About this role
Role Overview
- Own the ISMS and security governance
- Maintain and evolve our Information Security Management System (ISMS), including policies, standards, control documentation, and the company-wide risk register.
- Run readiness assessments, manage evidence collection, coordinate auditors, track remediation, and ensure continuous audit readiness and not just point-in-time compliance.
- Conduct security assessments for new and existing vendors, define security requirements in contracts, and ensure critical partners meet our standards.
- Own customer security questionnaires, RFP responses, and due diligence processes; maintain a structured library of reusable answers and documentation.
- Ensure controls are operating effectively, coordinate internal testing, and partner with engineering to close gaps in a timely manner.
- Ensure proper documentation, post-incident follow-up, and alignment with compliance requirements for incident management and disaster recovery processes.
- Build and maintain a company-wide Compliance Management-System
Requirements
- 4+ years in Information Security, GRC, or compliance roles
- Hands-on experience owning or significantly contributing to SOC 2 and/or ISO 27001
- Practical experience managing audits and working with external auditors
- Experience handling customer security questionnaires in a B2B environment
- Familiarity with compliance tools such as Drata, Vanta, or similar
- Ability to work cross-functionally with technical and non-technical teams
- Structured, pragmatic, and execution-oriented mindset
Benefits
- Competitive compensation
- Remote-first culture