Compliance Enablement Technical Program Manager

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• 4+ years of experience in GRC, engineering, or a technical discipline supporting cybersecurity programs.
• In-depth knowledge of cybersecurity frameworks including NIST 800-53, ISO 27001, SOC 2, and/or FedRAMP.
• Technical background in systems administration, software engineering, cloud security, or security engineering.
• Hands-on experience with cloud infrastructure (AWS, Azure, or GCP) and distributed application security concepts.
• Hands-on experience with a GRC platforms for control tracking, evidence management, and findings remediation.
• Proficiency with security monitoring concepts and tooling (e.g., encryption, authentication, Tenable, Splunk).
• Demonstrated professional use of AI tools to support drafting, analysis, evaluation, or workflow automation within compliance or technical programs.
• Strong project management skills with experience leading security assessment initiatives across multiple stakeholders.
• Familiarity with Git workflows and repository access management.

Nice To Haves

• Proficiency in Python or scripting language with experience in API integrations and data processing.
• Experience building AI/ML-powered applications or agentic systems.
• Experience with CI/CD pipelines and deploying production-grade services.
• Prior experience leading a SOC 2 Type II, ISO 27001, FedRAMP, or NIST 800-53 audit end-to-end.
• Experience with OSCAL (Open Security Controls Assessment Language) or other compliance automation tooling.
• Experience in SaaS, GovCloud, FinTech, or other highly regulated technology environments.
• Familiarity with cloud infrastructure automation and configuration tooling (e.g., Terraform, Puppet, Jenkins).
• Professional certifications such as CISSP, CISM, CISA, CCSP, CCSK, or ISO 27001 Lead Auditor.

Responsibilities

• Platform Engineering & Integration
• Own and operate the GRC platform (control mapping, evidence collection, continuous monitoring, and audit workflows), serving as the technical lead for all GRC SaaS integrations.
• Integrate GRC tools with cloud platforms (AWS, Azure, GCP) and internal systems (e.g., Jira, BigQuery) using APIs and scripting.
• Design and implement automated workflows for evidence collection, control monitoring, and remediation tracking.
• Build and maintain dashboards to visualize compliance posture, key risk indicators, and program maturity for both technical and executive audiences.
• AI & Automation
• Design, build, and operate AI agents that automate the compliance lifecycle across applicable frameworks (ISO 27001, SOC 2, FedRAMP, etc.).
• Apply AI-assisted workflows to evidence validation, control evaluation, finding management, and audit preparation.
• Identify process gaps and implement scalable governance improvements through automation and tooling.
• Compliance Program Support
• Conduct gap analyses and support implementation of new compliance frameworks and associated controls.
• Prepare compliance documentation, control evidence, and control owners for internal and external audits.
• Monitor adherence to internal controls and external regulatory requirements (e.g., ISO 27001, NIST 800-53, SOC 2, GDPR, HIPAA, FedRAMP).
• Translate regulatory requirements and domain expertise into technical control implementations and automated agent logic.
• Contribute to policy authoring, change management, and manual controls enforcement as a high-bandwidth team member.
• Stakeholder Collaboration & Reporting
• Partner cross-functionally with engineering, product, security, and legal teams to ensure controls are not only documented but operationalized.
• Communicate compliance risk and control status to technical and non-technical stakeholders through clear reporting and executive-ready summaries.
• Participate in security reviews and risk discussions related to cloud and data platform environments.
• Work independently, leveraging existing documentation, standards, and prior artifacts to resolve issues before escalating.

Benefits

• Sophos operates a remote-first working model, making remote work the primary option for most employees.
• Employee-led diversity and inclusion networks that build community and provide education and advocacy
• Annual charity and fundraising initiatives and volunteer days for employees to support local communities
• Global employee sustainability initiatives to reduce our environmental footprint
• Global fitness and trivia competitions to keep our bodies and minds sharp
• Global wellbeing days for employees to relax and recharge
• Monthly wellbeing webinars and training to support employee health and wellbeing