The Security & Compliance Manager will oversee all aspects of the company's security and compliance programs, ensuring they remain pragmatic, effective, and aligned with industry best practices. This role requires a strong focus on maintaining compliance certifications, managing IT infrastructure, and addressing customer security inquiries while facilitating governance processes across the organization.
Key Responsibilities:
- Policy Maintenance: Manage and maintain all company policies, ensuring alignment with best practices and regulatory requirements. Facilitate periodic reviews and secure necessary approvals from management.
- Compliance Oversight: Monitor SOC 2 Type 2, ISO 27001, and other certifications via Vanta or similar tools, ensuring adherence to controls and requirements.
- Audit Management: Arrange audits for certifications, collaborate with auditors, and resolve nonconformities proactively to maintain a clean audit record.
- IT Infrastructure Management: Oversee IT infrastructure, including account creation for onboarding, offboarding employees, managing web filtering, and governing company laptops.
- Security Governance: Organize and facilitate periodic security governance meetings with management to review and improve security practices.
- Customer Security Requests: Serve as the primary point of contact for customer-side CISO requests. Respond to security inquiries, provide necessary documents, and collaborate with implementation and sales teams.
- Regulatory Filings: Work with the Customer Success team to manage periodic regulatory filings and security documentation required by customers.
- Pragmatic Security: Maintain a mature and sensible security posture that meets customer expectations without overkill, balancing practicality and professionalism.
- Security Best Practices: Stay updated on the latest security trends and adopt best practices to continuously enhance the organization's security posture.
Qualifications:
- Proven experience in security, compliance, or IT governance roles, with a track record of maintaining certifications like SOC 2 and ISO 27001.
- Strong understanding of compliance tools such as Vanta or similar platforms.
- Experience managing IT infrastructure and security governance, including employee onboarding/offboarding processes.
- Ability to manage audits and effectively collaborate with auditors to ensure compliance.
- Strong communication skills to address customer security inquiries and provide clear documentation.
- A pragmatic approach to security that balances feasibility with maturity.
- Proactive, detail-oriented mindset with the ability to handle multiple responsibilities simultaneously.
- Familiarity with security best practices and the ability to stay ahead of industry trends.
