Key skills
CloudSDLCAIMLSaaSLeadershipRisk ManagementCommunication
About this role
Role Overview
- Lead and oversee global compliance programs (ISO/IEC 27001, 22301, 27701, 20000-1, SOC 2, NIST CSF, CSA STAR) to maintain continuous audit readiness
- Plan and execute risk-based IT and internal audits, with a strong focus on secure SDLC, software engineering processes, cloud infrastructure, and AI security domains
- Evaluate and enhance the effectiveness of security and governance controls, driving continuous improvement across policies and processes
- Contribute to RFPs and security questionnaires with accurate and strategic security and compliance input
- Manage audit and security vulnerability findings end-to-end, ensuring sustainable remediation and measurable control improvements
- Actively support the Third-Party Risk Management (TPRM) program by participating in SaaS security assessments and vendor due diligence
- Define and track key audit and compliance metrics, reporting insights to leadership and relevant stakeholders
- Assess the risk and privacy impact of emerging technologies (AI, ML, and automation), guiding engineering teams on secure adoption practices.
Requirements
- 3+ years of hands-on experience in audit, compliance, risk management, or information security, preferably within a SaaS, cloud-native, or technology-driven environment
- Hands-on experience with ISO/IEC standards (27001, 27701, 22301, 20000-1) and SOC 2, including preparation, audit coordination, and evidence management
- Experience advising cross-functional stakeholders and influencing control improvements in dynamic technology environments
- Practical knowledge of international security and privacy regulations (e.g., GDPR, CCPA) and related compliance practices
- Experience supporting or managing Third-Party Risk Management (TPRM), vendor due diligence, and customer-facing compliance processes
- Proven ability to manage multiple audits and compliance initiatives simultaneously in a fast-paced environment
- Strong verbal and written communication skills in English, including documentation and policy writing.
- ISO 27001, 22301, 27701, 20000-1 LA (Preferred Certification)
- ISACA certifications such as CISA, CISM, or CRISC (Preferred Certification)
- Experience with SOC 2, NIST, CSA STAR reporting frameworks (Preferred Certification)
- ITIL certification (nice-to-have)
Tech Stack
- Cloud
- SDLC
Benefits
- Unlimited opportunity
- Global exposure
- Equal opportunity employer