Internal Auditor

This listing is synced directly from the company ATS.

Role Overview

This senior-level Internal Auditor role involves leading audit processes for frameworks like SOC 2 and ISO 27001, managing compliance platforms such as Vanta, and coordinating cross-functional teams to gather evidence and drive improvements. The hire will design scalable internal audit programs, document policies, and embed compliance into product development, significantly strengthening the company's governance and risk posture as it grows rapidly.

Perks & Benefits

The role is fully remote with a global team, offering a WeWork membership or co-working allowance, ESOP, a tech allowance for equipment, and 100% health insurance coverage for employees. It features flexible, async work with no time zone restrictions, an annual off-site for team connection, and a professional development allowance, fostering a fast-paced, open-source-first culture that values autonomy and growth.

Full Job Description

About Supabase

Supabase is the Postgres development platform built by developers, for developers. We’re building the best developer platform to power the next generation of software companies. As a fully remote, globally distributed team, we operate with high ownership, strong documentation, and asynchronous collaboration.

As we continue to scale our global go-to-market organization, we are investing in the financial and operational foundations that support growth, trust, and accuracy.

We're looking for an Internal Auditor to join our Security & Compliance team and help strengthen our governance, risk, and compliance posture as we scale. You'll work closely with engineering, product, security, and business teams across Supabase, leading audit processes and ensuring we maintain the highest standards of compliance.

This role is ideal for someone who thrives in async, fast-paced environments and is excited about building robust compliance programs in a rapidly growing, developer-focused company.

What You'll Be Responsible for

In this role, you'll:

Lead audit readiness and execution for SOC 2, ISO 27001, PCI DSS, and other compliance frameworks relevant to our customer base
Manage the compliance lifecycle in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous monitoring
Coordinate cross-functional audit activities with engineering, product, security, infrastructure, and support teams to gather evidence and remediate findings
Design and implement internal audit programs that scale with our rapid growth, identifying gaps and driving process improvements
Partner with external auditors to facilitate smooth audits and ensure timely completion of certifications
Document policies, procedures, and controls that align with industry standards and support our security-by-design approach
Build relationships across the organization to embed compliance thinking into product development and operational workflows
Track and report on compliance metrics, providing visibility to leadership on audit status, risk areas, and remediation progress

You Might Be a Good Fit If You

Have 5**+ years of experience** in internal audit, compliance, or GRC roles, ideally in fast-growth SaaS or cloud infrastructure companies
Are able to understand modern engineering practices and how they can be leveraged for compliance without hindering engineering agility/velocity
Have hands-on experience with SOC 2, ISO 27001, and PCI DSS audits—you've led or contributed to successful certifications
Are proficient with Vanta or similar GRC platforms (Drata, Secureframe, etc.) and comfortable leveraging automation for compliance
Can translate compliance requirements into practical, developer-friendly processes that don't slow down innovation
Communicate clearly across both technical and non-technical audiences—you can talk controls with engineers and risk with executives
Have experience in async or globally distributed teams—you're self-directed and know how to drive outcomes remotely
Are comfortable navigating ambiguity and moving quickly—you build the plane while flying it
Bring a pragmatic, risk-based mindset rather than checkbox compliance; you understand when to push for rigor and when to be flexible

What We Offer

Fully Remote
We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world.
ESOP
Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together.
Tech Allowance
Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work.
Health Benefits
Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us.
Annual Off-Sites
Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year.
Flexible Work
We operate asynchronously and trust you to manage your own time. You know what needs to be done and when.
Professional Development
Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth.

About the Team

Supabase was born-remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love.

280+ team members
55+ countries
20+ languages spoken
$500M raised
500,000+ community members

We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities.

Hiring Process

We keep things simple, async-friendly, and respectful of your time:

Apply – Our team will review your application.
Intro Call – A short video chat to get to know each other.
Interviews – Up to four calls with:
- Team Leads
- Future teammates
- Someone cross-functional from product, growth, or engineering (depending on the role)
- Someone from our leadership/founding team
Decision – We may follow up with a final question or go straight to offer.

All communication is remote and we aim to move fast.

Apply on original site

Similar jobs

Found 6 similar jobs

Multigres Deployment Engineer

Supabase • Remote

Strategic Customer Solutions Architect (EMEA)

Supabase • Remote

Strategic Customer Solutions Architect (APAC)

Supabase • Remote

Software Engineer (Go) - Auth

Supabase • Remote

GTM Engineer

Supabase • Remote

Software Engineer (Go) - Auth Product

Supabase • Remote

Supabase

supabase.com

Supabase is an open-source backend-as-a-service platform that provides developers with tools to quickly deploy and manage databases and APIs. It is designed to be an alternative to Firebase, offering a suite of backend services such as authentication, database management, and real-time subscriptions. Typical users include developers and companies looking to build scalable applications without managing complex backend infrastructure. Supabase supports a remote-first work culture, allowing team members to collaborate from anywhere in the world.

Industry

Software Development

Remote-first

77 open positions

About this company (remote-wise)

Headquarters:: San Francisco, California, USA
Typical working hours:: Roughly US business hours

View company profile →

About the job

Posted onFeb 27, 2026

LocationRemote

Skills

SOC 2ISO 27001PCI DSSVantaGRC platformsCompliance lifecycle managementCross-functional coordinationPolicy documentationRisk-based mindset

Share this job

💌 Get remote jobs in your inbox

Subscribe to get the latest curated remote jobs every week.