Senior Assurance Manager

November 21

🏄 California – Remote

Although this job is listed in California, this company may be open to hiring remote in other states.

⛰️ Colorado – Remote

Although this job is listed in Colorado, this company may be open to hiring remote in other states.

+14 more states

🏄 California – Remote ⛰️ Colorado – Remote 🦌 Connecticut – Remote 🐊 Florida – Remote 🌾 Nebraska – Remote 🗽 New York – Remote 🌲 North Carolina – Remote 🦀 Maryland – Remote ❄️ Minnesota – Remote 🏰 Missouri – Remote 🔔 Pennsylvania – Remote 🌴 South Carolina – Remote 🎸 Tennessee – Remote 🤠 Texas – Remote ⚔️ Virginia – Remote ☕ Washington – Remote

💵 $142.3k - $223.2k / year

⏰ Full Time

🟠 Senior

👔 Manager

Apply Now

Receive Emails with Similar Jobs

Phaidra

WebsiteLinkedInAll Job Openings

Artificial Intelligence • Energy • SaaS

Phaidra is a company providing artificial intelligence controls to optimize mission-critical facilities such as data centers and industrial plants. Their closed-loop AI control service enhances plant stability, energy efficiency, and sustainability by reducing downtime, increasing productivity, and lowering CO2 emissions. Unlike traditional control systems, Phaidra's AI-driven controls continuously learn and improve over time without the need for new hardware. The system provides real-time optimization and integrates with existing control systems, enhancing safety and operational stability while providing full transparency of performance data. Phaidra uses cutting-edge deep reinforcement learning techniques to deliver exceptional results in some of the world's toughest challenges, including significant energy savings in Google's data centers.

51 - 200 employees

🤖 Artificial Intelligence

⚡ Energy

☁️ SaaS

📋 Description

• Serve as the primary system owner and administrator for our compliance management platform, Vanta. • Configure, manage, and optimize the platform to align with our implemented control frameworks (e.g., SOC 2, ISO 27001). • Drive efficiency by deploying and maximizing automated testing, continuous monitoring, and evidence collection capabilities within the tool. • Manage platform workflows to ensure all controls, tests, documents, and policies are appropriately assigned to owners across the business and tracked to completion. • Manage all internal and external audit activities (e.g., SOC 2, ISO 27001, NIS 2) and other compliance initiatives (like annual penetration tests). • Coordinate all audit-related tasks, including evidence gathering, managing auditor requests, facilitating interviews, and managing the remediation of any findings. • Ensure our compliance and continued accreditation with all required security and privacy programs. • Develop, maintain, and manage the enterprise risk register, working with stakeholders to identify, assess, and prioritize security and AI-related risks. • Own and execute our risk and vulnerability assessment process. • Manage the end-to-end risk and control exception process, ensuring all exceptions are documented, reviewed, and approved. • Coordinate with the SRE and business teams on Business Continuity and Disaster Recovery (BCP/DR) planning and data backup systems. • Develop and manage the Third-Party Risk Management (TPRM) program. • Own, manage, and implement the full suite of security policies, standards, and procedures, maintaining all related handbook pages and documentation. • Define, establish, and track Key Performance Indicators (KPIs) and metrics to measure the effectiveness of the security program. • Monitor the external landscape for new and changing laws, regulations, and industry standards that impact the organization, including those related to AI governance (e.g., EU AI Act, NIST AI RMF) and AI security best practices (e.g., OWASP Top 10 for LLMs). • Contribute to the security budget, identifying and justifying tools and resources needed to scale the program. • Act as a key security representative for our customers; engage and present on our security posture as needed. • Lead the response to customer-facing risk assessments and security questionnaires, and maintain a central repository of standardized answers. • Lead, manage, and deliver the company-wide security awareness and training program. • Work regularly with cross-functional teams (e.g., Legal, SRE, Engineering, AI/ML, Data Science) to ensure assurance and AI governance considerations, including the Secure AI/ML Development Lifecycle, are integrated into all business processes. • Enable a culture of continuous improvement and innovation, identifying opportunities to enhance security posture and streamline processes.

🎯 Requirements

• 5+ years of experience in a cyber GRC, IT audit, or security assurance role. • Deep, hands-on experience implementing and managing compliance programs based on common security frameworks (e.g., SOC 2, ISO 27001). • Proven experience building or managing assurance programs in a remote-first, cloud-native environment. • Strong working knowledge of security risk and governance frameworks (e.g., NIST Cybersecurity Framework, MITRE ATT&CK, NIS 2). • Knowledge of emerging AI governance frameworks and regulations (e.g., NIST AI RMF, ISO/IEC 42001, EU AI Act). • Proven experience securing and auditing public cloud environments (e.g., GCP, AWS, or Azure) as the primary corporate infrastructure. • Direct administrative experience managing a GRC or compliance automation platform. Vanta experience is preferred. • Proven experience managing the full lifecycle of external audits (e.g., scoping, evidence collection, auditor management). • Experience working directly with engineering and SRE teams to integrate security controls into the SDLC (Software Development Life Cycle) and CI/CD pipelines, and familiarity with secure-by-default concepts. • Strong understanding of cloud security principles, architectures, and securing containerized environments. • Familiarity with the AI/ML development lifecycle and a strong understanding of security and privacy risks associated with machine learning and Generative AI models (e.g., adversarial attacks, model poisoning, prompt injection, data leakage). • Knowledge of global data security and privacy laws (such as GDPR, CCPA/CPRA) and experience implementing their requirements. • Experience driving assurance initiatives from ideation to deployment across cross-functional teams. • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner to a diverse audience. • A passion for problem-solving and using scalable solutions to solve repeat problems. • Shares our company values: curiosity, transparency & directness, outcome-based performance, and customer empathy.

🏖️ Benefits

• Fast-paced, team-oriented environment where your work directly shapes the company’s direction. • We are a 100% remote company. • Competitive compensation & meaningful equity. • Outsized responsibilities & professional development. • Training is foundational; functional, customer immersion, and development training. • Medical, dental, and vision insurance (exact benefits vary by region). • Unlimited paid time off, with a required minimum of 20 days per year. • Paid parental leave (exact benefits vary by region). • Flexible stipends to support your workspace, well-being, and continued professional development. • Company MacBook.