Senior Security Assurance Manager
Skills
About the Role
You will own the strategic governance backbone of the Security and Compliance program, implementing and overseeing the processes, policies, and controls that let the business operate safely and credibly in highly-regulated markets. You'll define and steward security policies and procedures, lead internal and external audits, and conduct comprehensive risk assessments across the organization. You'll be the primary owner of the SOC 2 and HIPAA programs and champion the broader GRC functions including risk management, policy documentation, control design, and continuous monitoring. This is a player-coach role where you'll operate hands-on across contexts and stakeholder groups while building the team, processes, and tooling needed to scale governance capabilities alongside the business.
Requirements
- 10+ years of progressive experience in security assurance, GRC, controls engineering, or information security audit roles, including several years in a senior or program-owning capacity
- Deep, hands-on experience owning or supporting SOC 2 and HIPAA programs end-to-end, including managing external auditors or internal assessors
- Strong working knowledge of additional frameworks including ISO 27001, FedRAMP (Moderate/High), NIST 800-53, NIST CSF, and CMMC
- Demonstrated experience designing and operating continuous control monitoring programs
- Proven ability to author clear, defensible security policies, standards, procedures, and memoranda
- Strong risk management foundation, including hands-on experience conducting risk assessments and maintaining a risk register
- Experience leading customer-facing security reviews, RFP responses, and trust conversations with sophisticated enterprise buyers or partners
- Track record of partnering effectively with engineering and product teams to design controls into systems
- Excellent written and verbal communication skills, with the ability to translate between auditors, executives, customers, and engineers
- Strong affinity and practical skill for working with LLMs and AI agents as part of your own workflow
Responsibilities
- Own and operate SOC 2 and HIPAA programs end-to-end, including scoping, control design, evidence collection, and remediation tracking
- Lead readiness and execution for additional frameworks including ISO 27001, FedRAMP, NIST 800-53, CMMC, and ISO 42001
- Manage the full lifecycle of internal and external audits, serving as the primary point of contact for auditors, assessors, and regulators
- Maintain the enterprise risk register and conduct recurring risk assessments across people, process, and technology
- Design, document, and operationalize security policies, standards, and procedures aligned to industry frameworks
- Own the common control framework in Drata, monitoring and refining controls across overlapping regimes to minimize duplication and audit burden
- Implement continuous control monitoring, automated evidence collection, and recurring control testing
- Define KRIs, KPIs, and reporting cadences that give leadership real-time visibility into program health
- Identify control gaps, perform root cause analysis, and drive remediation with control owners
- Enhance and operate the third-party risk management program, including vendor security reviews and ongoing monitoring
- Partner with Legal to ensure DPAs, BAAs, and security addenda meet regulatory and customer requirements
- Serve as a senior representative in customer security reviews, RFPs, and prospect-facing trust conversations
- Maintain trust collateral such as SOC 2 reports, security questionnaires, and trust portal content
- Translate customer and regulator expectations into actionable program requirements
- Partner with Engineering and other teams to ensure controls are operating effectively as designed
- Collaborate with Legal, HR, IT, and Finance on shared control ownership and program execution
Benefits
- 100% employer paid, comprehensive health care including medical, dental, and vision for you and your family
- Paid maternity and paternity leave for 14 weeks at employees' normal pay
- Unlimited PTO, with management approval
- Optional 401K, FSA, and equity incentives available
- Mental health benefits available through Tara Mind
- Cost effective GLP-1 solutions available through Crux
