FieldguideRemote
Lead Compliance Manager
United States
Full Time
2 weeks ago
$170,000 - $210,000 USD
H1B Sponsor
Key skills
AWSCloudPythonTerraformTypeScriptAICloudFormationIAMGitHubCI/CDSales
About this role
Role Overview
- Lead SOC 2 and ISO programs through the full audit lifecycle, scoping, evidence collection, control testing, auditor management, and remediation tracking.
- Drive Fieldguide’s journey towards additional compliance frameworks and standards from gap assessment to audits.
- Own the mapping of controls across overlapping frameworks. Maintain corporate policies, standards, and procedures.
- Manage external relationships with auditors, assessors, consultants, and customers. Coordinate audit timelines, responses, and remediation plans.
- Build integrations that continuously gather compliance evidence from AWS, GitHub, identity providers, and internal systems. Replace manual screenshots and spreadsheets with automated, auditable pipelines.
- Design and implement continuous control monitoring: surface drift, alert on failures, and maintain dashboards for compliance program health and KPIs.
- Own and operate the GRC platform. Configure control mappings, manage integrations, and ensure the platform accurately reflects our posture.
- Integrate compliance checks into CI/CD pipelines, infrastructure-as-code reviews, and deployment processes. Make compliance a natural part of how engineers ship code.
- Build and maintain self-serve tools that streamline customer security questionnaires, trust center content, and due diligence processes.
- Partner with GTM teams to handle strategic customer security assessments. Help articulate Fieldguide’s compliance posture in sales processes.
- Reduce time-to-response on security reviews through automation and scalable processes.
- Evaluate and monitor third-party vendors for security and compliance risk. Build and maintain the vendor assessment program.
- Create and deliver security awareness training. Draft security best practices and drive company-wide adoption.
Requirements
- 6+ years in security compliance, GRC, or audit with direct experience managing SOC 2 and ISO 27001 programs through full audit cycles.
- Experience with compliance automation platforms, especially building and automating controls and integrations.
- Working knowledge of AWS security services, CloudTrail, Config, Security Hub, IAM, and the ability to query and integrate them programmatically.
- Familiarity with infrastructure-as-code tools (Terraform, CloudFormation) and CI/CD pipelines.
- Experience with AI governance frameworks (ISO 42001) or the intersection of AI compliance and traditional security compliance is a plus.
- Prior experience in public accounting or audit firms, understanding our customers’ world from the inside, is a plus.
- CISA, CISSP, CISM, or ISO 27001 Lead Auditor certification is a plus.
- (Nice to have) Hands-on technical skills: you write production-quality code or scripts (Python, TypeScript, or similar) and can build integrations with APIs and cloud services.
- (Nice to have) FedRAMP experience: you’ve been through at least one authorization or significant assessment, including SSP development, 3PAO coordination, and ConMon.
Tech Stack
- AWS
- Cloud
- Python
- Terraform
- TypeScript
Benefits
- Competitive compensation packages with meaningful ownership
- Flexible PTO
- 401k
- Wellness benefits
- Technology & Work from Home reimbursement
- Flexible work schedules