Sr. Manager - Security & Compliance

Position Summary

We are seeking a Senior Manager, Security & Compliance to lead our global information security and compliance programs. You will own security governance, risk management, and our PCI DSS, SOC 2, and ISO 27001 initiatives; partner with Engineering and DevOps on control implementation and remediation; and support customer-facing teams on security assessments and contractual requirements.

You will also lead accessibility compliance initiatives in partnership with Product, Engineering, UX/UI, and QA—ensuring our platforms align with applicable standards and customer expectations.

This position is based in India and supports stakeholders across North America, Europe, and other regions. Success requires strong collaboration across time zones, clear communication with executives and auditors, and the ability to balance security rigor with business objectives.

What Success Looks Like (First 12 Months)

• Maintain audit-ready compliance programs (SOC 2, ISO 27001, PCI DSS as applicable) with timely evidence collection and remediation of findings.
• Keep security policies, risk register, and operational documentation current and aligned with business changes.
• Establish predictable processes for customer security questionnaires and reviews in partnership with Sales and Account Management.
• Strengthen partnership with Engineering/DevOps on vulnerability management, access controls, and incident response readiness.
• Advance accessibility compliance roadmap with Product and Engineering, including prioritized remediation from assessments.
• Deliver a measurable security awareness program for all employees.
  
  

Key Responsibilities

Security Governance & Strategy

• Serve as the primary security and compliance authority for the organization.
• Develop, maintain, and enforce company-wide security policies, standards, and procedures.
• Provide security guidance and risk assessments for new products, services, vendors, and business initiatives.
• Lead security governance forums and present security metrics, risks, and roadmap updates to executive leadership.
• Maintain the organization's security roadmap and continuous improvement initiatives.
  
  

Compliance & Audit Management

• Own and manage compliance programs including PCI DSS, SOC 2, ISO 27001, and customer security assessments.
• Coordinate internal and external audits; maintain evidence repositories and control documentation.
• Track remediation activities and ensure timely closure of audit and assessment findings.
• Manage relationships with auditors, assessors, and compliance consultants.
• Support privacy and data protection obligations (e.g., GDPR) in coordination with Legal, including data processing and vendor requirements where applicable.
  
  

Risk Management & Vendor Security

• Manage risk assessments and maintain the corporate risk register.
• Conduct periodic reviews of security controls and related business processes.
• Coordinate third-party and vendor security reviews; support third-party risk management workflows.
• Ensure documentation remains current, accurate, and audit-ready.
  
  

Security Operations Oversight (Governance, Not Hands-On SOC)

• Provide governance and oversight for security operations performed by Engineering and DevOps, including:
• Vulnerability management and remediation tracking
• Security monitoring and alerting standards
• Identity and access management policies
• Cloud security controls (AWS and Azure)
• Incident response planning and procedures
• Review penetration test results and oversee remediation through completion.
• Participate in security incident investigations, tabletop exercises, and post-incident reviews.
• Evaluate and recommend security tools and technologies in partnership with technical teams.
  
  

Security Awareness & Training

• Develop and maintain the company's security awareness program.
• Deliver or coordinate regular security training for employees.
• Run phishing simulations and awareness campaigns; track completion of required training.
  
  

Customer & External Security Engagement

• Respond to customer security questionnaires, RFPs, and assessments with consistent, accurate content.
• Participate in customer security reviews and meetings as needed.
• Support Sales and Account Management on security-related inquiries and contractual security obligations.
  
  

Accessibility Compliance (Partnership Model)

• Lead accessibility governance and compliance initiatives in partnership with Product, Engineering, UX/UI, QA, and Customer Success.
• Develop and maintain accessibility policies, standards, and best practices for products, platforms, and internal systems.
• Ensure accessibility requirements are incorporated into development, QA, and release processes.
• Manage compliance efforts related to WCAG 2.1/2.2, ADA, Section 508, and regional accessibility requirements as applicable.
• Coordinate accessibility audits, assessments, and remediation prioritization with cross-functional owners.
  
  

Required Qualifications

• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field—or equivalent practical experience.
• 7+ years of information security experience.
• 3+ years managing security governance, risk, and compliance (GRC) programs.
• Demonstrated experience with PCI DSS, SOC 2, and ISO 27001 programs, including external audits and evidence management.
• Strong understanding of cloud security principles (AWS and Azure) in a SaaS or multi-tenant environment.
• Experience with risk management frameworks and maintaining a corporate risk register.
• Experience creating, maintaining, and operationalizing security policies and procedures.
• Experience supporting customer security questionnaires and stakeholder-facing security reviews.
• Working knowledge of accessibility standards and compliance (WCAG 2.1/2.2, ADA, Section 508) and experience partnering with product/engineering teams on remediation.
• Excellent written and verbal communication skills; ability to engage technical teams, auditors, customers, and executives.
• Ability to work effectively across global time zones, with regular overlap to US and/or EU business hours.
  
  

Preferred Qualifications

• Professional certifications such as CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Implementer/Auditor.
• Experience with GDPR and privacy program support in coordination with Legal.
• Familiarity with NIST CSF, CIS Controls, or similar frameworks used in customer assessments.
• Experience in events, hospitality, or B2B SaaS industries.
• Experience leading or coordinating security awareness and phishing simulation programs at scale.
  
  

Working Conditions

• Based in India; supports global operations and customer engagements.
• Regular collaboration hours overlapping US and/or European stakeholders.
• Travel: occasional, as needed for audits, customer meetings, or company events (estimated minimal).
  
  

About Aumni Techworks

Aumni Techworks, established in 2016, is a Software Services Company that partners with Product companies to build and manage their dedicated teams in India. So, while you are working for a services company, you are working within a product team and growing with them. We do not take projects, and we have long term (open ended) contracts with our clients. When our clients sign up with us, they are looking at a multi-year relationship. For e.g. Some of the clients we signed up 8 or 6 years, are still with us. We do not move people across client teams and there is no concept of bench. At Aumni, we believe in quality work, and we truly believe that Indian talent is at par with someone in NY, London or Germany. 300+ and growing.

Benefits Of Working At Aumni Techworks

• Our award-winning culture reminds us of our engineering days.
• Medical insurance (including Parents), Life and Disability insurance
• 24 leaves + 10 public holidays + leaves for Hospitalization, maternity, paternity and bereavement.
• On site Gym, TT, Carrom, Foosball and Pool table
• Hybrid work culture
• Fitness group / rewards
• Friday Socials, Annual parties, treks