Head of Trust & Compliance

Ask any employee to explain their benefits, and you'll likely get a confused shrug. Ask any HR leader if their benefits investment is working, and you’ll get an honest "I don't know." For employees, benefits are confusing and overwhelming. For HR and finance leaders, benefits are the second-largest expense, but they lack the visibility to know what’s working and what’s wasted.

At Avante, we’re changing that. We’re the first AI-native benefits platform built to turn benefits complexity into clarity. For employees, Avante acts like a personal guide, making benefits simple to understand and use. For leaders, Avante unifies fragmented data and delivers real-time insights so they can improve programs, control costs, and prove ROI.

We’re based in Seattle and work 4 days a week in the office (one day remote), we’re growing quickly, and are looking for our first dedicated Head of Trust & Compliance. You’ll own our security and compliance programs end-to-end — from maintaining our SOC 2 Type II certification and driving ISO 27001 to navigating the privacy and regulatory landscape that comes with handling sensitive health and benefits data for enterprise customers across the globe.

This is a foundational role for someone who thrives as a builder, not just an operator, and wants to shape how a fast-growing company earns and keeps the trust of its customers.

• Own and evolve our compliance programs — SOC 2 Type II, HIPAA, ISO 27001, and more, reporting directly to the CTO
• Lead customer security reviews, including questionnaires, assessments, and security calls that are a critical part of our enterprise sales cycle
• Manage our privacy and data protection posture, including DPAs, cross-border data transfer requirements, and international regulatory considerations (GDPR, CCPA, and beyond)
• Maintain and improve our security policies, standards, and procedures, keeping them current and audit-ready
• Own third‑party and vendor risk management — evaluate sub-processors, manage vendor security reviews, and maintain our vendor inventory
• Drive risk assessment and management, maintaining a risk register and working cross‑functionally to prioritize and remediate findings
• Partner with engineering to ensure security is embedded in our development lifecycle without slowing the team down
• Build and run our security awareness training program
• Manage relationships with external auditors, penetration testers, and security consultants
• Stay current on evolving regulations affecting AI systems, health data, and benefits technology

• 5‑8+ years of experience in security, compliance, or GRC, with meaningful time at a startup or growth‑stage SaaS company
• Demonstrated experience building or scaling a compliance program (SOC 2, ISO 27001, HIPAA) — not just maintaining one someone else built
• Strong understanding of data privacy frameworks (GDPR, CCPA/CPRA) and practical experience with DPAs, SCCs, and cross‑border data transfer mechanisms
• Experience with healthcare or HR data and a solid grasp of HIPAA requirements
• Ability to operate independently as a senior individual contributor — you’ll be the first dedicated hire in this function
• Excellent communication skills, especially the ability to translate security and compliance topics for non‑technical audiences, customers, and executives
• Comfort working directly with enterprise customers on security reviews and sales enablement
• Flexibility and willingness to wear many hats and help out wherever it is needed

• Early stage startup experience
• Experience with AI governance, responsible AI frameworks, or the emerging AI regulatory landscape (EU AI Act, etc.)
• Familiarity with cloud‑native architectures (Azure, Kubernetes) and their security implications
• Experience with compliance automation platforms (Vanta, Drata, or similar)
• CISSP, CISM, CCSP, or similar certifications
• Background in or exposure to insurance, benefits, or health tech
• Experience managing external penetration tests and translating findings into remediation plans

• Beat Yesterday – Continuous improvement, innovation, and growth
• Embrace Type 2 Fun – Resilience and positivity in the face of…