Upwind is a place where opportunities happen
At Upwind, we are a team of hands-on, problem solvers and doers. We believe in empowering organizations to run their cloud environments securely and efficiently to accelerate their businesses.
Working at Upwind is an exhilarating journey of innovation and growth. Every day presents new challenges and opportunities that fuel my passion and drive. In this dynamic environment, I’ve collaborated with talented individuals who value inclusion and embrace different perspectives.”
Being an Upwinder
We are Driven by Customers
We listen closely to understand our customers’ deepest pain points, working backwards to deliver easy-to-use, innovative solutions that not only meet immediate needs, but anticipate future ones.
We prioritize long-term relationships and value over short term outcomes, striving to exceed expectations and reinforce our customers’ trust in Upwind.
We value speed
We make decisions swiftly, recognizing many can be reversed or refined.
We believe in failing fast, and aren’t afraid to change course when necessary. With a bias for action we take calculated risks – even in the face of uncertainty – knowing that urgency drives momentum and propels us forward.
Speed doesn’t just get us there faster; it lets us adapt quickly and build on each step with what we learn.
We Improve Every Day
We believe in the power of incremental progress: every day, every meeting, and every decision is an opportunity to improve.
Committing to getting 1% better with each cycle creates compounding gains, allowing us to build products that are 10x better over time.
Improvement doesn’t stop with delivery; we follow up, adapt, and refine to ensure every outcome evolves towards excellence.
We Take Ownership
We get the job done and never assume that someone else will do it.
When things aren’t going right, we take responsibility and step in to fix it. No task is beneath us, and “it’s not my job” isn’t in our vocabulary.
As owners, we stay aligned with the bigger picture for Upwind, communicating efficiently, giving constructive feedback, and proactively escalating issues to keep everyone moving forward together.
We are Resourceful and Resilient
We create our own reality, accomplishing more with less by leaning on creative problem-solving & adaptability.
When we face constraints and the path forward isn’t clear, we find ways to make it work without sacrificing quality or our commitment to high standards.
We see setbacks as new opportunities to innovate, moving forward stronger and better prepared.
We Lead with Humility
We approach every interaction with humility, respecting and learning from others.
We hold ourselves accountable, publicly owning mistakes and using them as stepping stones for growth.
Integrity guides us to act in the best interests of the team, fostering a culture of trust, shared purpose, and mutual growth.
As a UI/UX designer, I enjoy creating user-friendly experiences that deliver innovative technology. It’s empowering to be part of a company that values inclusion and embraces unique perspectives in the cybersecurity industry.”
Upwind is a place where diversity of thought is encouraged and accepted. My ideas are valued, my voice is heard, and my potential is realized. We are shaping the future of cloud security.”
Open positions
GRC Analyst
About The Position
Upwind is a next-generation Cloud Security Platform that leverages runtime context to identify and prioritize critical risks, providing precise insights and efficient cloud security management. Unlike traditional tools, Upwind uses runtime data proactively for risk prioritization and posture insights, ensuring teams focus on what truly matters. With industry-leading efficiency and eBPF-powered sensors, Upwind delivers comprehensive capabilities, including agentless cloud posture discovery, real-time threat protection, and integrated API security. From misconfigurations to malware defense, Upwind ensures end-to-end, cost-effective cloud infrastructure protection. At Upwind, you’ll have the opportunity to think creatively, explore new ideas, and use your skills to make a meaningful impact on our growth.
Upwind Security is seeking a highly motivated GRC (Governance, Risk, and Compliance) Analyst to join our growing Security & Compliance team. In this role, you will be responsible for supporting the implementation, operation, and continuous improvement of our GRC framework. You will help ensure our organization’s policies, procedures, and controls align with regulatory requirements and industry best practices.
Responsibilities
- Governance: Develop, maintain, and socialize security policies, standards, and procedures aligned with ISO 27001, SOC 2, GDPR, FedRamp and other frameworks.
- Risk Management: Lead the enterprise, product, and vendor risk management programs—including risk assessments, mitigation plans, and risk registers.
- Compliance Readiness: Own and drive security compliance initiatives such as SOC 2 Type II, ISO 27001, and customer audits.
- Third-Party Risk: Build and operate a third-party security review program; work with Procurement and Legal on vendor onboarding and offboarding.
- Audit & Assurance: Prepare evidence, manage internal and external audits, and continuously improve audit readiness posture.
- Training & Awareness: Run the company-wide security awareness and training programs.
- Metrics & Reporting: Develop KPIs and reporting dashboards to track control effectiveness and risk posture for leadership and board-level communication.
- Collaboration: Partner with Legal, Engineering, Product, and IT to ensure compliance is embedded across business processes.
Requirements
- 8+ years of experience in GRC, InfoSec, or risk & compliance functions
- Strong understanding of industry standards and frameworks (e.g., SOC 2, ISO 27001, PCI, NIST, GDPR, CIS)
- Experience leading compliance projects and audits end-to-end
- Hands-on experience with GRC tooling and risk management workflows
- Ability to write and communicate security policies, reports, and training in clear, accessible language
- Strong project management skills and stakeholder engagement ability
- Prior experience in a fast-paced startup or SaaS environment - a plus
- Relevant certifications: CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor - a plus
