About Cerpent

We make GRC work forthe people doing the work.

Cerpent is a small, senior team building AI-powered governance, risk and compliance tooling for banks, insurers and critical infrastructure operators. We are remote-first across the Gulf, EU and North America.

2022
Founded
Gulf + EU + US
Markets
4
Time zones
7
Open roles

Our mission

GRC is broken.
We're fixing it.

Compliance programs at regulated enterprises run on spreadsheets, siloed tools and manual evidence-gathering. Audits take months. Risk registers go stale. Boards make decisions with outdated data.

Cerpent changes that. We build dense, fast, AI-augmented tooling that puts second-line analysts and CISOs in control of their evidence pipeline — so audits take days, not quarters, and risk data reflects reality.

Manual evidence collection
Automated evidence pipeline
Static spreadsheet risk registers
Live, AI-scored risk data
Quarterly audit sprints
Continuous compliance posture
Siloed GRC tools
Unified control-to-risk mapping
Board decks from stale reports
Real-time executive dashboards

How we work

Values we actually live by

Not a poster on a wall — these are the decisions we make every day.

Depth over breadth

We build fewer things and build them exceptionally well. Every feature earns its place by making a second-line analyst's day meaningfully better.

Audit-grade everything

Every data point we store has lineage, every action has a log entry. If a regulator asks, we can show them exactly how a number was derived.

Remote-native

We've been async-first from day one. Documentation is a first-class output. Time zones are a feature. They give us coverage and diverse thinking.

Senior by default

We hire people who can own a problem end-to-end. No handoffs to someone who will take it from here. Everyone ships and everyone is accountable.

Transparent by design

Pricing, roadmap, progress — we share what we know with customers and candidates alike. Surprises are for birthdays, not enterprise software.

Move at risk-appropriate speed

Fast where it matters: shipping, iterating, responding to customers. Deliberate where it counts: security, data handling, evidence integrity.

Our story

How we got here

2022

Founded

Cerpent was incorporated after our founders spent years inside GRC programs at Tier-1 banks and saw first-hand how broken the tooling was.

2023

First enterprise pilot

Shipped our first production deployment at a regional bank in the UAE. Reduced audit evidence-collection time from 6 weeks to 4 days.

2025

Ophidia AI launch

Shipped our AI risk-scoring engine. Ophidia processes control evidence, flags anomalies and surfaces explainable risk signals for regulator review.

2026

AWS / CTIB Accelerator

Selected for the AWS and CTIB Cybersecurity Accelerator — validation from the infrastructure partners that regulated enterprises already trust.

Now

Expanding the team

Growing the team across Engineering, Product and Go-to-market. 7 roles open now.

Backed by

AWS / CTIB Cybersecurity Accelerator partners

AWS
Vestbee
CrowdStrike
Etisalat

Join us

Help us fix GRC for regulated enterprises.

We're growing the team. If you're a senior engineer, designer or go-to-market specialist who wants to own a real problem — we want to hear from you.

We use a small set of cookies
Strictly necessary cookies keep the site working. Optional analytics cookies help us improve it - your choice.