Internal Auditor

Overview

Supabase is the Postgres development platform built by developers, for developers.

We’re building the best developer platform to power the next generation of software companies.

As a fully remote, globally distributed team, we operate with high ownership, strong documentation, and asynchronous collaboration.

As we continue to scale our global go-to-market organization, we are investing in the financial and operational foundations that support growth, trust, and accuracy.

We're looking for an Internal Audi.tor to join our Security & Compliance team and help streng.then our governance, risk, and compliance posture as we scale.

You'll work closely with engineering, product, security, and business teams across Supabase, leading audit processes and ensuring we maintain the highest standards of compliance.

This role is ideal for someone who thrives in async, fast-paced environments and is excited

building robust compliance programs in a rapidly growing, developer-focused company.

WHAT YOU'LL BE RESPONSIBLE FOR In this role, you'll: - Lead audit readiness and execution for SOC 2, ISO 27001, PCI DSS, and o.ther compliance frameworks relevant to our cus.tomer base - Manage the compliance lifecycle in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous moni.toring - Coordinate cross-functional audit activities with engineering, product, security, infrastructure, and support teams to ga.ther evidence and remediate findings - Design and implement internal audit programs that scale with our rapid growth, identifying gaps and driving process improvements - Partner with external audi.tors to facilitate smooth audits and ensure timely completion of certifications - Document policies, procedures, and controls that align with industry standards and support our security-by-design approach - Build relationships across the organization to embed compliance thinking in.to product development and operational workflows - Track and report on compliance metrics, providing visibility to leadership on audit status, risk areas, and remediation progress YOU MIGHT BE A GOOD FIT IF YOU - Have 5**+ years of experience** in internal audit, compliance, or GRC roles, ideally in fast-growth SaaS or cloud infrastructure companies - Are able to understand modern engineering practices and how they can be leveraged for compliance without hindering engineering agility/velocity - Have hands-on experience with SOC 2, ISO 27001, and PCI DSS audits—you've led or contributed to successful certifications - Are proficient with Vanta or similar GRC platforms (Drata, Secureframe, etc.) and comfortable leveraging au.tomation for compliance - Can translate compliance requirements in.to practical, developer-friendly processes that don't slow down innovation - Communicate clearly across both technical and non-technical audiences—you can talk controls with engineers and risk with executives - Have experience in async or globally dist