LiveKit is revolutionizing the AI landscape by providing the network infrastructure that powers multimodal AI interfaces, enabling seamless audio and visual interactions. Founded in 2021, LiveKit has rapidly grown to support over 3 billion calls annually, 200,000+ developers globally, and industry leaders like OpenAI, Salesforce, Spotify, and Meta.
We are a company of builders creating software stacks for other builders. Our infrastructure underpins products that must be secure, reliable, and compliant from day one.
obsess with crafting code that is fast, reliable and practical for the problem
are known as the go-to person for tackling tough technical problems
work hard and can build and ship fast
can clearly explain complex technical concepts to others
are a fast learner, frequently picking up new languages and tools
The best way to impress us is with thoughtful Issues and/or PRs on our Github repos 😊
We are hiring a Security Compliance Specialist to own our compliance function end-to-end and bring structure to a landscape that has been shared across multiple teams so far. This role is focused on GRC and compliance operations.
You will:
Lead and mature LiveKit’s security and privacy compliance programs (SOC 2, HIPAA, GDPR, ISO 27001, PCI DSS).
Own the day-to-day operations of our compliance workflows, from evidence collection to endpoint and access hygiene.
Partner closely with Security and IT Engineers who own architecture, segmentation, logging, and technical controls, while you focus on controls design, documentation, governance, and audits.
This is an individual contributor role with significant ownership and the ability to grow with the business as we scale our certification footprint and enterprise customer base.
Security Compliance and Governance
Own our security and privacy compliance programs across frameworks such as SOC 2, HIPAA, GDPR, ISO 27001, and PCI DSS, and help prepare the organization for future frameworks.
Translate regulatory and framework requirements into clear, pragmatic controls that fit LiveKit’s engineering culture and infrastructure.
Build and maintain the compliance roadmap and calendar, including audits, renewals, evidence collection cycles, and internal reviews.
Lead customer and third-party security questionnaires, DDQs, and compliance reviews, partnering with Sales, Legal, and Engineering to respond efficiently and consistently.
Maintain and continuously improve our policy set, including access control, asset management, vendor risk, incident response, and related governance documents.
Track and report on compliance health, gaps, and remediation progress to leadership.
Identify operational gaps and lead projects to close them, such as new approval flows, access reviews, or better documentation of data flows and responsibilities.
Cross-Functional Partnership and Risk Management
Act as the primary point of contact for external auditors, assessors, and compliance vendors, coordinating walkthroughs, evidence requests, and responses.
Partner with the Security Engineer and infra team on:
Scoping and documenting systems, data flows, and segmentation decisions for PCI and other frameworks.
Ensuring technical controls (EDR, FIM, logging, vulnerability management) are mapped to compliance requirements, while keeping technical ownership with engineering.
Work with GTM teams and leadership to champion compliance as a business enabler, helping unlock deals and maintain customer trust.
Advise on risk, surface critical issues early, and drive remediation projects to completion with clear owners, timelines, and success criteria.
5+ years of experience in security compliance, GRC, or a closely related function, ideally with experience at a startup or in an early-stage environment.
Deep familiarity with at least several of: SOC 2, HIPAA, GDPR, ISO 27001, PCI DSS, and an interest in newer or more advanced regimes.
Demonstrated experience running audits end to end: planning, evidence, walkthroughs, findings, and remediation.
Strong project management skills: you can juggle multiple frameworks, vendors, and internal stakeholders and keep everything moving without micromanagement.
Excellent written and verbal communication skills. You can explain complex requirements in clear, approachable language and adapt your message to engineers, leadership, and customers.
Bonus points for:
Strong foundations in technical concepts: you are comfortable talking about infrastructure, logs, endpoints, identities, and segmentation even if you are not the one writing production code.
Opinions about building efficient, low-friction, high-signal IT and compliance processes in a remote-first company.
Experience writing code in personal or professional contexts (for example scripting, automation, or light development), even if you are not a full-time engineer.
Prior experience supporting PCI, healthcare, or other highly regulated environments.
The opportunity to build a foundational compliance function at a company that is defining how AI-powered applications are built
A chance to shape how security, compliance, and IT work together from the ground up, in partnership with engineering and leadership
Competitive salary and equity package
Health, dental, and vision benefits
Flexible vacation policy