Senior Assurance Manager

5+ years of experience in cyber GRC, IT audit, or security assurance role. Deep, hands-on experience implementing and managing compliance programs based on common security frameworks (SOC 2, ISO 27001). Proven experience building or managing assurance programs in a remote-first, cloud-native environment. Strong working knowledge of security risk and governance frameworks (NIST Cybersecurity Framework, MITRE ATT&CK, NIS 2). Knowledge of emerging AI governance frameworks and regulations (NIST AI RMF, ISO/IEC 42001, EU AI Act). Proven experience securing and auditing public cloud environments (GCP, AWS, or Azure). Direct administrative experience managing a GRC or compliance automation platform (Vanta experience preferred). Proven experience managing the full lifecycle of external audits. Experience working directly with engineering and SRE teams to integrate security controls into the SDLC and CI/CD pipelines. Strong understanding of cloud security principles, architectures, and securing containerized environments. Familiarity with the AI/ML development lifecycle and security/privacy risks associated with ML and Generative AI models. Knowledge of global data security and privacy laws (GDPR, CCPA/CPRA). Experience driving assurance initiatives from ideation to deployment across cross-functional teams. Excellent and professional communication skills (written and verbal). Passion for problem-solving and using scalable solutions. Shares company values: curiosity, transparency & directness, outcome-based performance, and customer empathy.

Serve as primary owner and administrator for the Vanta compliance management platform. Configure, manage, and optimize Vanta to align with control frameworks. Drive efficiency via automated testing, continuous monitoring, and evidence collection in Vanta. Manage platform workflows for control assignments and tracking. Manage all internal and external audit activities (SOC 2, ISO 27001, NIS 2, penetration tests). Coordinate audit tasks: evidence gathering, auditor requests, interviews, remediation. Ensure compliance with security and privacy programs. Develop, maintain, and manage the enterprise risk register. Own and execute the risk and vulnerability assessment process. Manage the end-to-end risk and control exception process. Coordinate with SRE and business teams on BCP/DR planning and data backup. Develop and manage the Third-Party Risk Management (TPRM) program. Own, manage, and implement security policies, standards, and procedures. Define, establish, and track GRC program KPIs and metrics. Monitor external landscape for new laws, regulations, and industry standards impacting the organization, including AI governance. Contribute to the security budget. Act as a key security representative for customers; engage and present on security posture. Lead response to customer-facing risk assessments and security questionnaires. Maintain a central repository of standardized answers for questionnaires. Lead, manage, and deliver company-wide security awareness and training. Work with cross-functional teams (Legal, SRE, Engineering, AI/ML, Data Science) to integrate assurance and AI governance. Enable a culture of continuous improvement and innovation.