Principal Security and Compliance Manager

Posted 8 days agoViewed

View full description

💎 Seniority level: Principal, 4–6+ years

📍 Location: United States, India

💸 Salary: 145000.0 - 165000.0 USD per year

🔍 Industry: SaaS

🏢 Company: SearchStax

🗣️ Languages: English

⏳ Experience: 4–6+ years

🪄 Skills: AWSProject ManagementCloud ComputingCybersecurityCI/CDRESTful APIsDevOpsComplianceRisk ManagementSaaS

Requirements:

4–6+ years of experience in security, compliance, or risk management, preferably in a SaaS or technology environment.
Hands-on experience with SOC 2, ISO 27001, and related compliance frameworks.
Strong understanding of security best practices and frameworks (e.g., NIST, CIS Controls).
Knowledge of GDPR, CCPA, HIPAA, and/or FedRAMP.
Excellent organizational and project management skills with the ability to prioritize in a fast-paced environment.
Strong analytical, problem-solving, and communication skills.
Security or compliance certifications such as CISA, CISM, CISSP, or CIPT preferred.
Experience working in a growth-stage SaaS startup preferred
Familiarity with cloud platforms like AWS, Azure, or Google Cloud preferred
Experience with GRC tools and processes preferred.

Responsibilities:

Lead and manage compliance certifications such as SOC 2, ISO 27001, and others required by customers and regulators.
Develop, implement, and enhance policies, procedures, and controls to align with compliance standards.
Oversee external audits and act as the primary point of contact for auditors and assessors.
Assemble and execute against a longer-term compliance plan, which will evolve and transform as the Company scales.
Develop and maintain an effective information security program to protect company and customer data.
Collaborate with Engineering and IT teams to ensure security best practices are implemented in product development, infrastructure, and operations.
Monitor security risks and vulnerabilities, and drive remediation efforts.
Conduct regular risk assessments to identify, evaluate, and mitigate risks.
Establish and maintain a governance, risk, and compliance (GRC) framework to track compliance and security activities.
Stay updated on regulatory changes and adjust programs to meet new requirements (e.g., GDPR, CCPA, HIPAA, FedRAMP).
Maintain detailed records of security and compliance frameworks, policies, and audit evidence.
Provide regular updates to the COO and executive team on the state of security and compliance initiatives.
Prepare responses to customer security and compliance questionnaires.
Maintain and update SearchStax Policies in alignment with the leadership team and their updates to meet compliance requirements
Work closely with Sales, Customer Success, and Legal teams to address customer compliance inquiries and ensure alignment with contractual obligations.
Partner with Product and Engineering teams to ensure security and compliance are built into product design and development.
Develop and deliver security and compliance training programs to employees.
Foster a culture of security awareness and accountability across the organization.

Apply