-based, available to travel occasionally to customer sites as the program scales
Location: San Francisco, Los Angeles, Austin, or Remote
Benefits
- Founding equity at an a16z-backed company transforming a $200B+ market — you're joining at the inflection point, not after it
- Your work directly informs what Treeline's engineering team builds into the platform — you're upstream of product decisions, not downstream
- Direct partnership with Engineering and leadership; no layers, no ticket queues for your own ideas
- A team that values execution over hierarchy — small, collaborative, and genuinely building something new in a market that hasn't seen real innovation in decades
- Competitive base salary + equity
- Comprehensive health, dental, and vision coverage
- Flexible PTO and remote-first work environment
