Manager, Compliance

🕒 Maio 19

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

Horizon3.ai

SiteLinkedInTodas as Vagas

51 - 200 funcionários

Fundada em 2019

A plataforma NodeZero™ capacita sua organização a continuamente encontrar, corrigir e verificar sua superfície de ataque explorável. Reduza seu risco de segurança ao encontrar autonomamente fraquezas em sua rede, sabendo como priorizá-las e corrigi-las, e verificando imediatamente se suas correções funcionam. O NodeZero oferece pentests autônomos seguros para produção e outras operações de avaliação chave que escalam através de seus maiores ambientes internos, externos, em nuvem e em nuvem híbrida. Sem necessidade de agentes, sem código para escrever e sem consultores para contratar. Somos uma fusão de ex-operadores cibernéticos das Operações Especiais dos EUA, engenheiros de startups e praticantes de cibersegurança anteriormente frustrados. Estamos comprometidos em ajudar a resolver nossos problemas comuns de segurança: ferramentas de segurança ineficazes, falsos positivos resultando em fadiga de alerta, pontos cegos, cultura de segurança "para cumprir tabela", escassez de habilidades em cibersegurança e o longo tempo e custo de contratar consultores externos.

Descrição

• Lead, coach, and grow the Compliance team, including ownership of compliance operations, privacy, third-party risk management, and customer assurance • Set priorities and operating rhythms for the team, balancing strategic program maturity, customer-facing support, audit readiness, and cross-functional execution • Serve as the internal lead for compliance efforts, including control mapping, evidence collection, audit coordination, and continuous improvement of the control environment • Maintain and improve compliance against frameworks such as, but limited to: SOC 2, ISO 27001, NIST AI RMF, ISO 42001, DORA, UK Cyber Essentials, FedRAMP, and/or NIST 800-53 • Collaborate with cross-functional teams including Engineering, IT, Legal, HR, Product, Sales, and Customer Success to implement and validate control requirements • Oversee the organization’s data privacy program, ensuring compliance with GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state privacy laws • Maintain records of processing activities (RoPAs), manage data subject access requests (DSARs), and conduct privacy impact assessments (PIAs) • Partner closely with Legal and Product to advise on privacy-by-design, data minimization, and transparency practices • Own and manage the third-party risk management lifecycle, including onboarding reviews, periodic reassessments, contract/privacy reviews, and ongoing risk tracking • Conduct security and privacy due diligence on new vendors and partners supporting the SaaS product • Maintain a current inventory of vendors, subprocessors, and associated risk assessments • Serve as the primary point of contact for customer security questionnaires, RFPs, customer audits, and due diligence requests • Leverage existing documentation such as the SOC 2 report, pentest reports, whitepapers, and DPAs, while partnering with SMEs to provide accurate and timely responses • Support Sales, Customer Success, and Legal in accelerating deals by strengthening trust in our security and compliance posture • Create metrics, reporting, and risk narratives that communicate compliance posture, trends, and priorities to business owners and leadership • Identify opportunities to improve processes, tooling, and documentation that help the company scale its compliance and privacy programs efficiently • Demonstrate a commitment to integrity, process improvement, and customer satisfaction • Act as the primary owner for enterprise security risk, establishing and maturing the Risk Register to ensure all identified threats are centralized and tracked. • Manage the comprehensive risk lifecycle, overseeing everything from initial detection and impact analysis to remediation tracking and formal sign-off. • Implement a standardized risk scoring methodology that utilizes quantitative and qualitative metrics to drive objective prioritization across the entire organization. • Recruiting and onboarding talented individuals to support our organizational goals • Mentoring, coaching, equipping, and developing your team • Recognizing and retaining high performers • Leading horizontally with peer management and senior leaders.

🎯 Requisitos

• Must have deep experience in Governance, Risk, and Compliance (GRC) within a B2B SaaS, cybersecurity, or similarly regulated technology environment • Must have a deep understanding of compliance frameworks such as SOC 2, ISO 27001, NIST AI RMF, DORA, and NIST 800-53, including experience leading annual audits • Must have expertise in GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state data privacy laws • Must have strong working knowledge of third-party risk management, vendor due diligence, and privacy/security review processes • Must have experience responding to security questionnaires, RFPs, customer audits, and due diligence requests • Must be knowledgeable in common SaaS infrastructure and business systems such as AWS, Okta, MDM, SIEM, and DLP • Must have strong written and verbal communication skills, with the ability to translate complex compliance concepts for both technical and non-technical stakeholders • Must be able to work independently and as part of a team, with a strong sense of ownership and accountability • Must have experience building metrics and reporting that communicate compliance risk and program health to leadership.

🏖️ Benefícios

• Health insurance • Vision insurance • Dental insurance • Flexible vacation policy • Generous parental leave • Stock options