Senior Manager - Commercial Compliance

About The Position

Requirements

• 8+ years of progressive experience in GRC, security/commercial compliance, audit, or related fields, including ownership of compliance programs in a SaaS/cloud or technology environment.
• 2+ years of people management experience, including leading distributed/global teams and/or managing contractors or managed service resources.
• Demonstrated experience managing a control framework and control lifecycle (design, implementation, testing, evidence, remediation) and operating a continuous compliance monitoring program.
• Hands-on experience supporting external audits and customer compliance engagements (e.g., SOC examinations, ISO audits, customer diligence and assessment requests).
• Strong working knowledge of common security/compliance frameworks and standards (e.g., SOC 2, ISO 27001, NIST, CIS, SIG, CSA CCM), and control mapping across multiple requirements.
• Experience with writing risk findings, consulting on risk and mapping controls to policies and standards. Strong knowledge of all GRC programs and how each program works to deliver a strong security posture for Rubrik.
• Experience partnering with technical stakeholders (Security, Engineering, IT, Cloud/Infrastructure) to operationalize controls and drive remediation to closure.
• Excellent written and verbal communication skills, including the ability to translate compliance requirements into practical, actionable guidance.

Nice To Haves

• Master’s degree a plus.
• CCSP (cloud security) a plus
• Ongoing professional development in areas such as cloud security, audit/compliance automation, and risk management (e.g., SANS, ISACA, (ISC)², ISO training) is strongly preferred.

Responsibilities

• Lead continuous compliance monitoring activities, including control health reporting, metrics, and executive-ready status updates to GRC leadership.
• Own and evolve the Common Control Framework (CCF), including control rationalization, mapping to applicable standards/frameworks, and alignment with business and technology changes.
• Manage the control lifecycle: control design/updates, operationalization, testing, evidence collection, deficiency tracking, and remediation partnership.
• Partner with control owners across the organization to drive timely and high-quality control performance and evidence readiness.
• Coordinate and support customer audits, security questionnaires, and compliance-related customer inquiries in collaboration with Customer Trust and other stakeholders.
• Drive program execution to maintain and achieve security certifications/attestations (e.g., SOC 2, ISO 27001, etc.), including readiness planning and audit support.
• Collaborate with Risk Management, Security Governance, and Public Sector Compliance to align controls, risk treatment, and governance expectations across commercial and regulated requirements.
• Identify compliance program gaps and opportunities; prioritize improvements that increase automation, reduce audit burden, and improve scalability.
• Manage global compliance resources, setting priorities, developing talent, and ensuring consistent delivery across distributed teams.