About the role

Aplyr's Quick Take

This role is for an Internal Auditor focused on compliance and risk management at Supabase. You'll lead audit processes, work with various teams to ensure compliance with standards like SOC 2 and ISO 27001, and help build internal audit programs as the company grows. It's an individual contributor role that requires collaboration across departments.

Good fit

Ideal candidates have 5+ years in internal audit or compliance, preferably in a fast-paced SaaS environment. You should be comfortable with modern engineering practices and able to communicate effectively with technical teams.

Worth noting

The role emphasizes asynchronous work and high ownership, which may appeal to those who thrive in remote settings. The focus on embedding compliance into product development is a unique aspect that could lead to innovative approaches to governance.

About Supabase

Supabase is the Postgres development platform built by developers, for developers. We’re building the best developer platform to power the next generation of software companies. As a fully remote, globally distributed team, we operate with high ownership, strong documentation, and asynchronous collaboration.

As we continue to scale our global go-to-market organization, we are investing in the financial and operational foundations that support growth, trust, and accuracy.

We're looking for an Internal Auditor to join our Security & Compliance team and help strengthen our governance, risk, and compliance posture as we scale. You'll work closely with engineering, product, security, and business teams across Supabase, leading audit processes and ensuring we maintain the highest standards of compliance.

This role is ideal for someone who thrives in async, fast-paced environments and is excited about building robust compliance programs in a rapidly growing, developer-focused company.

What You'll Be Responsible for

In this role, you'll:

Lead audit readiness and execution for SOC 2, ISO 27001, PCI DSS, and other compliance frameworks relevant to our customer base
Manage the compliance lifecycle in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous monitoring
Coordinate cross-functional audit activities with engineering, product, security, infrastructure, and support teams to gather evidence and remediate findings
Design and implement internal audit programs that scale with our rapid growth, identifying gaps and driving process improvements
Partner with external auditors to facilitate smooth audits and ensure timely completion of certifications
Document policies, procedures, and controls that align with industry standards and support our security-by-design approach
Build relationships across the organization to embed compliance thinking into product development and operational workflows
Track and report on compliance metrics, providing visibility to leadership on audit status, risk areas, and remediation progress

You Might Be a Good Fit If You

Have 5**+ years of experience** in internal audit, compliance, or GRC roles, ideally in fast-growth SaaS or cloud infrastructure companies
Are able to understand modern engineering practices and how they can be leveraged for compliance without hindering engineering agility/velocity
Have hands-on experience with SOC 2, ISO 27001, and PCI DSS audits—you've led or contributed to successful certifications
Are proficient with Vanta or similar GRC platforms (Drata, Secureframe, etc.) and comfortable leveraging automation for compliance
Can translate compliance requirements into practical, developer-friendly processes that don't slow down innovation
Communicate clearly across both technical and non-technical audiences—you can talk controls with engineers and risk with executives
Have experience in async or globally distributed teams—you're self-directed and know how to drive outcomes remotely
Are comfortable navigating ambiguity and moving quickly—you build the plane while flying it
Bring a pragmatic, risk-based mindset rather than checkbox compliance; you understand when to push for rigor and when to be flexible

What We Offer

Fully Remote
We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world.
ESOP

Skills & Tags

go rust ai product design

Aplyr's read

Supabase is an open-source alternative to Firebase, attracting developers keen on efficient backend solutions with real-time capabilities and a strong community focus.
Synthesized from recent postings & public sources

What's promising

•Supabase offers a comprehensive backend solution, streamlining development processes for faster application building.
•The company is open-source, fostering a strong community and collaborative development environment.
•Supabase's real-time capabilities provide developers with dynamic data handling and synchronization.

What to watch

•Limited public information about Supabase's long-term financial sustainability and profitability.
•The company faces strong competition from established players like Firebase and AWS.
•Rapid growth may strain resources and impact customer support quality.

Why Supabase

•Supabase's open-source model differentiates it from proprietary backend solutions.
•Its focus on Postgres as a core database offers robust and reliable data management.
•Supabase's real-time subscription feature is a standout for dynamic application development.

Aplyr’s read is generated by AI from public sources. Was it useful?

About Supabase

Supabase

supabase.com

View company

Supabase is an open-source alternative to Firebase that provides developers with a complete backend solution, including a database, authentication, and real-time subscriptions. By simplifying the backend development process, Supabase empowers developers to build applications faster and more efficiently.