Security & Compliance Manager

The Security & Compliance Manager will oversee all aspects of the company's security and compliance programs, ensuring they remain pragmatic, effective, and aligned with industry best practices. This role requires a strong focus on maintaining compliance certifications, managing IT infrastructure, and addressing customer security inquiries while facilitating governance processes across the organization.

Key Responsibilities:

• Policy Maintenance:

  Manage and maintain all company policies, ensuring alignment with best practices and regulatory requirements. Facilitate periodic reviews and secure necessary approvals from management.

• Compliance Oversight:

  Monitor SOC 2 Type 2, ISO 27001, and other certifications via Vanta or similar tools, ensuring adherence to controls and requirements.

• Audit Management:

  Arrange audits for certifications, collaborate with auditors, and resolve nonconformities proactively to maintain a clean audit record.

• IT Infrastructure Management:

  Oversee IT infrastructure, including account creation for onboarding, offboarding employees, managing web filtering, and governing company laptops.

• Security Governance:

  Organize and facilitate periodic security governance meetings with management to review and improve security practices.

• Customer Security Requests:

  Serve as the primary point of contact for customer-side CISO requests. Respond to security inquiries, provide necessary documents, and collaborate with implementation and sales teams.

• Regulatory Filings:

  Work with the Customer Success team to manage periodic regulatory filings and security documentation required by customers.

• Pragmatic Security:

  Maintain a mature and sensible security posture that meets customer expectations without overkill, balancing practicality and professionalism.

• Security Best Practices:

  Stay updated on the latest security trends and adopt best practices to continuously enhance the organization's security posture.

Qualifications:

• Proven experience in security, compliance, or IT governance roles, with a track record of maintaining certifications like SOC 2 and ISO 27001.
• Strong understanding of compliance tools such as Vanta or similar platforms.
• Experience managing IT infrastructure and security governance, including employee onboarding/offboarding processes.
• Ability to manage audits and effectively collaborate with auditors to ensure compliance.
• Strong communication skills to address customer security inquiries and provide clear documentation.
• A pragmatic approach to security that balances feasibility with maturity.
• Proactive, detail-oriented mindset with the ability to handle multiple responsibilities simultaneously.
• Familiarity with security best practices and the ability to stay ahead of industry trends.