Policy and Compliance Lead - USA Remote
About The Position
The Policy and Compliance Lead is responsible for developing and implementing Policies and Standards that align with industry requirements. This role offers opportunities to work on cutting-edge security projects and grow your expertise in both business strategy and information security. This position is part of the Corporate Information Security and will be USA Remote base. In this role, you will have the opportunity to: Design, develop, and maintain comprehensive information security policies, standards, and procedures that align with regulatory requirements, industry frameworks (such as ISO 27001, NIST, SOC 2), and organizational objectives Lead compliance initiatives and assessments, coordinating with cross-functional teams to ensure adherence to applicable laws, regulations, and contractual obligations while identifying and remediating gaps Serve as a subject matter expert and trusted advisor to business units, providing guidance on policy interpretation, risk mitigation strategies, and security best practices Drive continuous improvement of the policy management lifecycle, including stakeholder engagement, policy reviews, exception management, and metrics reporting to leadership Collaborate with audit, legal, risk management, and technology teams to translate complex compliance requirements into practical, scalable solutions that support business growth
Requirements
- Strong knowledge of regulatory frameworks and industry standards such as ISO 27001, NIST CSF, SOC 2, GDPR, HIPAA, or PCI DSS
- Demonstrated ability to translate complex technical and regulatory requirements into clear, actionable policies and procedures for diverse audiences
- Proven experience in preparing for and managing IT security audits (e.g., SOC 2, ISO 27001, PCI DSS).
- Strong knowledge of compliance frameworks and ability to translate requirements into actionable controls.
- 3+ years of experience in information security, risk management, compliance, or policy development within a corporate environment.
Nice To Haves
- Experience with governance, risk, and compliance (GRC) platforms and policy management tools, along with security automation and continuous compliance monitoring.
- Excellent written and verbal communication skills with proven experience influencing stakeholders at all organizational levels, including senior leadership
Responsibilities
- Design, develop, and maintain comprehensive information security policies, standards, and procedures that align with regulatory requirements, industry frameworks (such as ISO 27001, NIST, SOC 2), and organizational objectives
- Lead compliance initiatives and assessments, coordinating with cross-functional teams to ensure adherence to applicable laws, regulations, and contractual obligations while identifying and remediating gaps
- Serve as a subject matter expert and trusted advisor to business units, providing guidance on policy interpretation, risk mitigation strategies, and security best practices
- Drive continuous improvement of the policy management lifecycle, including stakeholder engagement, policy reviews, exception management, and metrics reporting to leadership
- Collaborate with audit, legal, risk management, and technology teams to translate complex compliance requirements into practical, scalable solutions that support business growth
Benefits
- paid time off
- medical/dental/vision insurance
- 401(k)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
5,001-10,000 employees
