• Review all commits/PRs merged to dev since last release — read diffs, check for red flags (missing tests, hardcoded secrets, env/config changes, incomplete migrations) • Fix issues directly — open remediation PRs for problems found (missing test coverage, lint issues, config mistakes, documentation gaps). The lead dev reviews and merges these the next day. • Once dev is clean, cut and merge the release into main and tag it. • Write release notes and post a nightly summary. • Adapt the release cadence to the team's needs — during demo sprints or crunch periods, coordinate with the lead dev on whether to hold the main merge, cherry-pick critical fixes only, or batch releases. • Triage and organize Linear issues — ensure tickets have clear descriptions, acceptance criteria, and correct priority/status. • Keep project documentation current — architecture docs, runbooks, onboarding guides. • Track progress across active workstreams and flag blockers or dependencies. • Coordinate across contributors — make sure people aren't duplicating work or blocked on each other. • Maintain the roadmap view — what shipped this week, what's in flight, what's next. • Organize and clean up stale tickets, close completed work, link related issues. • Deliver weekly status updates to the lead dev — what's done, what's at risk, what needs a decision. • Run regular syncs with the deployment team — track progress on infrastructure (IaC, Key Vault, networking), CI/CD pipeline hardening, and security tasks (JWT expiry reduction, encrypted storage, managed identity migration, direct Entra ID integration). • Ensure deployment team deliverables meet SOC 2 evidence requirements — the work they ship needs to produce auditable artifacts, not just working code. • Unblock the team — flag dependency conflicts, missing access, unclear requirements before they become delays. • Execute the recurring evidence collection calendar — quarterly screenshots of Azure IAM roles, Entra ID MFA settings, GitHub org access, Key Vault RBAC, Dependabot alerts, Defender scores, merged PR examples. • Collect signed DPAs from subprocessors and file vendor SOC 2 reports • Build and maintain the formal risk register • Minor policy edits and updates as needed — we have 24 security policies drafted; you'll review, flag gaps, and make light edits, not write from scratch • Evaluate and onboard a SOC 2 compliance platform (Vanta, Drata, or Secureframe) — this is the critical path blocker for starting the observation window • Set up onboarding/offboarding security checklists and establish the quarterly access review process • Coordinate penetration testing engagement (scope, vendor selection, scheduling) • Regular async updates to the lead dev — surface blockers, decisions needed, and progress against the SOC 2 timeline. Don't wait for syncs to flag issues.

• Providing consulting services for Sia’s clients in the life sciences and healthcare industries, including but not limited to: Provide tactical support for day-to-day project activities such as meeting minutes, action tracking/follow-up, decision tracking, etc. • Actively contribute to project management deliverables (reports, dashboards, etc.) and routine updates (schedule, budget, risk), typically preparing initial drafts. • Build and maintain detailed predecessor-driven project schedules (Gantt charts, integrated timelines) utilizing scheduling tools/software (e.g., MS Project, Smartsheet, Planisware, Primavera, or equivalent). • Provide clear and timely schedule updates, variance analyses, and risk assessments to project leaders and stakeholders to ensure project schedules remain aligned with project strategy, portfolio priorities, and key decision gates (e.g., regulatory submissions, health authority interactions). • Coordinate across project functional areas and personnel as required to ensure the progress of project activities. • Support the building and management of a team representing various functions and sites, including the management of multiple projects and teams across multiple locations. • Demonstrate and foster excellent teamwork, with the ability to navigate within multidisciplinary teams. • Balance project demands to support alignment/realignment of Budget, Quality, Timeline, and Scope, as needed. • Support product development meetings, and make sure all Project Leaders, and/or subteam leaders, have all information and support needed to implement the project. • Focus on customer service, with agility and clear communication. • Adhere to Sia quality standards regarding client deliverables.

• Lead daily standups and team coordination • Translate requirements into clear, actionable tasks (ClickUp) • Maintain documentation and ensure delivery timelines • Collaborate with stakeholders across a remote, global team • Contribute to Ruby on Rails codebase (bug fixes, improvements) • Optimize PostgreSQL queries and data handling (JSONB) • Troubleshoot and resolve production issues • Own roadmap for data ingestion and processing • Ensure accurate mapping of new data sources • Monitor Sidekiq queues and job processing • Identify and resolve bottlenecks in data pipelines • Maintain high-quality, client-ready outputs (especially for law firms)

Role Description We're a fast-moving early-stage product team shipping 2-5 PRs/day across a TypeScript monorepo (NestJS + Next.js + Electron + React Native). We need two full-time generalists who together own three workstreams: - Nightly release gate — review the day's code, fix issues directly, cut releases into main - Project coordination — keep docs, tasks, and priorities organized so the dev team stays focused on building - SOC 2 readiness (first 2 months) — coordinate with our deployment team to ensure security hardening and compliance deliverables land on time This role is the SOC 2 segregation-of-duties control between development and production, and the connective tissue that keeps the project from accumulating chaos. Two people ensures coverage across time zones, no single point of failure on releases, and enough bandwidth to run compliance and coordination in parallel. About the Role: - Review all commits/PRs merged to dev since last release — read diffs, check for red flags (missing tests, hardcoded secrets, env/config changes, incomplete migrations) - Fix issues directly — open remediation PRs for problems found (missing test coverage, lint issues, config mistakes, documentation gaps). The lead dev (Liezl) reviews and merges these the next day. - Once dev is clean, cut and merge the release into main and tag it. - Write release notes and post a nightly summary. - Adapt the release cadence to the team's needs — during demo sprints or crunch periods, coordinate with the lead dev on whether to hold the main merge, cherry-pick critical fixes only, or batch releases. - Triage and organize Linear issues — ensure tickets have clear descriptions, acceptance criteria, and correct priority/status. - Keep project documentation current — architecture docs, runbooks, onboarding guides. - Track progress across active workstreams and flag blockers or dependencies. - Coordinate across contributors — make sure people aren't duplicating work or blocked on each other. - Maintain the roadmap view — what shipped this week, what's in flight, what's next. - Organize and clean up stale tickets, close completed work, link related issues. - Deliver weekly status updates to the lead dev — what's done, what's at risk, what needs a decision. - Run regular syncs with the deployment team — track progress on infrastructure (IaC, Key Vault, networking), CI/CD pipeline hardening, and security tasks (JWT expiry reduction, encrypted storage, managed identity migration, direct Entra ID integration). - Ensure deployment team deliverables meet SOC 2 evidence requirements — the work they ship needs to produce auditable artifacts, not just working code. - Unblock the team — flag dependency conflicts, missing access, unclear requirements before they become delays. - Execute the recurring evidence collection calendar — quarterly screenshots of Azure IAM roles, Entra ID MFA settings, GitHub org access, Key Vault RBAC, Dependabot alerts, Defender scores, merged PR examples. - Collect signed DPAs from subprocessors and file vendor SOC 2 reports. - Build and maintain the formal risk register. - Minor policy edits and updates as needed — we have 24 security policies drafted; you'll review, flag gaps, and make light edits, not write from scratch. - Evaluate and onboard a SOC 2 compliance platform (Vanta, Drata, or Secureframe) — this is the critical path blocker for starting the observation window. - Set up onboarding/offboarding security checklists and establish the quarterly access review process. - Coordinate penetration testing engagement (scope, vendor selection, scheduling). - Regular async updates to the lead dev — surface blockers, decisions needed, and progress against the SOC 2 timeline. Don't wait for syncs to flag issues. Qualifications - Aligns with our values: Excellence, Integrity, Professionalism, People Success, Customer Success, Fun, Innovation and Diversity - Strong communication skills - Strong problem solving and analytical skills - Excellent problem-solving ability - Would like to work as part of a self-organizing Scrum team in a scaled agile framework - Must be a self-starter and loves to collaborate with the team and client Requirements - Enough technical depth to read TypeScript diffs, catch real issues, and fix them — not just filing tickets - Comfortable writing code for remediation — test coverage, lint fixes, config corrections, small refactors - Comfortable with GitHub (PRs, Actions, CI pipelines) and Linear (or similar project tools) - Strong at organizing information — turning scattered work into clear status, clean backlogs, and useful docs - Experience coordinating across distributed teams — can run a sync, write a clear status update, and hold people accountable without being their manager - Experience with compliance frameworks — SOC 2, ISO 27001, or HITRUST. Knows what auditors actually look for. - Good judgment on when to hold the line vs. when to find a creative path forward — we're early-stage and need someone who protects quality without blocking momentum - Proactive communicator — surfaces risks and blockers before they become problems Nice to Have - Experience with NestJS/Next.js or TypeScript monorepos - Prior experience as a TPM, dev lead, or engineering manager at a startup - Hands-on experience with Vanta, Drata, or Secureframe - Familiarity with Azure (Entra ID, Key Vault, Container Apps, Monitor) - Prior experience running a SOC 2 Type II readiness process end-to-end Tools - Claude Code / Cowork - GitHub (PRs, Actions, branch protection) - Linear (task tracking, roadmap) - GitHub files + Google Docs + some Notion (documentation) - Azure (infrastructure, identity, monitoring) - Google Workspace (evidence collection playbook) - Docker, PostgreSQL - NX monorepo