InfoSec & GRC Program Manager

About The Position

Requirements

• At least 5+ years of experience managing or maturing ISO27001 and/or SOC2 compliance at a software company, preferably within a high-growth Cloud/SaaS environment
• Experience working with external auditors to efficiently drive an audit cycle to successful completion
• Ability to identify gaps, create mitigation plans, and work with control owners to implement changes
• Experience interacting with current and prospective customers to help navigate the security review process
• Strong communication skills with the ability to build relationships across departments and cultures as part of a global distributed team
• Experience using compliance and security tools; experience with Vanta highly desired
• Excellent interpersonal, communication, and presentation skills, including findings and report writing experience
• Experience completing customer security questionnaires
• Ability to execute with urgency and attention to detail
• Experience working with cloud technologies, preferably Azure
• Residence in the US is required

Nice To Haves

• Demonstrated experience conducting a gap assessment or readiness evaluation for ISO 42001, or other relevant frameworks.
• Familiarity with the EU AI Act and the ability to translate its regulatory requirements into actionable internal controls and processes.
• Relevant information security or AI governance certifications (e.g., CISM, ISO 27001 Lead Implementer, ISO 42001 Practitioner) a strong plus

Responsibilities

• Coordinate, conduct, and function as primary contact for all internal and external audits.
• Delegate control ownership to relevant participants across departments, monitor compliance status, and follow up to ensure timely completion of recurring compliance requirements related to SOC2, ISO27001, ISO 42001, GDPR, HIPAA, and other relevant frameworks.
• Lead or participate in gap assessment for ISO 42001 (AI Management System) to evaluate readiness and alignment with the new standard.
• Support the company's alignment with the EU AI Act, ensuring AI governance controls are documented, risk-assessed, and integrated with existing information security management systems.
• Work with the Data Protection Officer (DPO) to execute data deletion requests, maintain our privacy policy and track data sub-processors.
• Conduct risk assessments and software vulnerability assessments to identify potential cybersecurity threats; document and follow-up on security-related findings.
• In preparation for external audits, support monitoring, evidence collection, gap assessments, and reviews as needed.
• Conduct periodic reviews and audits of internal policies, controls and processes; publish findings outlining successes and opportunities for improvement.
• Partner with business stakeholders (including Sales, Product, IT and Engineering management) to identify risks, propose mitigation strategies and inform on emerging security threats and trends.
• Develop and maintain standard GRC documentation, such as policy and procedure documents or project plans.
• Manage and document scalable processes and automation to support our growth and compliance initiatives.
• Develop and assess operating effectiveness of controls.
• Assist in completion of customer assurance activities, such as security questionnaires.
• Perform vendor security and AI governance evaluations of existing and new vendors.

Benefits

• Includes comprehensive health insurance
• 401(k) retirement
• paid time off
• opportunities for professional development