Head of Security & Governance Risk Compliance at RentSpree – Seattle, Washington

About RentSpree

RentSpree is the nation's leading home rental software. Our award-winning product suite simplifies the entire rental journey—from applications and screening to payments and lease management. Our mission is to bring transparency, efficiency, and trust to agents, landlords, and renters alike.

With over 4 million users, partnerships with 300+ leading real estate companies and MLS platforms, and nine years of consistent growth, RentSpree is at the forefront of proptech innovation. Our award-winning solutions deliver automation and real-time insights that make renting faster, easier, and more secure for our customers.

RentSpree is a proud Forbes' Best Startup Employer and we were also ranked one of BuiltIn Seattle’s Best Places to Work. As one of the fastest-growing property tech startups in the U.S., we’re looking for talented problem-solvers to contribute meaningful impact as we scale.

Head of Security & Governance Risk Compliance - Seattle, WA (hybrid) - paid relocation available

As the Head of Security & GRC, you will bridge the gap between rigorous compliance and high-velocity engineering. Reporting directly to the CTO, you will lead the strategy for protecting our cloud-native environment while automating our global compliance footprint. This is a technical leadership role focused on "Security-as-Code," moving away from manual audits toward a continuous, tool-driven defense posture.

This role is 2 days/week in-office in downtown Seattle.

What You'll Do

Strategic Initiative: The "Shift Left" Mandate

Integrated DevSecOps: Own the deep integration of Snyk directly into developer IDEs and CI/CD pipelines to catch vulnerabilities in code, not production.Automated Guardrails: Partner with Engineering to implement automated policy enforcement within GCP, ensuring insecure configurations are blocked at the PR stage.Compliance-as-Code: Leverage Drata APIs to automatically pull evidence from build logs and scan results.

Vendor Risk Management & Third-Party Oversight

Rather than periodic questionnaires, you will build a dynamic system to manage the security of our supply chain.

Automated Vendor Discovery: Use Drata to automatically identify new third-party sub-processors integrated into our stack and tier them based on data access and criticality.AI-Driven Security Reviews: Leverage the AI capabilities within Drata to ingest and analyze vendor SOC 2 reports and security certifications, instantly flagging gaps in their posture.Concentration Risk & Resilience: Map our dependency on critical infrastructure (SaaS, Cloud, API providers) and report to the CTO on systemic risks and contingency plans.Trust Center Management: Deploy the public-facing "Trust Center" to automate the sharing of our security posture with prospects, reducing the burden of manual security questionnaires on the sales and engineering teams.

Policy Governance & Regulatory Oversight

You will ensure our policies are actionable technical standards, not just legal text.

Living Policy Management: Use the Drata policy centers to maintain a unified set of security policies. You will ensure these policies are mapped directly to technical controls in GCP, Snyk.Automated Attestations: Streamline the employee acknowledgment process for security policies (AUP, Security Policy), ensuring 100% compliance through automated reminders and Slack/Teams integrations.Exception Lifecycle: Manage a transparent process for policy exceptions, ensuring they are time-bound, risk-rated, and visible to the CTO.Audit Readiness: Act as the primary technical lead for SOC 2 Type II and ISO 27001 audits, utilizing our GRC tools to provide auditors with real-time, "read-only" access to our control evidence.

Defense-in-Depth

Endpoint & Cloud Security: Oversee SentinelOne for 100% coverage of all assets.Identity & Social Defense: Manage our Anti-Phishing tool suite to protect the "human endpoint" and mitigate social engineering risks.Data Lifecycle & Privacy Governance: Define and automate data retention and deletion policies across our GCP databases. Work with Engineering to ensure PII discovery and classification are mapped within Drata to satisfy state regulations and CCPA requirements.Business Continuity & Disaster Recovery (BCDR): Lead the technical design and testing of our recovery strategies. You will ensure that backup integrity and failover procedures are not just documented in a policy, but technically verified and auditable through automated evidence.Security Telemetry & Metrics: Build high-fidelity dashboards that aggregate data from, Snyk, and SentinelOne. You will provide the CTO with a real-time "Security Scorecard" that tracks MTTR (Mean Time to Remediate) and control health.

Our job descriptions evolve with our business needs and priorities. In addition to the description above, your role may include additional tasks, projects and team support as needed.

Skills You Bring8+ years in Cybersecurity or Security Engineering, with significant experience in cloud-native environments.Automation-First: You prefer a script, an API, or a Terraform provider over a manual checklist.Strategic Communication: Ability to collaborate with the CTO to prioritize security debt against product features, communicating trade-offs with clarity.Qualities You Practice

These encompass our guiding principles and startup culture competencies:

Take full ownership and accountability: Drives projects from idea to execution, with pride, urgency, and a “do what it takes” mentality.Collaborate with clarity, candor, and respect: Communicate openly and courageously, offer and receive feedback well, and build trust through transparency and reliable partnership.Strive for excellence while staying humble: Driven with a bias for action, hold a high bar, think critically, and continuously look to improve.Bring a versatile, proactive mindset: Adapt to evolving needs, anticipate challenges, take initiative, be resourceful, and embrace opportunities to achieve high quality results.Innovate and learn fast: Experiment, learn from failure, and seek opportunities to introduce new methods or diverse ways of achieving results.Engage in healthy debate and commit as a team: Contribute ideas, challenge constructively, and align quickly for decisive action.AI is a core skill: Equip yourself to use AI in your daily workflow, boosting productivity, accelerating RentSpree’s growth, and building future-ready career skills in a world where AI literacy is essential.Why Join Us? Our Award-Winning Benefits & Culture

As a fast-growing startup, our culture is built on collaboration, curiosity, and the drive to build something meaningful together. From most comprehensive benefits starting on day one to an environment built on trust, respect, and belonging, we make sure our team feels supported every step of the way. Here’s what we offer:

Compensation: $250k - $280k baseEquity Options: Share in the value we’re creating—your work makes a real impact.Team-First Culture: Join a group of talented, supportive teammates who inspire each other to do their best work and celebrate every win.Learning & Development: Ongoing support for your growth through resources, coaching, and career development opportunities.Health Coverage: Comprehensive employee + dependent medical, dental, and vision insurance, as well as HSA/FSA options. Plus, enjoy additional health perks like access to Headspace Care+, gym membership discounts, and much more — because your well-being matters, inside and out.Plan for your future: Life, disability, and Simple IRA retirement plan with company match to support your future.Flexible Vacation Policy: We trust you to take the time you need to rest and recharge.Holidays: Enjoy 12 holidays throughout the year, as a part of our commitment to honoring culture, history, and time to recharge. Events: We make time to connect and celebrate through reimbursable weekly team lunches, game nights, events, and more, both in-person and remotely.Recognition Programs: Team members can recognize their peers with Sprees, which are redeemable for gift cards and/or donations to an organization of your choice, or nominate a colleague for a S.P.R.E.E. Award to spotlight above-and-beyond contributions, which may be rewarded with a spot bonus. Our Work Anniversary Program also honors employee milestones with personalized tokens of appreciation!Business Expense Allowance & Internet Reimbursement: Get the tools and support you need to do your best work.Parental Leave & Fertility Support: Inclusive benefits to support you and your family, wherever you are in life.Legal & tax benefits: We offer group legal benefits and tax support through RocketLawyer.Seattle HQ: If you’ll be working from our Seattle office, you’ll receive a company-sponsored Orca card to cover the cost of public transportation to and from the office! Ready to Build Something Big?

We’re a team of talented, kind, and supportive people who take ownership, move with urgency, and strive for excellence. If you’re ready to roll up your sleeves and take on exciting challenges, we’d love to hear from you, even if you don’t meet every requirement!

EEO Statement

RentSpree is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.

This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. RentSpree makes hiring decisions based solely on qualifications, merit, and business needs at the time.