Enterprise SDR

Overview

You'll prospect into enterprise accounts (500+ employees) to book qualified demos for AEs selling Drata's compliance automation platform. Your targets are CISOs, VPs of Security, and GRC leaders who need SOC 2, ISO 27001, or other compliance frameworks. This is Drata's upmarket push—they've historically been strong in mid-market, so you're helping figure out what resonates with bigger companies.

Role Snapshot

Company Context

Stage: Series C ($2B valuation, $200M raised in 2023)

Size: 691 employees

Growth: Expanding into enterprise segment, opening new Bay Area office, actively hiring across sales org

Market Position: #2 player in compliance automation behind Vanta, competing with Secureframe, Sprinto, Thoropass. Well-regarded product (4.8/5 on G2) but fighting for enterprise mindshare against Vanta's head start.

GTM Reality

Pipeline Sources:

• 20-30% Inbound - Some enterprise inbound from brand awareness, content, events like Drataverse. Quality varies—lots of SMB inquiries mixed in.
• 70-80% Outbound - You're driving most of your pipeline through cold calling, sequences, LinkedIn. This is the primary engine for enterprise.
• Small % from partners/referrals

SDR/AE Structure: You book meetings, AEs close them. Dedicated Enterprise AE team.

SE Support: AEs have SE support for technical demos and POCs.

Competitive Landscape

Main Competitors: Vanta (market leader), Secureframe, Sprinto, Thoropass

How They Differentiate: Broader "Trust Management" positioning (not just compliance), AI-powered automation, strong integrations. Newer vendor risk management features.

Common Objections: "We're already looking at Vanta," "We have a consultant handling this," "Not a priority until next audit cycle," pricing vs Vanta.

Win Themes: Better automation/less manual work, faster time-to-compliance, more frameworks supported, strong customer support (consistently praised in reviews).

What You'll Actually Do

Time Breakdown

Prospecting/Research (50%) | Outreach (30%) | Follow-up/Meetings (15%) | Internal (5%)

Key Activities

• Account research: You spend 30-45 min per target account figuring out who owns compliance, recent funding, tech stack signals, whether they're preparing for an audit. Enterprise research takes longer than SMB.
• Cold calling: 40-60 dials/day to directors and VPs. Lots of voicemails. You're often talking to EAs or getting blocked at reception. When you get through, you have 30 seconds to explain why they should care about compliance automation.
• Email sequences: Multi-touch campaigns (6-10 emails over 3-4 weeks). You're A/B testing subject lines and pain points because enterprise messaging is still being figured out. Reply rates are 2-5% if you're doing well.
• LinkedIn outreach: Connection requests, InMails, engaging with their content. Some prospects are more responsive here than email. You're competing with dozens of other SDRs in their inbox.
• Meeting prep: When you get interest, you're gathering context for the AE—what frameworks they need, timeline, who else is involved, budget signals. Handoff quality matters.
• Internal syncs: Weekly 1:1s with Matt, team standup, occasional AE feedback sessions. Matt's building this motion, so there's some strategy discussion about what's working.

The Honest Reality

What's Hard

• Enterprise gatekeeping: CISOs don't pick up cold calls. You're navigating EAs, voicemail jail, and LinkedIn DMs. Getting to the right person takes multiple attempts over weeks.
• Longer nurture cycles: Unlike SMB where someone might book a demo same-week, enterprise prospects go dark for a month, resurface when audit season hits, then ghost again. You're managing 100+ open "prospects" at various stages.
• Category fatigue: Everyone's being pitched compliance tools. Vanta has brand recognition. You're often the second or third vendor they're talking to, which means you're fighting uphill for attention.
• Figuring it out as you go: Drata's enterprise playbook is newer. Some messaging works, some doesn't. You'll spend time testing and iterating without a fully proven script.
• Rejection volume: Most calls/emails go unanswered. Of the ones that respond, many aren't ready yet ("circle back in Q3"). You need thick skin.

What Success Looks Like

• Hitting 12-15 qualified meetings/month: AE accepts the meeting, prospect shows up, there's legitimate interest and budget potential.
• High show rates: Your meetings don't get cancelled or no-showed—means you qualified properly.
• AE feedback: AEs tell Matt your meetings are well-researched and prospects are actually in-market.

Who You're Selling To

Primary Buyers:

• CISOs / VPs of Security (500-2000 employee companies)
• VP / Director of Compliance or GRC
• (Sometimes) VP Engineering or CTO if they own security

What They Care About:

• Reducing audit prep time: Compliance is a time suck. Manual evidence collection is painful. They want automation that actually works.
• Supporting multiple frameworks: Need SOC 2 now, ISO 27001 next year, maybe HIPAA or GDPR. They don't want to switch tools.
• Not adding headcount: Would rather pay for software than hire another GRC analyst.
• Audit readiness: Continuous monitoring so they're not scrambling when audit time comes.

Requirements

• 1-2+ years of SDR experience, ideally selling to enterprise accounts (500+ employees)
• Comfortable cold calling senior leaders (director+ level)
• Located in San Francisco Bay Area (hybrid role, office days required)
• Experience in security/compliance/GRC tech is a plus but not required
• Proven track record hitting meeting quotas in competitive markets
• Ability to work in ambiguity—this enterprise motion is being built, so you need to be okay without a perfect playbook