Manager, Security Governance

About the position

Join our growing Security & Privacy team as the Manager, Security Governance, where you’ll play a key role in supporting and advancing the company’s audit preparedness and execution efforts. Reporting to senior leadership within the Chief Security Office (CSO), you will be a strategic partner to the Chief Security & Privacy Officer and a central figure in coordinating our company-wide Security & Privacy audit initiatives. In this role, you will lead audit readiness activities by managing the coordination of third-party audits—primarily SOC 1 and SOC 2—with internal stakeholders and external auditors. You will oversee audit timelines, ensure the timely collection and delivery of evidence artifacts, and guide internal teams on how to interpret and respond to control requirements. Your focus will be on aligning audit deliverables with compliance objectives while minimizing disruption to business operations. You bring a strong foundation in security, privacy, and risk management frameworks, along with prior experience supporting audit cycles, leading evidence collection efforts, or working directly with auditors. Your ability to interpret control language and translate it into actionable guidance for cross-functional teams will be essential to your success. Ideal candidates are organized, communicative, and thrive in a collaborative environment. You enjoy bridging gaps between technical and non-technical teams, and you're passionate about helping organizations demonstrate trust through sound compliance practices. This is a great opportunity to take ownership of audit readiness efforts and grow your career while making a meaningful impact on the protection of data, systems, and processes. This role reports to the Chief Security & Privacy Officer.

Responsibilities

• Lead audit planning and execution efforts by managing audit schedules and timelines across internal stakeholders and external audit firms to ensure timely, organized, and successful outcomes.
• Oversee the collection, validation, and organization of audit artifacts to support SOC 1 and SOC 2 compliance efforts, partnering with business units to drive accountability and consistency.
• Interpret control requirements across multiple frameworks and translate them into actionable guidance for business owners, ensuring audit submissions are complete, accurate, and aligned with expectations.
• Advise internal teams on compliance best practices, ensuring alignment with the organization’s overarching Security, Privacy, and Compliance objectives.
• Manage recurring control and artifact reviews in collaboration with business process owners, ensuring control health and evidence quality are maintained year-round.
• Support the development, implementation, and maturation of audit controls, ensuring readiness for ongoing and upcoming audits.
• Serve as the primary liaison between internal teams and auditors, facilitating clear communication, resolving blockers, and ensuring cross-functional engagement throughout audit lifecycles.
• Create and maintain comprehensive process documentation, including workflows, guidelines, and training materials to streamline audit readiness activities and support continuous improvement.
• Lead the rollout of new audit-related processes, ensuring change management and adoption across relevant teams to support evolving audit requirements and business needs.
• Support the company’s evolving compliance landscape by contributing to the planning and coordination of additional audit and assurance activities beyond AICPA/SOC, as needed.

Requirements

• 5–7 years of professional experience in audit, compliance, or GRC roles, with demonstrated ability to manage or support audit engagements across complex environments.
• Prior hands-on experience supporting or managing AICPA SOC 1 and SOC 2 audits, including coordination, evidence collection, and interaction with auditors.
• Background in Cybersecurity, Computer Science, or a related field, or equivalent practical experience supported by relevant certifications.
• Professional certifications in Audit (e.g., CISA), Cybersecurity (e.g., Security+, CISM), Privacy (e.g., CIPM, CIPP), Compliance (e.g., CCEP), or Risk Management (e.g., CRISC) are highly valued.
• Strong project management skills, with the ability to prioritize tasks, manage timelines, and coordinate across diverse stakeholders.
• Deep interest in compliance and audit readiness, with a growth mindset and a willingness to adapt to emerging frameworks or business needs.
• Working knowledge of security and privacy standards and frameworks such as NIST, ISO 27001, and SOC, with an understanding of how these frameworks apply in an enterprise setting.
• Excellent written and verbal communication skills; comfortable providing regular updates to leadership and contributing to audit-related documentation and reporting.
• Familiarity with information security governance, risk management, or regulatory compliance is helpful; experience in regulated industries such as life insurance, financial services, or public sector is a strong plus.
• Experience supporting audits or managing the lifecycle of control evidence collection in a cross-functional setting is preferred.

Benefits

• Competitive salary and equity based on role
• Policies and managers that support work/life balance, like our flexible paid time off and parental leave programs
• 100% paid-premium option for medical, dental, and vision insurance
• Lifestyle stipend to support your physical, emotional, and financial wellbeing
• Flexible work-from-home policy and open to remote
• Remote and WFH options, as well as a beautiful, state-of-the-art office in Dallas’ Deep Ellum, for those who prefer an office setting
• Employee-led diversity, equity, and inclusion initiatives