All positions

Security and Engineering Compliance Manager

Apply Now
Remote - North America

We are the first serverless database platform designed specifically with the developer in mind. Our products are loved by developers, builders, scalers, and creators alike. We harness the power of open source allowing unlimited scaling. No one else combines scalability and the developer experience like we do.

The database market is the most sought after in the VC space and is projected to be a $60 billion business by the end of 2022. The pace of innovation is mind-blowing. The opportunity is massive.

Created by the people who built the infrastructure at Twitter, Instagram, GitHub, and Slack. PlanetScale is a series C start-up with over $100 million in funding raised; and backed by leading VC companies like a16z, SignalFire, Insight Partners, and Kleiner Perkins.

We are just getting started!

Why PlanetScale Security?

PlanetScale’s Security team is responsible for our corporate Information Security Program. The goal of the program is to reduce risks in our systems, and to establish trust in our product offerings, features, and cloud services. Our work is focused on both our internal employees and our external customers/partners. Our Information Security program is being established and built as we go. With this comes a high level of autonomy and the opportunity to be seen as a true subject matter expert. 

Job Summary

Our Security and Compliance Manager will be a thought leader, consultant, and subject matter expert. This role will collaborate across the organization in the development, implementation, and regular assessment of our security, privacy, and compliance practices (PCI DSS, COSO, or NIST). You will coordinate efforts for audits, responses, and overall improvements. This will be an intellectually challenging position with a high level of ambiguity and complex problem solving. 

What’s the job to be done?

  • Establish corporate policies, procedures, and best practices regarding security, compliance, and privacy.
  • Establish, track, and report key performance indicators to your stakeholders on a regular basis.
  • Be the main point of contact for Security/IT for audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and interviews
  • Work collaboratively with internal teams (IT, Engineering, Legal, and People) to identify, manage, and implement solutions related to privacy, data protection risks, and compliance requirements to help meet stakeholder expectations
  • Prepare, review and approve assessment reports.
  • Provide leadership and guidance to key stakeholders on questions or issues related to security, privacy, and compliance. 
  • Continuous professional development in order to stay abreast of any changes to compliance and legal requirements.
  • Understand our business needs and partner with internal customers, cross-functional teams, and third parties to find creative solutions to complex problems.
  • Leverage knowledge of industry standards and best practices to assess the current state of security and compliance risks, identify areas of exposure, and address the gaps by implementing remediating controls
  • Prioritize improvements and conduct compliance projects to reduce risk and improve regulatory compliance

These attributes best describe you…

  • This position is ideal for a builder, or self-starter interested in working at a high-tech startup, who recognizes the opportunity for exposure
  • You are highly organized and able to operate in ambiguous or changing situations
  • You thrive in an environment of cross-department collaboration.
  • You exhibit an entrepreneurial mindset, and start-up/dive-right-in mentality with a positive, go-getter attitude.
  • You have a passion to lead programs that directly impact and enable our organization to drive higher levels of success.
  • You want to work in a fast-moving rocketship, own and design programs, and make a significant impact on the success of the business.
  • You challenge the status quo while building strong relationships

What you will need

  • Minimum of five years experience in a role focused on security, privacy, and/or compliance.
  • Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance and privacy related concepts to a broad range of technical and non-technical stakeholders
  • Successful experience working, collaborating, and establishing credibility and relationships with senior leadership, colleagues, and customers
  • Demonstrated success working with external auditors, outside consultants, and legal affairs
  • Experience or knowledge of security risk assessments and Gap Analysis
  • Experience with PCI DSS and one or more IT security compliance frameworks, such as HITRUST, NIST CSF, or COSO
  • Experience performing IT security risk assessments and gap analysis
  • Experience preparing and presenting and reporting to a broad range of stakeholders
  • Experience and knowledge of cloud space (AWS, Azure, GCP)
  • Certified Information Systems Security Professional (CISSP) preferred (CISA, or CISM)
  • Ability to build high-trust relationships and credibility quickly

What else will help you be successful

  • Experience working in a remote organization
  • Basic knowledge of open source development and communities 
  • Exposure to relational databases and software development
  • Recent experience as an auditor particularly as a PCI-QSA


At PlanetScale we believe in supporting people to do their best work and thrive no matter the location. Our mission is to build a diverse, equitable, and inclusive company. We strive to build an inclusive environment where all people feel that they are equally respected and valued, whether they are a candidate or an employee. We welcome applicants of any educational background, gender identity and expression, sexual orientation, religion, ethnicity, age, citizenship, socioeconomic status, disability, pregnancy status, and veteran status.

If you need any accommodations, please inform our Talent Acquisition team upon initial contact. We are happy to accommodate!




Perks at PlanetScale

Work with top tier teammates around the globe
Competitive salary & equity
Unlimited PTO

Apply to Security and Engineering Compliance Manager

Upload(No file uploaded)
(.doc, .docx, .pdf, .txt, .rtf)
Upload(No file uploaded)
(.doc, .docx, .pdf, .txt, .rtf)
Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in PlanetScale’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race and Ethnic Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305
OMB Control Number 1250-0005
Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.