Program Manager, Commercial Compliance
About The Position
The Compliance team at MongoDB manages the strategy, execution, and maintenance of our global security certifications and regulatory requirements. We ensure that our cloud database products meet the rigorous security standards required by our customers in the most highly regulated industries worldwide. We act as the primary interface between external auditors and our internal Product, Engineering, and Legal teams. Our goal is to translate complex regulatory requirements into scalable operational processes, maintaining a compliant and audit-ready posture across our diverse portfolio. The Program Manager / Senior Analyst is a mid-to-senior level individual contributor role responsible for leading high-stakes audits and specialized compliance workstreams. Unlike the Analyst level, this role takes full ownership of complex international frameworks—such as IRAP and ENS High—and manages the relationship with our Financial Services customers during audit deep-dives. You will lead internal audit cadences and perform gap analyses for new market expansions.
Requirements
- 7+ years in GRC, Information Security, or IT Audit, specifically within a high-growth SaaS/Cloud environment
- Deep understanding of cloud security principles (AWS/GCP/Azure) and a proven track record leading technical audits for ISO 27001, SOC 2, or ENS High
- Solid grasp of audit processes, terminology, and risk assessment standards. Certifications such as CISA, CRISC, CISSP, or ISO Lead Implementer are highly preferred
- Exceptional ability to lead meetings with external customers and auditors, translating technical complexities into business risk and compliance assurance
- Advanced proficiency in Jira for tracking control performance data and managing high-volume remediation workflows
- Practical experience performing gap analyses and maturity assessments at an enterprise level
Responsibilities
- Lead the end-to-end execution of specialized external audits (e.g., ENS High, IRAP, ISO 22301) and coordinate all phases from initial scoping to final certification
- Serve as the lead point of contact for Financial Services customer audits, facilitating meetings, responding to security questionnaires, and defending our control environment to external stakeholders
- Lead internal audit cadences and drive the POA&M tracking process, ensuring technical teams remediate findings within required SLAs
- Map new regulatory requirements to our central control framework, performing gap analyses to identify where existing controls can be leveraged for new certifications
- Conduct NIST CSF or similar maturity assessments to monitor the effectiveness of the Compliance Program and report findings to team leads
- Author and review customer-facing security documentation, ensuring it accurately reflects our technical controls and architectural guardrails
- Partner with Engineering and Product leads to implement compliance-by-design, ensuring future product roadmaps align with global regulatory shifts
Benefits
- equity
- participation in the employee stock purchase program
- flexible paid time off
- 20 weeks fully-paid gender-neutral parental leave
- fertility and adoption assistance
- 401(k) plan
- mental health counseling
- access to transgender-inclusive health insurance coverage
- health benefits offerings
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
1,001-5,000 employees
