We make GRC work for
the people doing the work.
Cerpent is a small, senior team building AI-powered governance, risk and compliance tooling for banks, insurers and critical infrastructure operators. We are remote-first across the Gulf, EU and North America.
Our mission
GRC is broken.
We're fixing it.
Compliance programs at regulated enterprises run on spreadsheets, siloed tools and manual evidence-gathering. Audits take months. Risk registers go stale. Boards make decisions with outdated data.
Cerpent changes that. We build dense, fast, AI-augmented tooling that puts second-line analysts and CISOs in control of their evidence pipeline — so audits take days, not quarters, and risk data reflects reality.
How we work
Values we actually live by
Not a poster on a wall — these are the decisions we make every day.
Depth over breadth
We build fewer things and build them exceptionally well. Every feature earns its place by making a second-line analyst's day meaningfully better.
Audit-grade everything
Every data point we store has lineage, every action has a log entry. If a regulator asks, we can show them exactly how a number was derived.
Remote-native
We've been async-first from day one. Documentation is a first-class output. Time zones are a feature. They give us coverage and diverse thinking.
Senior by default
We hire people who can own a problem end-to-end. No handoffs to someone who will take it from here. Everyone ships and everyone is accountable.
Transparent by design
Pricing, roadmap, progress — we share what we know with customers and candidates alike. Surprises are for birthdays, not enterprise software.
Move at risk-appropriate speed
Fast where it matters: shipping, iterating, responding to customers. Deliberate where it counts: security, data handling, evidence integrity.
How we got here
Founded
Cerpent was incorporated after our founders spent years inside GRC programs at Tier-1 banks and saw first-hand how broken the tooling was.
First enterprise pilot
Shipped our first production deployment at a regional bank in the UAE. Reduced audit evidence-collection time from 6 weeks to 4 days.
Ophidia AI launch
Shipped our AI risk-scoring engine. Ophidia processes control evidence, flags anomalies and surfaces explainable risk signals for regulator review.
AWS / CTIB Accelerator
Selected for the AWS and CTIB Cybersecurity Accelerator — validation from the infrastructure partners that regulated enterprises already trust.
Expanding the team
Growing the team across Engineering, Product and Go-to-market. 7 roles open now.
Backed by
AWS / CTIB Cybersecurity Accelerator partners




Join us
Help us fix GRC
for regulated enterprises.
We're growing the team. If you're a senior engineer, designer or go-to-market specialist who wants to own a real problem — we want to hear from you.