Security Compliance Manager
United States-RemoteFull-TimeManager
Salary110,000 - 140,000 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 5+ years in a dedicated information security role
- Required Skills
- AWSGCPAzureCI/CDChange Management
Requirements
- Experience leading a successful ISO 27001 or SOC 2 certification effort.
- 5+ years in a dedicated information security role in a regulated environment (e.g., HIPAA, GLBA, PCI).
- Security certification such as CISA, CISM, CISSP (or similar).
- Demonstrated ability to lead ISO 27001 and/or SOC 2 certification efforts and ongoing maintenance activities.
- Strong competency in gap analysis and risk assessment methodologies; able to translate results into prioritized remediation plans.
- Working knowledge of security policy, procedure, and enforcement across key domains: access control, data classification, change management, asset management, BCDR, incident response, vulnerability management, secure SDLC, source control, endpoint protection.
- Ability to translate security/compliance requirements into actionable work for Engineering/IT/Operations (tickets, owners, acceptance criteria, evidence).
- Strong written and verbal communication—able to interface with all levels of the organization and produce high-quality audit-ready documentation.
- Technical foundation sufficient to understand high-level concepts related to public cloud (AWS/GCP/Azure), Agile SDLC, CI/CD, VPNs, and modern web applications.
Responsibilities
- Lead security certification & audit readiness (ISO 27001 / SOC 2): Drive quarterly ISO control requirements, manage ISO surveillance audits, lead SOC 2 examination readiness, and oversee ongoing maintenance activities once achieved.
- Operate the ISMS controls program: Manage internal ISMS control reviews, coordinate remediation and corrective actions, and ensure controls remain effective and scalable as the organization changes.
- Evidence management & auditor response: Prepare for internal and external audits by organizing requests, gathering evidence, maintaining audit artifacts, and authoring clear, consistent responses to auditors.
- Risk management program execution: Recommend and implement improvements to the information security risk management program; develop and maintain the risk register, risk ownership, and workflows for tracking remediation plans to closure.
- Metrics, reporting, and stakeholder enablement: Partner with Security leadership to define and report KRIs/KPIs for the information security program; support consistent responses to customer security audits and questionnaires aligned to program commitments.
- Manage periodic reviews and updates of security policies and procedures to ensure alignment with certifications, business needs, and regulatory expectations.
- Partner with an outsourced/internal audit function to validate control performance and drive continuous improvement.
- Support cross-functional education and adoption of security requirements by translating compliance language into clear tasks, owners, and acceptance criteria.
View Full Description & ApplyYou'll be redirected to the employer's site
