Manager, GRC Engineering

This is a fully remote position, open to applicants in Philippines.

📋 Description

• Take ownership of the Client Experience: Act as the main point of contact for a portfolio of client accounts, fostering strong, trusted relationships and ensuring clients feel supported, informed, and valued during every interaction.

• Lead Client Engagements: Guide clients through compliance initiatives from start to finish — from kickoff to certification — providing clear communication, proactive updates, and expert advice at every stage.

• Manage Escalations with Professionalism: Address complex client issues and requests promptly, calmly, and with a solution-focused mindset that builds confidence and encourages long-term retention.

• Serve as a Trusted Advisor: Comprehend each client's distinct business context and provide compliance guidance that is practical, actionable, and customized to their specific needs.

• Collaborate Across Functions: Work alongside internal teams and client stakeholders to integrate security and compliance best practices and swiftly resolve issues.

• Supervise and Develop a Team of Analysts: Manage a team of 3–5 analysts through coaching, mentorship, and performance management, promoting accountability, quality, and professional development.

• Ensure Consistent Delivery: Guarantee that the team meets deadlines and produces high-quality work across all active client engagements, stepping in to assist as needed.

• Develop and Maintain Compliance Frameworks: Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards.

• Oversee Compliance Certifications: Lead and execute SOC 2 and ISO 27001 implementation and certification projects across multiple cloud environments (AWS, GCP, Azure).

• Conduct Risk and Security Audits: Perform regular risk assessments and audits to identify vulnerabilities and strengthen overall security posture.

• Monitor Regulatory Changes: Stay updated on evolving regulations and frameworks to ensure the relevance and accuracy of compliance controls.

• Utilize Compliance Automation Tools: Leverage platforms like Drata, Vanta, and SecureFrame to monitor compliance metrics and ensure continual audit readiness.

⛳️ Requirements

• Proven experience in managing client relationships directly — you are adept at owning accounts, navigating challenging conversations, and being the trusted representative of an engagement.

• Exceptional professionalism in all client-facing communications, with excellent written and verbal English skills.

• A minimum of 5 years of experience in managing or leading a team.

• Demonstrated experience managing compliance programs with practical knowledge of SOC 2 and ISO 27001 frameworks.

• Strong understanding of technical control implementation in cloud platforms (AWS, GCP, Azure).

• Capability to manage multiple compliance projects simultaneously without compromising client experience or quality.

• Bachelor's degree in Information Technology, Cybersecurity, or a related field.

• Ability to work independently with a strong sense of initiative.

• Willingness to work within US time zone hours.

• Nice to Have: Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance role.

• Relevant certifications (e.g., CISA, CISSP, CISM).

• Experience in consulting.

• Familiarity with additional frameworks and regulations (e.g., HiTRUST, PCI DSS, NIST, GDPR, HIPAA).

🏝️ Benefits

• Career Development: Clear growth path with mentorship and training opportunities.

• Technical Training: In-depth onboarding on security and compliance frameworks.

• Competitive Compensation: Attractive base salary with regular performance reviews, merit-based evaluations, and bonus opportunities.

• Growth Opportunity: Early-stage company offering significant potential for career advancement.

• Remote-First Culture: Flexibility to work from any location while collaborating with a global team.