Job Description

About the Role
Internal Auditor
Location
Remote
Employment Type
Full time
Location Type
Remote
Department
Operations
We're looking for an
Internal Auditor
to join our
Security & Compliance team
and help strengthen our governance, risk, and compliance posture as we scale. You'll work closely with engineering, product, security, and business teams across Supabase, leading audit processes and ensuring we maintain the highest standards of compliance.
This role is ideal for someone who thrives in async, fast-paced environments and is excited about building robust compliance programs in a rapidly growing, developer-focused company.
What You'll Be Responsible for
In this role, you'll:
Lead audit readiness and execution
for SOC 2, ISO 27001, PCI DSS, and other compliance frameworks relevant to our customer base
Manage the compliance lifecycle
in a compliance platfom (such as Vanta, Drata etc) including evidence collection, control mapping, and continuous monitoring
Coordinate cross-functional audit activities
with engineering, product, security, infrastructure, and support teams to gather evidence and remediate findings
Design and implement internal audit programs
that scale with our rapid growth, identifying gaps and driving process improvements
Partner with external auditors
to facilitate smooth audits and ensure timely completion of certifications
Document policies, procedures, and controls
that align with industry standards and support our security-by-design approach
Build relationships across the organization
to embed compliance thinking into product development and operational workflows
Track and report on compliance metrics
, providing visibility to leadership on audit status, risk areas, and remediation progress
You Might Be a Good Fit If You
Have 5**+ years of experience** in internal audit, compliance, or GRC roles, ideally in fast-growth SaaS or cloud infrastructure companies
Are able to
understand modern engineering practices
and how they can be leveraged for compliance without hindering engineering agility/velocity
Have
hands-on experience
with SOC 2, ISO 27001, and PCI DSS audits—you've led or contributed to successful certifications
Are
proficient with Vanta
or similar GRC platforms (Drata, Secureframe, etc.) and comfortable leveraging automation for compliance
Can
translate compliance requirements
into practical, developer-friendly processes that don't slow down innovation
Communicate clearly across both technical and non-technical audiences—you can talk controls with engineers and risk with executives
Have experience in
async or globally distributed teams
—you're self-directed and know how to drive outcomes
remote
ly
Are comfortable
navigating ambiguity and moving quickly
—you build the plane while flying it
Bring a
pragmatic, risk-based mindset
rather than checkbox compliance; you understand when to push for rigor and when to be
flex
ible
What We Offer
Fully
Remote
We hire globally. We believe you can do your best work from
anywhere
. There are no Supabase
office
s, but we provide a WeWork membership or co-working allowance you can use
anywhere
in the world.
ESOP
Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together.
Tech Allowance
Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work.
Health Benefits
Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us.
Annual Off-Sites
Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year.
Flex
ible Work
We operate asynchronously and trust you to manage your own time. You know what needs to be done and when.
Professional Development
Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth.
About the Team
Supabase was born-
remote
and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love.
180+ team members
40+ countries
15+ languages spoken
$496M raised
430,000+ community members
30,000+ memes posted (and counting)
We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities.
Hiring Process
We keep things simple, async-friendly, and respectful of your time:
Apply – Our team will review your application.
Intro Call – A short video chat to get to know each other.
Interviews – Up to four calls with:
Founders
Future teammates
Someone cross-functional from product, growth, or engineering (depending on the role)
Decision – We may follow up with a final question or go straight to offer.
All communication is
remote
and we aim to move fast.