Security and Compliance Manager

About The Position

Requirements

• 6+ years of experience in security compliance, with at least 2 years owning or leading SOC 2 audits
• Deep understanding of SOC 2 Trust Services Criteria and how to implement effective controls
• Proven experience building or scaling compliance programs at a SaaS or technology company
• Excellent policy writing skills with the ability to translate complex requirements into clear, actionable documentation
• Strong technical foundation with the ability to implement security controls and work effectively with engineering teams
• Experience managing GRC platforms (Drata, Vanta, or similar)
• Outstanding project management skills and ability to coordinate across multiple stakeholders
• Self-starter mentality with the ability to own initiatives from strategy through execution
• Strong ability to translate technical concepts for non-technical audiences

Nice To Haves

• Experience expanding SOC 2 scope beyond Security (Availability, Confidentiality, Processing Integrity, Privacy)
• Familiarity with additional compliance frameworks (ISO 27001, PCI-DSS, GDPR, CCPA, HIPAA)
• Experience implementing and managing Trust Centers
• Knowledge of AWS/cloud security best practices (we use EKS, RDS, and AWS services)
• Technical skills in scripting or automation (Python, Bash, etc.) for evidence collection and control monitoring
• Experience with SIEM tools (Datadog), CI/CD platforms (GitHub), and infrastructure monitoring
• Relevant certifications (CISSP, CISM, CISA, or similar)
• Experience in a high-growth startup or scale-up environment
• Background working cross-functionally with Legal, HR, or Sales on compliance initiatives

Responsibilities

• Lead the expansion of our SOC 2 audit scope to include all Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, and Privacy)
• Own and manage our compliance roadmap, ensuring we're continuously audit-ready
• Coordinate and manage SOC 2 audits, including evidence gathering, auditor communication, and remediation tracking
• Implement and maintain our Trust Center, making our security posture transparent and accessible to customers
• Serve as the primary point of contact for customer security questionnaires and assessments
• Create, refine, and maintain comprehensive security and compliance policies, such as: Acceptable Use Policy Software Approval Policy AI Use Policy Incident Response Plan Data Retention, Access, and Classification policies Email Communication Policy Business Continuity Plans
• Ensure policies are practical, enforceable, and aligned with industry frameworks and regulatory requirements
• Develop clear, accessible documentation that empowers teams to understand and follow security best practices
• Partner with Legal, HR, and other departments to ensure policies are comprehensive and cross-functional
• Own and maintain our risk register, conducting regular risk assessments and tracking mitigation efforts
• Lead third-party vendor security reviews and risk assessments
• Maintain detailed knowledge of what data exists in every third-party tool and who has access
• Track and manage vendor compliance documentation (SOC 2 reports, security attestations, etc.)
• Work with Procurement and Engineering to ensure vendors meet our security standards
• Implement security controls across our infrastructure and applications in collaboration with Security Engineers
• Work with the team to automate evidence collection and compliance monitoring using tools like Drata and Datadog
• Conduct internal reviews of audit controls to ensure they remain effective and up-to-date
• Identify gaps in our security posture and design solutions to address them
• Evaluate and implement new compliance and security tooling as needed
• Partner with Engineering, Product, HR, Legal, and Sales to ensure compliance requirements are understood and met
• Ensure control owners across the organization complete their compliance tasks on schedule
• Provide training and guidance to teams on security and compliance best practices
• Serve as a trusted advisor to leadership on compliance strategy and risk posture

Benefits

• Flexible Paid Time Off - you’re actually encouraged to use it, plus 10 company holidays!
• Health Benefits - including Medical, Dental, and Vision and an HSA Match.
• 401(k) - we match 100% up to 3% of your contribution. Eligibility is immediate with 100% vesting.
• Mental Health - all employees have access to Impact Suite & to our Employee Assistance Program (EAP).
• Paid New Parent Leave & Birthing Parent Leave - so you’re able to care for your little ones.
• Supplemental Benefits - including 100% company paid Basic Life & AD&D insurance and long & short-term disability coverage.
• Nectar - our peer-to-peer recognition program to help our employees recognize the amazing work being done by other Canopians!
• Company Events - including monthly company-wide meetings, summer parties, and more.
• ERG Committees - to plan initiatives around continuing education, community outreach, recruiting, onboarding, and more.
• Fully-stocked kitchen - Keto? Vegan? Flexitarian? Mandalorian? We’ve got you covered.