Manager of IT Audit & Compliance

Vendasta•Corman Park No. 344, SK

3d•Onsite

About The Position

The mission of the Manager, IT Audit & Compliance is to own and optimize Vendasta’s IT audit, compliance, privacy, and risk management functions. This role exists to ensure the organization maintains continuous audit readiness, meets global regulatory requirements, and provides customers with unwavering confidence in our security posture. Success requires a blend of deep technical expertise in frameworks like SOC 2 and ISO 27001, combined with the leadership to recruit and develop a high-performing team while integrating AI-driven automation to enhance compliance scalability. Reporting to the VP of IT & Security, the Manager of IT Audit & Compliance leads the R&D- IT & Security department in overseeing the enterprise IT risk register, identifying and assessing risks while balancing mitigation with business innovation. You will serve as the primary point of contact for external auditors and regulators, managing the internal IT audit program, the IT policy lifecycle, and global regulatory compliance (GDPR, PIPEDA, HIPAA). This managerial role involves recruiting and developing a team of compliance, privacy, and risk analysts while leading team-level AI adoption and workflows.

Requirements

7–10+ years of experience in IT audit, compliance, or risk management, ideally within a SaaS or technology environment.
Deep regulatory knowledge and expert-level understanding of SOC 2, ISO 27001, GDPR, and HIPAA.
Proven experience recruiting and mentoring high-performing teams.
Ability to manage complex cross-functional stakeholders.
Proficiency with GRC platforms (e.g., Vanta, Drata, OneTrust).
Experience leveraging AI for trend analysis and insights.
AI proficiency, including the ability to assess and integrate AI solutions into compliance responsibilities and prompt engineering for GRC automation.
Ability to communicate clearly and effectively in written and verbal formats.
Bachelor’s degree in Information Systems, Computer Science, or Business preferred.
Professional certifications such as CISA, CRISC, CISSP, or CIPP are highly preferred.
Demonstrated use of AI tools in professional settings or AI literacy certification is considered a strong asset.

Nice To Haves

Bachelor’s degree in Information Systems, Computer Science, or Business
Professional certifications such as CISA, CRISC, CISSP, or CIPP
Demonstrated use of AI tools in professional settings or AI literacy certification

Responsibilities

Own and optimize Vendasta’s IT audit, compliance, privacy, and risk management functions.
Ensure the organization maintains continuous audit readiness.
Meet global regulatory requirements.
Provide customers with unwavering confidence in our security posture.
Oversee the enterprise IT risk register, identifying and assessing risks while balancing mitigation with business innovation.
Serve as the primary point of contact for external auditors and regulators.
Manage the internal IT audit program.
Manage the IT policy lifecycle.
Manage global regulatory compliance (GDPR, PIPEDA, HIPAA).
Recruit and develop a team of compliance, privacy, and risk analysts.
Lead team-level AI adoption and workflows.
Achieve clean audit opinions (SOC 2, ISO 27001) with minimal or no exceptions.
Achieve a 15–20% reduction in manual reporting and evidence collection tasks through the adoption of AI-augmented workflows.
Ensure 100% of high-priority risks are documented in the register with active treatment plans meeting agreed-upon timelines.
Ensure 100% of customer security assessments and data subject requests are completed within regulatory or business timelines.
Build future leaders within the function, coaching team members on prompt optimization and setting goals for AI usage.
Enable the Sales team by ensuring customer security assessments are completed promptly.
Maintain 95%+ organization-wide completion of required compliance training.