Security Compliance Manager

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security Compliance Manager based in the United States.

This role is a key driver of security compliance maturity within a fast-growing, highly regulated SaaS environment supporting clinical research operations at global scale. You will own and evolve certification readiness efforts, ensuring continuous alignment with frameworks such as ISO 27001 and SOC 2 while maintaining an audit-ready posture across the organization. The position bridges security, engineering, and operations by translating compliance requirements into clear, actionable controls and workflows. You will play a central role in strengthening risk management practices, improving evidence collection processes, and supporting both internal and external audits. This is a highly cross-functional role requiring strong communication, structure, and the ability to influence across technical and non-technical teams. You will also help shape scalable compliance processes that support long-term growth in regulated environments. The work environment is remote-first, collaborative, and focused on building trust in secure, compliant systems at scale.

Accountabilities:

• Lead and maintain security certification programs including ISO 27001 and SOC 2, ensuring continuous audit readiness, surveillance support, and compliance with evolving requirements.
• Operate and improve the Information Security Management System (ISMS), including control reviews, remediation tracking, and ongoing effectiveness monitoring across security domains.
• Manage audit readiness activities by coordinating evidence collection, maintaining audit artifacts, and responding to internal and external auditor requests.
• Drive enterprise risk management activities, including maintaining the risk register, assessing security risks, and tracking remediation plans through to closure.
• Partner with Security leadership to define, track, and report key risk and performance indicators (KRIs/KPIs) and support customer security assessments and questionnaires.
• Oversee updates to security policies and procedures to ensure alignment with certification, regulatory, and business requirements.
• Collaborate cross-functionally to translate compliance requirements into actionable tasks, ownership structures, and measurable control outcomes.

Requirements:

• 5+ years of experience in information security, compliance, or risk management roles within regulated environments (e.g., HIPAA, GLBA, PCI).
• Proven hands-on experience leading ISO 27001 and/or SOC 2 certification and ongoing compliance maintenance.
• Strong knowledge of security frameworks, control design, and audit processes, including risk assessment and gap analysis methodologies.
• Ability to map compliance requirements to operational execution across domains such as access control, incident response, vulnerability management, and secure SDLC.
• Experience working with cloud environments (AWS, Azure, or GCP) and modern software delivery pipelines (CI/CD, Agile).
• Strong documentation and communication skills, with the ability to produce audit-ready materials and engage stakeholders at all levels.
• Relevant certifications such as CISA, CISM, or CISSP are strongly preferred.

Benefits:

• Competitive base salary range: $140,000 – $170,000 USD per year
• Remote-first work environment with flexible scheduling
• Comprehensive health, dental, and vision insurance coverage
• Paid time off and holidays, with additional flexibility depending on tenure
• Retirement savings plan (401k)
• Life, short-term, and long-term disability insurance
• Professional development support and opportunities for certification growth
• Exposure to high-impact security programs in a regulated, global environment

How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best!  Why Apply Through Jobgether?    Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.     #LI-CL1

Vision Insurance, 401(k) Plan, Retirement Plan, Paid Time Off, Disability Insurance, Professional Development, Remote Work