Manager, Compliance

About The Position

Requirements

• Deep experience in Governance, Risk, and Compliance (GRC) within a B2B SaaS, cybersecurity, or similarly regulated technology environment
• Deep understanding of compliance frameworks such as SOC 2, ISO 27001, NIST AI RMF, DORA, and NIST 800-53, including experience leading annual audits
• Expertise in GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state data privacy laws
• Strong working knowledge of third-party risk management, vendor due diligence, and privacy/security review processes
• Experience responding to security questionnaires, RFPs, customer audits, and due diligence requests
• Knowledgeable in common SaaS infrastructure and business systems such as AWS, Okta, MDM, SIEM, and DLP
• Strong written and verbal communication skills, with the ability to translate complex compliance concepts for both technical and non-technical stakeholders
• Ability to work independently and as part of a team, with a strong sense of ownership and accountability
• Experience building metrics and reporting that communicate compliance risk and program health to leadership
• Bachelor’s degree in Cybersecurity, Information Systems, Business, Risk Management, or a related field, or equivalent practical experience
• 6+ years of experience in security compliance, privacy, risk, or GRC
• 3+ years of experience operating in a B2B SaaS or cybersecurity company
• Prior experience leading audits, privacy programs, or third-party risk programs in a hands-on capacity
• Prior experience leading compliance analysts or serving as a technical/program lead in a compliance function
• AWS
• Okta
• MDM platforms
• SIEM tools
• DLP tools
• GRC and audit evidence management processes/tools

Nice To Haves

• Led multiple SOC 2 Type II audits from start to finish and understand both auditor requirements and operational realities
• Deep working knowledge of global and U.S. privacy laws and stay ahead of the evolving regulatory landscape
• Trusted partner across Sales, Legal, Security, Product, and Engineering, balancing rigor with practical business execution
• Built or managed a vendor risk management program and can evaluate technical controls, assess privacy risk, and communicate findings clearly
• Know how to navigate large, complex security questionnaires and RFPs, coordinating with SMEs to deliver high-quality responses quickly
• Certifications such as CIPP/US, CIPT, CISA, CRISC, or ISO 27001 Lead Implementer
• Experience in high-growth SaaS or cybersecurity companies

Responsibilities

• Lead, coach, and grow the Compliance team, including ownership of compliance operations, privacy, third-party risk management, and customer assurance
• Set priorities and operating rhythms for the team, balancing strategic program maturity, customer-facing support, audit readiness, and cross-functional execution
• Serve as the internal lead for compliance efforts, including control mapping, evidence collection, audit coordination, and continuous improvement of the control environment
• Maintain and improve compliance against frameworks such as, but limited to: SOC 2, ISO 27001, NIST AI RMF, ISO 42001, DORA, UK Cyber Essentials, FedRAMP, and/or NIST 800-53
• Collaborate with cross-functional teams including Engineering, IT, Legal, HR, Product, Sales, and Customer Success to implement and validate control requirements
• Oversee the organization’s data privacy program, ensuring compliance with GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state privacy laws
• Maintain records of processing activities (RoPAs), manage data subject access requests (DSARs), and conduct privacy impact assessments (PIAs)
• Partner closely with Legal and Product to advise on privacy-by-design, data minimization, and transparency practices
• Own and manage the third-party risk management lifecycle, including onboarding reviews, periodic reassessments, contract/privacy reviews, and ongoing risk tracking
• Conduct security and privacy due diligence on new vendors and partners supporting the SaaS product
• Maintain a current inventory of vendors, subprocessors, and associated risk assessments
• Serve as the primary point of contact for customer security questionnaires, RFPs, customer audits, and due diligence requests
• Leverage existing documentation such as the SOC 2 report, pentest reports, whitepapers, and DPAs, while partnering with SMEs to provide accurate and timely responses
• Support Sales, Customer Success, and Legal in accelerating deals by strengthening trust in our security and compliance posture
• Create metrics, reporting, and risk narratives that communicate compliance posture, trends, and priorities to business owners and leadership
• Identify opportunities to improve processes, tooling, and documentation that help the company scale its compliance and privacy programs efficiently
• Demonstrate a commitment to integrity, process improvement, and customer satisfaction
• Act as the primary owner for enterprise security risk, establishing and maturing the Risk Register to ensure all identified threats are centralized and tracked.
• Manage the comprehensive risk lifecycle, overseeing everything from initial detection and impact analysis to remediation tracking and formal sign-off.
• Implement a standardized risk scoring methodology that utilizes quantitative and qualitative metrics to drive objective prioritization across the entire organization.
• Recruiting and onboarding talented individuals to support our organizational goals
• Mentoring, coaching, equipping, and developing your team
• Recognizing and retaining high performers
• Leading horizontally with peer management and senior leaders

Benefits

• Health, vision & dental insurance for you and your family
• Flexible vacation policy
• Generous parental leave
• Equity package in the form of stock options