SecureLogixRemote
Product Security Assurance & Compliance (PSAC) Manager
United States of America
Full Time
6 hours ago
No H1B
Key skills
AIMLEntra IDRepositoryLeadershipRisk ManagementProduct ManagementCollaborationSales
About this role
SecureLogix is a company focused on enhancing product security and compliance. They are seeking a Product Security Assurance & Compliance Manager to lead and manage the PSAC program, ensuring security documentation, compliance, and risk management across the organization.
Responsibilities:
- Conduct a comprehensive audit of all existing security-related documentation across the enterprise
- Inventory all existing security policies, procedures, standards, and evidence artifacts across the organization
- Identify duplicate, conflicting, or outdated documentation and consolidate into a single, authoritative source of truth
- Establish a version-controlled, centralized documentation repository accessible to authorized personnel
- Define and enforce documentation governance standards to prevent re-fragmentation over time
- Conduct a structured gap analysis mapped to relevant frameworks (NIST CSF, ISO 27001, CIS Controls, etc.) and customer requirements
- Maintain a prioritized remediation roadmap with clear ownership, timelines, and measurable outcomes
- Track remediation progress and provide regular status reporting to executive leadership
- Use recurring questionnaire themes to proactively identify systemic gaps before they surface in customer engagements
- Manage the full lifecycle of all inbound questionnaires (SPSRD, SIG, CAIQ, HECVAT, custom)
- Build and maintain a centralized repository of pre-approved responses and supporting evidence artifacts to enable rapid, consistent turnaround
- Collaborate with Engineering, IT, Legal, and executive leadership to gather accurate technical and policy information
- Track all assessment timelines and ensure on-time delivery to support active sales cycles
- Leverage assessment responses to inform gap analysis and product-level risk identification
- Design and deploy an internal, self-service security Q&A tool enabling any authorized SecureLogix employee to quickly retrieve accurate, pre-approved answers to common security questions
- Establish an escalation workflow: questions that do not return a sufficient answer are automatically flagged and routed to the PSAC Manager for resolution and knowledgebase enrichment
- Invest time to achieve a thorough understanding of SecureLogix product architecture, data handling, authentication mechanisms, and customer-facing integrations
- Maintain fluency sufficient to accurately map product behavior to security controls and framework requirements when responding to customer assessments
- Identify product-level security risks or deficiencies surfaced through customer questionnaires, assessments, or gap analysis
- Submit product security improvement ideas through the formal Product Management process for prioritization and review
- Collaborate with Product Management and Engineering to ensure new features and enhancements are evaluated against documented security policies prior to release
- Sign-off on feature releases to ensure compliance with documented security policies and practices
- Lead planning, execution, and maintenance of security certifications including ISO 27001 and other frameworks as required
- Manage certification project plans, timelines, and milestones from scoping through audit completion
- Coordinate with external auditors, assessors, and consultants throughout the certification lifecycle
- Identify and remediate control gaps in collaboration with IT and Engineering to achieve and maintain certification readiness
- Develop, maintain, and continuously improve security policies, standards, and procedures aligned to NIST CSF, CIS Controls, ISO 27001, and customer requirements
- Maintain a controls matrix mapping organizational controls to multiple frameworks and customer requirements
- Manage the organization's risk register, including regular risk assessments and treatment plans
- Develop and maintain an AI security policy addressing emerging AI/ML risks and usage
- Ensure all security documentation is current, version-controlled, and audit-ready at all times
- Partner with Sales to address security concerns during the sales cycle, participating in customer calls and presentations as the security subject matter expert
- Develop customer-facing security materials: whitepapers, trust center content, compliance summary sheets, and presentation-ready security briefings
- Proactively identify certification or compliance milestones that will strengthen competitive positioning
- Maintain and deliver the employee AI security awareness training program, including onboarding and annual refresher training
- Coordinate with IT to ensure technical controls align with documented policies and compliance requirements
Requirements:
- Bachelor's degree in Information Security, Cybersecurity, Business, or related field (or equivalent professional experience)
- 4+ years in information security compliance, GRC, or security audit/assessment roles
- Extensive hands-on experience responding to customer security assessments and third-party questionnaires
- Strong working knowledge of NIST CSF, CIS Controls, ISO 27001
- Demonstrated ability to read and understand technical architecture documentation, data flow diagrams, and API/integration specifications — sufficient to engage credibly with Engineering and accurately represent product behavior in security assessments
- Excellent skills producing clear, accurate, and professional security documentation for internal and customer-facing audiences
- Ability to manage multiple concurrent certification and assessment timelines with clear ownership and accountability
- Industry certifications: CISSP, CISM, CISA, CRISC, CCSK, or CompTIA Security+
- Familiarity with Microsoft 365 security and compliance tooling (Purview, Defender, Entra ID)
- Experience working in or supporting a sales organization with security compliance responsibilities
- Background in telecommunications, VoIP, or enterprise security products
- Experience with GRC platforms (Vanta, Drata, OneTrust, or similar)
- Experience designing internal knowledge management or Q&A automation systems
- Knowledge of AI security policy development and emerging AI/ML risk frameworks
- Experience managing compliance in a small-to-midsize enterprise (50-150 employees) with limited resources