Remote (Global)

ExtraHop is hiring a Principal Manager, Product Compliance

About the Role

ExtraHop is hiring a Principal Manager, Product Compliance to join our Product Security organization. You will be responsible for strengthening the security and compliance posture of our products, establishing and enhancing compliance with frameworks like FedRAMP, SOC 2, and ISO 27001, and serving as a key liaison between R&D/Product Security and our field teams.

What You'll Do

Manage and develop staff members under Product Compliance, fulfilling all people manager responsibilities.
Direct Continuous Monitoring (ConMon) processes and ensure successful monthly reviews to maintain FedRAMP authorization.
Oversee and contribute to the vulnerability management lifecycle: triage, reporting, coordination, and remediation tracking.
Manage the review of vulnerability findings and provide formal written responses for internal and external stakeholders.
Assess and serve as a subject matter expert for regulatory and compliance requirements and best practices for various standards (e.g., CSA STAR, ISO 27001, FISMA, DORA, FINRA, DoDIN APL, NIAP, FIPS, CMMC, IL4/IL5).
Lead gap assessments and facilitate or support audits, including coordinating evidence collection and submission.
Develop and manage a product security compliance roadmap, incorporating input from Sales, Customer Success, Product Management, and R&D; validate with executive leadership.
Collaborate with Product Security and R&D staff to provide responses to customer and pre-sales inquiries about product security.
Collaborate with Product Security team members to develop and improve standards, policies, procedures, documentation, and training.
Participate in security incident response activities, representing Product Security and R&D leadership in directing the execution of the IR Plan.
Represent Product Security and R&D to engage with prospective and current customers, particularly in the public sector.
Provide verbal and written representation of ExtraHop’s product security practices, posture, and compliance.
Clarify and negotiate customer requirements regarding security compliance and security capabilities.
Educate and guide ExtraHop teams through the customer procurement and implementation journey.
Develop goodwill with prospective and current customers and facilitate successful partnerships.

What We're Looking For

12+ years of experience in cybersecurity, with a focus on compliance frameworks like FedRAMP, NIST SP800-53, SOC 2 and ISO 27001.
5+ years of hands-on experience specifically managing compliance programs, security assessments, or cloud security initiatives.
Bachelor's degree in a related field such as Cybersecurity, Computer Science, Information Systems, Engineering or other technical or management discipline.
Direct experience with the FedRAMP compliance framework, including security control requirements, documentation and assessment methodologies.
Technical knowledge of web application security and cloud security, including best practices and controls for cloud-based environments.
Proficient with security tools, including vulnerability scanners, ticketing systems (e.g., Jira), compliance reporting platforms, and SIEM tools.
Exceptional analytical skills to effectively manage and resolve security and compliance issues.
Proven ability to communicate complex security concepts to technical and non-technical audiences.
Strong project management skills with the ability to balance compliance initiatives and security operations.
Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder) or lawfully admitted into the U.S. as a refugee or granted asylum.
Work cooperatively with others within the organization and other cross-functional stakeholders.
Work well in fast-paced, high-stress environments.
Has predictable, reliable attendance.

Team & Environment

This role is a leader within the Product Security organization.

Benefits & Compensation

Compensation: $220,000 - $240,000
Health, Dental, and Vision Benefits
Flexible PTO, Sick Time Prorated Based on Date of Hire, and All Federal Holidays (US Only) + 3 Days of Paid Volunteer Time
Non-Commissioned Positions may be eligible to participate in the Annual Discretionary Bonus Plan
FSA and Dependent Care Accounts + EAP, where applicable
Educational Reimbursement
401k with Employer Match or Pension where applicable
Pet Insurance (US Only)
Parental Leave (US Only)

Work Mode

This is a remote position.

ExtraHop is an equal opportunity employer.

Required Skills

Product ComplianceRegulatory FrameworksRisk ManagementPolicy DevelopmentCross-functional LeadershipCompliance StrategyAudit ManagementStakeholder CommunicationProgram ManagementCybersecurityData PrivacyAgile MethodologiesTeam Leadership

Planning long-term in Thailand?

Full relocation support, start to finish

From visa strategy to housing, banking, and schools for your family — SVBL plans and manages every detail of your move to Thailand so nothing falls through the cracks.

Complete relocation planning

Family visa & school enrollment

Banking & insurance setup

Cultural integration support

Plan your move

One partner for everything

About company

ExtraHop reinvents Network Detection and Response (NDR) to help enterprises stay ahead of threats with network visibility, context, and control. The company provides an integrated platform combining NDR, Network Performance Management (NPM), Intrusion Detection Systems (IDS), and forensics.

Visit website

Job Details

Category management

Posted a month ago