Senior Security Assurance Manager

This is a fully remote position, open to applicants in Virginia, +1 more state.

📋 Description

• Take ownership of Trase's SOC 2 and HIPAA programs from start to finish, encompassing scoping, control design, evidence collection, and tracking of remediation efforts.

• Spearhead the preparation and implementation of additional compliance frameworks as Trase expands into new markets, including ISO 27001, FedRAMP, NIST 800-53, CMMC, and ISO 42001.

• Oversee the entire audit lifecycle, acting as the main liaison for auditors, assessors, and regulatory bodies.

• Maintain Trase's enterprise risk register, performing regular risk assessments across personnel, processes, and technology.

• Develop, document, and operationalize security policies, standards, and procedures that align with industry frameworks and Trase's risk appetite.

• Manage our common control framework in Drata, ensuring effective monitoring and refinement of controls across overlapping areas to reduce duplication and ease audit burdens.

• Transition Trase's compliance strategy from reactive to proactive by instituting continuous control monitoring, automated evidence gathering, and ongoing control testing.

• Establish Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and reporting schedules that provide leadership with real-time insights into the security program's status.

• Identify control weaknesses, conduct root cause analyses, and facilitate remediation efforts in collaboration with control owners throughout the organization.

• Enhance and manage Trase's third-party risk management program, which includes vendor security assessments, ongoing monitoring, and security requirements in contracts.

• Collaborate with the Legal team to ensure Data Processing Agreements (DPAs), Business Associate Agreements (BAAs), and security addenda comply with regulatory and customer standards.

• Serve as a senior representative alongside other subject matter experts in customer security evaluations, RFPs, and trust discussions with prospects.

• Maintain trust-related materials (SOC 2 reports, security questionnaires, trust portal content) to streamline customer due diligence processes.

• Convert customer and regulatory expectations into actionable program directives.

• Work closely with colleagues in Trase Security and Compliance, Engineering, and across the organization to ensure that controls are functioning effectively and as intended.

• Collaborate with Legal, HR, IT, and Finance on shared control responsibilities and program execution.

⛳️ Requirements

• Over 10 years of progressive experience in security assurance, Governance, Risk Management, and Compliance (GRC), controls engineering, or information security audit roles, including several years in a senior or program-owning position.

• Extensive, hands-on experience managing or supporting SOC 2 and HIPAA programs from beginning to end, including oversight of external auditors or internal assessors.

• Strong working knowledge of additional frameworks such as ISO 27001, FedRAMP (Moderate/High), NIST 800-53, NIST Cybersecurity Framework (CSF), and CMMC, ideally with experience in mapping or integrating their requirements within common control frameworks (CCF).

• Proven experience in designing and implementing continuous control monitoring programs to achieve proactive situational awareness before issues arise as findings in external contexts (e.g., audits).

• Demonstrated ability to create clear, defensible security policies, standards, procedures, and documentation.

• Strong foundation in risk management, including practical experience conducting risk assessments and maintaining a risk register.

• Experience leading customer-focused security evaluations, RFP responses, and trust discussions with sophisticated enterprise clients or partners.

• Track record of effectively partnering with engineering and product teams to embed controls within systems rather than around them.

• Excellent written and verbal communication skills, capable of bridging conversations between auditors, executives, customers, and engineers.

• A strong affinity for and practical experience with working with LLMs and AI agents as part of your workflow—exhibiting sound judgment on their deployment for efficiency, task orchestration, and confident operation.

🏝️ Benefits

• Career development opportunities with the potential for swift advancement based on strong performance as the company expands.

• Comprehensive healthcare coverage, including medical, dental, and vision, fully paid by the employer for you and your family.

• Paid maternity and paternity leave for 14 weeks at the employee's regular pay rate.

• Unlimited paid time off (PTO), subject to management approval.

• Opportunities for professional growth and continuous learning.

• Optional benefits including a 401K plan, Flexible Spending Account (FSA), and equity incentives.

• Mental health support available through Tara Mind.