Security and Compliance Manager

This is a fully remote position, open to applicants in Serbia.

📋 Description

• Take charge of Semaphore's readiness for SOC 2 and ISO 27001, including evidence collection and audit coordination.

• Ensure that policies, controls, procedures, and supporting documentation are up-to-date and practical.

• Monitor compliance gaps and facilitate follow-up actions with the appropriate stakeholders.

• Manage customer security questionnaires, compliance requests, and vendor assessments using clear, reusable materials.

• Sustain effective risk management, vendor review, privacy, and DPA workflows to align customer commitments with internal practices.

• Collaborate with Engineering and Infrastructure teams on technical control validation, penetration testing, access reviews, and governance for cloud/on-prem environments.

• Maintain security and compliance processes that are streamlined, transparent, and effectively managed, including adapting to emerging governance requirements related to internal AI usage.

⛳️ Requirements

• Located in Serbia, with over 3 years of experience in IT compliance, information security, risk management, privacy, audit, operations, or a related field where you had significant ownership and accountability.

• Proficient understanding of security, compliance, audit, or risk management practices, with a quick ability to learn frameworks such as SOC 2 and ISO 27001.

• Proven experience in managing or coordinating critical processes from start to finish, including audit evidence, policies, risk tracking, vendor reviews, customer questionnaires, access reviews, internal controls, or cross-functional operations.

• Excellent written communication skills, with the capability to clarify compliance issues for non-experts.

• Good judgment: the ability to differentiate between genuine risk, audit formalities, and unnecessary procedures.

• Capable of working independently in a remote work environment and effectively organizing multiple tasks.

• Nice to Have: Direct experience with SOC 2, ISO 27001, SaaS, cloud infrastructure, developer tools, or enterprise software.

• Familiarity with GDPR, DPAs, privacy operations, or customer assurance workflows.

• Experience collaborating with Engineering or Infrastructure teams on security controls.

• Exposure to AI governance, third-party risk management, or security tools, particularly in organizations incorporating AI internally.

• Relevant certifications such as Security+, ISO 27001, CISA, CISSP, CIPM, CIPP/E, or similar.

🏝️ Benefits

• The opportunity to have an impact on a product competing in a global market.

• Join a close-knit team of approximately 30 full-time employees who are passionate about their work.

• Enjoy a balanced 40-hour work week within a friendly and supportive work atmosphere.

• Competitive salary offered.

• Company retreats to foster team bonding.

• Opportunities for continuous learning and the flexibility to choose your preferred tools and equipment.

• Paid attendance at conferences and the option to select books of your choice.

• Engage with developers utilizing Semaphore and discuss the latest innovations in software development and deployment.

• Paid membership at a fitness club of your choice.