Compliance Manager

What your day could consist of:

• Strategically rebuild and lead the enterprise-level ISMS program, including the comprehensive development, refinement, and ongoing management of policies and procedures.
• Drive the success achievement of continuous maintenance ISO and SOC2 compliance, with an immediate focus on assessing existing gaps, implementing new technical controls, and demonstrating their effectiveness.
• Collaborate extensively with cross-functional teams to streamline internal audit processes and efficiently gather evidence for security controls, fostering a culture of shared responsibility.
• Introduce, explain, and implement new technical controls and compliance best practices, ensuring they are integrated effectively within our SaaS application environment.
• Proactively manage and execute multiple simultaneous compliance initiatives, ensuring clarity, progress, and alignment with strategic goals.
• Develop and maintain a comprehensive, easily accessible security and compliance knowledge base to empower efficient responses to information security questionnaires (ISQs) and RFIs from customers, partners, and vendors.
• Prepare and present actionable metrics and KPIs on the effectiveness of compliance programs, demonstrating tangible improvements and program health.
• Lead and strategically evolve the ISO 27001 program, collaborating seamlessly with internal and external auditors to ensure continuous certification.
• Strategically schedule and oversee third-party penetration testing, vulnerability monitoring, security audits, and comprehensive risk assessments.
• Regularly audit and evaluate company performance against information security standards, identifying areas for improvement and driving corrective actions.
• Lead the operational risk board, maintain a dynamic risk registry, and drive risk mitigation strategies.
• Proactively assist with the development, rollout, and delivery or impactful security awareness training across the organization. 

What is needed:

• Proven experience (5+ years) in a leadership or senior role within information technology/security compliance, specifically with a strong track record in cloud-based SaaS solutions and an immediate focus on establishing and maintaining SOC 2 Type 2 controls.
• BS in Computer Science, Information Systems, IT, or equivalent practical experience.
• Demonstrated ability to assess, realign, and significantly improve a compliance department, including successfully introducing and implementing new technical controls and processes.
• Exceptional written and verbal communication skills, with the ability to articulate complex technical and compliance concepts clearly and persuasively to diverse audiences, from technical teams to executive leadership and external auditors.
• Deep expertise in ISMS governance models (e.g., NIST, ISO 27001), information security roles, and a hands-on ability to design, implement, and validate security controls (ISO, ITIL, NIST, PCI, SOC).
• Strong, practical risk management and auditing experience, with an ability to identify, assess, and mitigate complex security risks.
• In-depth knowledge and practical experience with data privacy regulations such as GDPR and Privacy Shield.
• A strong history of defining, driving, and executing a program vision with clear milestones and measurable outcomes, even in ambiguous environments.
• Experience with data visualization tools like Looker, Tableau, etc. is a plus.
• Basic scripting skills (e.g., Python) for data analysis or automation is a bonus.
• Experience in training, mentoring, or leading other compliance professionals is preferred.