Compliance Manager

About The Position

Requirements

• 8+ years of experience in cybersecurity governance, risk management, or compliance roles, with demonstrated ownership of enterprise‑level programs
• Proven experience leading and scaling compliance programs aligned to frameworks such as SOC 2, NIST, ISO 27001, and CIS Controls
• Extensive experience managing complex internal and external audits, including direct engagement with auditors and scope management
• Experience overseeing client security questionnaires, due diligence responses, and assurance activities, including coordination with legal, sales, and delivery teams
• Strong background in third‑party risk management, including vendor security assessments, ongoing monitoring, and remediation tracking
• Hands‑on experience with enterprise GRC platforms (e.g., Drata, ServiceNow GRC, or similar), including configuration, optimization, and integrations
• Demonstrated success driving compliance automation and system integrations to reduce manual effort and improve audit readiness
• Experience managing or mentoring team members, including coaching, knowledge development, and performance feedback
• Strong communication skills with the ability to influence senior stakeholders and translate security and risk concepts to technical and business audiences
• Excellent organizational, prioritization, and program management skills in complex, cross‑functional environments

Nice To Haves

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related technical field
• 8+ years of experience in cybersecurity governance, risk management, or compliance roles with ownership of enterprise‑scale programs
• Prior experience in consulting or professional services environments, supporting multiple stakeholders and competing priorities
• Hands‑on experience implementing and optimizing compliance programs using enterprise GRC platforms and automation capabilities
• Demonstrated success driving compliance automation, system integrations, and process maturity improvements
• Familiarity with AI governance concepts and emerging frameworks (e.g., ISO 42001)
• Industry certifications such as CISSP, CISA, CRISC, or CISM

Responsibilities

• Own and lead enterprise‑level cybersecurity compliance programs aligned to SOC 2, NIST CSF, ISO 27001, CIS Controls, and related frameworks.
• Define compliance strategy, scope, and roadmap while ensuring consistent execution across the organization.
• Lead complex internal and external audits (e.g., SOC 2), serving as the primary point of contact for auditors.
• Define audit scope, manage timelines, and implement scalable evidence management practices that improve audit readiness and reduce disruption.
• Lead vendor and third‑party security risk management programs, including due diligence assessments, ongoing monitoring, remediation tracking, and risk reporting.
• Ensure third‑party risk processes align with enterprise security and compliance requirements.
• Oversee responses to client security questionnaires, assessments, and assurance requests.
• Partner with legal, sales, and delivery teams to ensure responses are accurate, consistent, and aligned with the firm’s security posture.
• Identify, assess, and track cybersecurity risks using risk registers and structured remediation plans.
• Partner with technical teams to ensure risks are addressed through effective and measurable control implementations.
• Develop, maintain, and continuously improve security policies, standards, and procedures.
• Ensure governance documentation aligns with regulatory expectations, audit requirements, and operational practices.
• Maintain and mature incident response governance, including annual tabletop exercises, readiness assessments, and post‑incident lessons learned.
• Ensure response procedures are documented, tested, and continuously improved.
• Mentor and coach team members, supporting skill development, performance management, and knowledge growth.
• Communicate complex security and risk concepts effectively to senior leadership, technical teams, and business stakeholders.
• Develop dashboards and reports that provide leadership visibility into compliance posture, automation maturity, audit readiness, and risk exposure.
• Use metrics to inform decision‑making and drive continuous improvement.
• Drive compliance automation initiatives using enterprise GRC platforms (e.g., Drata, ServiceNow GRC), with a focus on reducing manual effort and improving audit readiness.
• Design and implement integrations across security and business systems (e.g., IAM, endpoint, cloud, ticketing) to automate evidence collection, control validation, risk tracking, and reporting, establishing the GRC platform as a single source of truth.
• Identify and eliminate manual compliance tasks by leveraging automation, scripting, and AI-driven workflows, including: Client questionnaire pre-population and consistency, Policy generation and updates, Evidence mapping and control alignment across frameworks, Risk identification and summarization.
• Build continuous control monitoring by integrating telemetry from security tools to enable real-time evidence collection and reduce point-in-time audit efforts.
• Standardize and automate workflows (e.g., API-based evidence collection, task routing via ServiceNow/Jira) to minimize manual follow-ups and improve efficiency.
• Partner with engineering teams to integrate new tools into the compliance ecosystem and continuously improve processes, with a goal of reducing audit effort, increasing accuracy, and scaling the program efficiently.

Benefits

• medical insurance
• dental insurance
• vision insurance
• basic life insurance
• 401k plan
• employee stock ownership program
• annual bonuses
• unlimited flexible time off
• ten paid holidays
• ten weeks of paid parental leave