Senior Governance, Risk & Compliance Lead

About The Position

Requirements

• 6+ years of experience in governance, risk and compliance, information security, or security compliance roles
• Direct experience managing SOC 2 Type II and ISO 27001 audits and maintaining ongoing compliance programs
• Strong understanding of NIST 800-53 and FedRAMP security requirements
• Experience using compliance automation platforms such as Vanta or similar tools
• Experience working in a cloud native SaaS environment, ideally within Azure
• Strong documentation, audit management, and cross functional coordination skills
• Ability to translate security and compliance requirements into practical operational processes
• Experience leading or supporting FedRAMP readiness or authorization programs

Nice To Haves

• Professional certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or CIPP
• Experience supporting enterprise security reviews and government compliance requirements
• Experience working in high growth SaaS or enterprise software companies

Responsibilities

• Own and manage OnePlan’s governance, risk, and compliance program across security and privacy frameworks
• Maintain the company’s compliance certifications including SOC 2 Type II, ISO 27001, and ISO 27701, ensuring ongoing audit readiness and successful surveillance audits and recertifications
• Coordinate with external auditors and manage evidence collection, control validation, and supporting documentation
• Maintain and update security policies, procedures, and internal documentation supporting compliance frameworks
• Maintain the company risk register and drive risk identification, assessment, and remediation activities across the organization
• Partner closely with Engineering and IT teams to implement and document security controls across the platform
• Lead OnePlan’s FedRAMP Moderate readiness initiative, including NIST 800-53 gap assessments and remediation planning
• Develop and maintain the System Security Plan (SSP) and associated FedRAMP documentation
• Prepare the organization for 3PAO assessment and establish processes for ongoing continuous monitoring
• Manage vendor risk assessments and third party security reviews
• Support enterprise and public sector security questionnaires, compliance reviews, and due diligence requests
• Ensure privacy and data protection practices align with GDPR and global privacy frameworks
• Support the ongoing operation of OnePlan’s ISO 27701 privacy program

Benefits

• We’re a remote-first company with team members across the USA, Canada, UK, and India!
• OnePlan has been recognized as the Global Microsoft Partner of the Year in Project Portfolio Management in 2019, 2020, 2021, 2022 and 2023.
• We’ve been named a "Strong Performer" in the latest Forrester Strategic Portfolio Management WAVE report.
• We offer comprehensive health, dental, and vision benefits, with additional insurance options.
• Employer RRSP and 401K matching programs.
• A fun, collaborative, and diverse environment with regular health and team challenges to keep things light and enjoyable!
• At OnePlan, we are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or veteran status. We are proud to be an equal-opportunity workplace.