Compliance Manager

Key Responsibilities-

Compliance & Program Management

• Lead the full lifecycle of compliance programs — from scoping and gap assessments to remediation, controls implementation, audit prep, and certification.
• Maintain and continually improve the Information Security Management System (ISMS) as per ISO standards.
• Oversee the SOC 2 program: manage readiness assessments, control design, evidence gathering, auditor liaison, and remediation.
• Map controls across frameworks (ISO, SOC, others) to drive efficiencies and avoid duplication.
• Monitor emerging standards, regulatory changes, and industry best practices; evaluate relevance and lead adoption when needed.

Audit & Assurance

• Plan, coordinate, and lead internal audits of security controls, policies, and processes.
• Interface with external auditors, respond to audit inquiries, facilitate walkthroughs, and drive closure of findings.
• Conduct regular review of control effectiveness, risk assessments, and control self-assessments.
• Prepare and deliver audit readiness documentation, reports, dashboards, and metrics to leadership.

Risk, Controls & Remediation

• Perform regular risk assessments, including IT, process, and vendor risks, and propose mitigations.
• Track and manage the remediation of identified gaps (from audits or assessments), ensuring timely closure.
• Oversee third‑party / vendor security assessments (questionnaires, audits, due diligence), ensure vendor controls align with TAC’s security posture.
• Assist with defining, enforcing, and measuring key security metrics, KPIs, KRIs, SLAs, pass/fail criteria, etc.

Policy & Process

• Develop, maintain, and communicate security and compliance policies, standards, procedures, and guidelines.
• Collaborate with stakeholders (Engineering, DevOps, IT, HR, Legal) to ensure alignment and adoption of control requirements.
• Drive security awareness and training programs tied to compliance responsibilities.
• Help embed “security by design” principles in development, operations, and architecture.

Supporting Functions

• Respond to customer / prospect security questionnaires, RFPs, diligence requests, and security audits.
• Participate in vendor selection / procurement decisions from a security compliance perspective.
• Assist in incident response related to compliance gaps or control failures (e.g., root cause analysis, post‑mortem, corrective actions).
• Provide advisory support in projects, changes, new initiatives — assess compliance impact proactively.

Qualifications & Experience-

Education / Certifications

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience).
• Professional security / audit certifications preferred, e.g.:
• • ISO 27001 Lead Auditor or Lead Implementer
• • CISSP, CISM, CISA, CRISC or equivalent

Experience

• Typically

  5+ years

  in information security, risk, or compliance roles — with hands-on experience in ISO compliance and audits.
• Proven track record managing SOC 2 (Type I / Type II) compliance programs (at least 1 full audit cycle).
• Experience working with external auditors and managing audit processes end to end.
• Familiarity with cloud environments (AWS, Azure, GCP), SaaS, DevOps, and how they relate to security and compliance.
• Experience with vendor / third-party risk assessments.
• Strong stakeholder management skills and ability to influence across technical and non-technical teams.

Skills & Competencies

• Deep understanding of ISO (27001, 27701 or relevant) and SOC 2 frameworks, trust service criteria, control requirements, etc.
• Excellent analytical skills — ability to identify gaps, risks, and propose effective remediation.
• Strong documentation skills — policies, procedures, evidence, audit artifacts.
• Excellent communication (verbal & written) — ability to present to executives, technical teams, and auditors.
• Project management skills — ability to juggle multiple assurance initiatives, set timelines, and drive closure.
• High ownership, integrity, attention to detail, and ability to work independently or as part of cross-functional teams.