Manager, Compliance

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead, mentor, and develop the Compliance team, taking ownership of compliance operations, privacy, third-party risk management, and customer assurance.

• Establish priorities and operational rhythms for the team, balancing strategic program maturity, customer-facing support, audit readiness, and cross-functional execution.

• Act as the internal lead for compliance initiatives, including control mapping, evidence collection, audit coordination, and continuous enhancement of the control environment.

• Maintain and enhance compliance with frameworks such as SOC 2, ISO 27001, NIST AI RMF, ISO 42001, DORA, UK Cyber Essentials, FedRAMP, and/or NIST 800-53.

• Collaborate with cross-functional teams, including Engineering, IT, Legal, HR, Product, Sales, and Customer Success, to implement and validate control requirements.

• Oversee the organization’s data privacy program, ensuring adherence to GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state privacy regulations.

• Maintain records of processing activities (RoPAs), manage data subject access requests (DSARs), and conduct privacy impact assessments (PIAs).

• Work closely with Legal and Product to provide guidance on privacy-by-design, data minimization, and transparency practices.

• Manage the third-party risk management lifecycle, including onboarding reviews, periodic reassessments, contract/privacy reviews, and ongoing risk monitoring.

• Conduct security and privacy due diligence on new vendors and partners supporting the SaaS product.

• Maintain an updated inventory of vendors, subprocessors, and associated risk assessments.

• Act as the main point of contact for customer security questionnaires, RFPs, customer audits, and due diligence inquiries.

• Utilize existing documentation such as the SOC 2 report, pentest reports, whitepapers, and DPAs, while collaborating with SMEs to deliver accurate and timely responses.

• Assist Sales, Customer Success, and Legal in expediting deals by enhancing trust in our security and compliance posture.

• Develop metrics, reporting, and risk narratives that convey compliance posture, trends, and priorities to business owners and leadership.

• Identify opportunities for process improvement, tooling, and documentation to help the company efficiently scale its compliance and privacy programs.

• Exhibit a commitment to integrity, process enhancement, and customer satisfaction.

• Serve as the primary owner for enterprise security risk, establishing and evolving the Risk Register to ensure all identified threats are centralized and tracked.

• Manage the comprehensive risk lifecycle, overseeing everything from initial detection and impact analysis to remediation tracking and formal sign-off.

• Implement a standardized risk scoring methodology that employs quantitative and qualitative metrics to promote objective prioritization across the organization.

• Recruit and onboard skilled individuals to align with our organizational goals.

• Mentor, coach, and develop your team.

• Recognize and retain high-performing individuals.

• Lead collaboratively with peer management and senior leaders.

⛳️ Requirements

• Must possess extensive experience in Governance, Risk, and Compliance (GRC) within a B2B SaaS, cybersecurity, or similarly regulated technology environment.

• Must have a thorough understanding of compliance frameworks such as SOC 2, ISO 27001, NIST AI RMF, DORA, and NIST 800-53, including experience leading annual audits.

• Must be proficient in GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state data privacy laws.

• Must have a solid working knowledge of third-party risk management, vendor due diligence, and privacy/security review processes.

• Must have experience responding to security questionnaires, RFPs, customer audits, and due diligence requests.

• Must be knowledgeable in common SaaS infrastructure and business systems such as AWS, Okta, MDM, SIEM, and DLP.

• Must possess strong written and verbal communication skills, with the ability to convey complex compliance concepts to both technical and non-technical audiences.

• Must be capable of working independently as well as collaboratively within a team, exhibiting a strong sense of ownership and accountability.

• Must have experience developing metrics and reports that communicate compliance risks and program health to leadership.

🏝️ Benefits

• Health insurance

• Vision insurance

• Dental insurance

• Flexible vacation policy

• Generous parental leave

• Stock options