Search...

IT & Information Security Compliance Manager

1Kosmos logo
1Kosmos

1Kosmos is an identity security company providing a platform for identity verification, passwordless authentication, and reverification across the user lifecycle. It serves workforce, consumer, and citizen identity use cases, helping organizations securely onboard and authenticate users while protecting personal data.

Distributed
About 1Kosmos

1Kosmos offers a single platform that verifies identity at onboarding, enables passwordless authentication across systems, and reverifies users when risk changes, all built with government-grade security. Its privacy-first, decentralized architecture ensures user identity data stays with the user rather than being centrally stored or monetized, using verified biometrics and user-controlled, reusable decentralized credentials. The company serves workforce identity (employee onboarding and authentication), customer identity (consumer onboarding and fraud prevention), and citizen identity (secure access to government services) use cases, with clients such as Concentrix deploying passwordless authentication across hundreds of thousands of users. 1Kosmos integrates with existing enterprise systems like ServiceNow via pre-built integrations and APIs, and has been recognized by analyst firms including Gartner and KuppingerCole as a leader in identity verification and passwordless authentication.

View jobs by 1Kosmos

Skills

About the Role

You will own and strengthen the company's security and compliance posture across frameworks such as SOC 2, ISO 27001, FedRAMP High, and NIST. This is a hands-on operational leadership role focused on audit readiness, control implementation, IT governance, and continuous improvement of security programs. You will combine a strong understanding of infrastructure and security controls with experience automating compliance workflows using tools like Drata or Vanta.

Requirements

  • 6+ years of experience in IT security, compliance, or risk management within a SaaS or regulated technology environment
  • Proven experience managing SOC 2 and ISO 27001 programs end-to-end; exposure to FedRAMP High or NIST 800-53 is a plus
  • Hands-on use and administration of Drata, Vanta, Tugboat Logic, or equivalent compliance automation platforms
  • Familiarity with AWS/Azure/GCP cloud environments, identity & access management, and IT operations
  • Strong technical understanding of security controls: network, endpoint, access, configuration management, logging/monitoring, vulnerability management
  • Excellent documentation and communication skills
  • Experience leading internal or external audits and managing evidence collection efficiently
  • Based in (or willing to relocate to) Edison, NJ and work on-site with leadership and operations teams
  • Certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, or FedRAMP Practitioner preferred
  • Experience managing or improving IT operations processes with a compliance lens preferred
  • Familiarity with compliance automation APIs or integration scripting is a bonus

Responsibilities

  • Lead and maintain enterprise security and compliance programs aligned with SOC 2, ISO 27001/27002, FedRAMP High, and NIST 800-53/171 frameworks
  • Build and manage automated compliance monitoring and evidence collection through Drata, Vanta, or equivalent platforms; integrate these with internal systems
  • Prepare for and manage SOC 2 Type I/II, ISO audits, and FedRAMP readiness assessments including gap analysis, documentation, remediation, and control testing
  • Partner with IT Operations and Engineering to ensure security controls are embedded in infrastructure, cloud, network, and identity systems
  • Maintain and update security policies, SSPs, POA&Ms, and other audit documentation
  • Oversee incident response, change management, and vendor risk programs
  • Manage relationships with external auditors and compliance assessors
  • Define and track metrics for audit readiness, risk posture, and compliance automation efficiency
  • Stay current with evolving compliance frameworks and technologies
  • Champion security awareness, training, and continuous improvement across the organization

Benefits

  • Comprehensive health, dental, and vision coverage
  • 401(k)
  • Paid time off
  • Professional development budget
  • Certification reimbursement