Senior Manager, GRC Engineering

About The Position

Requirements

• 8+ years working in cybersecurity compliance, including SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HiTRUST, and NIST 800-171/CMMC frameworks
• 8+ years creating and enforcing cybersecurity policies
• 5+ years of proven experience leading and developing mid-sized teams in a fast-paced, results-driven environment
• Strong strategic thinking skills with experience driving cross-functional collaboration and aligning team goals with business objectives
• Proven ability to work directly with clients in the US
• Strong organizational skills with the ability to manage multiple cybersecurity compliance projects concurrently
• Experience working in a tech company with a focus on cybersecurity
• Thrives in a fast-paced startup environment
• Exceptional written and verbal English communication skills
• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to work US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

Nice To Haves

• Certifications such as CISA, CISSP, CISM, ISO 27001 Lead Implementer, or CRISC
• Experience managing GRC functions within a managed security services or consulting environment
• Familiarity with compliance automation platforms such as Vanta, Drata, or Secureframe
• Exposure to risk management or audit methodologies across multiple regulatory frameworks

Responsibilities

• Oversee Compliance Projects: Manage and coordinate multiple cybersecurity compliance engagements, ensuring timely completion and adherence to relevant standards and frameworks.
• Lead and Develop Teams: Supervise and mentor managers and analysts across various accounts, fostering performance, collaboration, and professional growth.
• Drive Resource Strategy: Guide staffing, hiring, and resource allocation to optimize delivery efficiency and support department scalability.
• Manage Client Escalations: Address executive-level client concerns with professionalism, ensuring swift and effective resolution.
• Ensure Quality Standards: Conduct regular reviews of client communications, deliverables, and quality metrics to maintain consistency and excellence across projects.
• Implement Compliance Policies: Develop, execute, and maintain cybersecurity compliance policies and procedures aligned with industry best practices.
• Collaborate on Risk Mitigation: Partner with internal and external teams to identify, assess, and remediate cybersecurity risks.
• Engage Directly with Clients: Communicate with US-based clients to address compliance concerns and deliver expert guidance.
• Interpret Regulatory Frameworks: Analyze and apply cybersecurity regulations and standards, including SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HiTRUST, and NIST 800-171/CMMC.

Benefits

• Career Development: Clear path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
• Growth Opportunity: Early-stage company with significant room for career advancement.
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.