Three people who built what they needed and then turned it into a company.
CEO & Co-founder
Previously head of engineering at a Boston-based fintech series A startup, where he led three SOC 2 audit cycles. Before that, security engineering at HubSpot. Holds CISSP certification. Prototyped the first version of CompliRun after reducing his team's third audit prep from 7 weeks to 11 days using a custom Lambda-based monitoring pipeline.
CTO & Co-founder
Distributed systems engineer with 9 years at AWS, where she worked on the S3 durability infrastructure and later on the AWS Audit Manager product team. Architected CompliRun's evidence collection pipeline and the control-mapping layer. Holds AWS Solutions Architect Professional and CISA certifications.
Head of Compliance & Co-founder
Former Big Four auditor (KPMG, 6 years) who specialized in SOC 2 and ISO 27001 engagements for SaaS and financial services clients. After conducting roughly 80 audits, he moved to the company side to help build tooling that makes auditors' fieldwork less painful. Holds CPA and ISO 27001 Lead Auditor credentials.
CompliRun is intentionally small. Our product covers two frameworks well — SOC 2 and ISO 27001 — rather than attempting broad GRC coverage. Every engineering decision is made with auditability in mind: if something changes in your environment, CompliRun should detect it, log it, and surface it.
We work remotely across Boston and Austin. We ship to production every two weeks. Every release is backwards-compatible — existing integrations and evidence collections do not break when we deploy new features.
We hire people who have been on both sides of a compliance engagement — either as engineers who have lived through audits, or as auditors who understand what evidence actually needs to contain. Familiarity with AWS IAM, cloud audit logs, and trust services criteria is more useful to us than broad security certifications.
If you are interested in joining, reach out at contact@complirun.com with a note about which audit you found hardest to prepare for and why.
We give 45-minute technical demos where we walk through your specific integration set and compliance framework.
Schedule a Demo