What You'll Do
- Direct global compliance programs including ISO/IEC 27001, 22301, 27701, 20000-1, SOC 2, NIST CSF, and CSA STAR to maintain ongoing audit preparedness
- Design and carry out risk-focused IT and internal audits with emphasis on secure software development, cloud systems, and AI security
- Assess and strengthen governance, risk, and compliance controls, promoting measurable improvements in policies and operational processes
- Support customer and partner-facing security reviews by delivering precise, strategic input for RFPs and compliance questionnaires
- Oversee the lifecycle of audit findings and security vulnerabilities, ensuring effective remediation and sustained control enhancements
- Collaborate on Third-Party Risk Management by evaluating SaaS providers and contributing to vendor risk assessments
- Monitor and report on key compliance and audit metrics to inform leadership and guide decision-making
- Analyze emerging technologies such as AI and machine learning for risk and privacy implications, advising engineering teams on secure integration
Requirements
- Minimum of 3 years of direct experience in audit, compliance, risk, or information security, ideally within SaaS or cloud-centric technology environments
- Proven track record with ISO/IEC standards (27001, 27701, 22301, 20000-1) and SOC 2, including audit coordination and evidence collection
- Experience guiding stakeholders across technical and operational teams to improve security controls in fast-moving environments
- Familiarity with global privacy laws such as GDPR and CCPA, and their application in compliance frameworks
- Background in Third-Party Risk Management, including vendor assessments and customer compliance support
- Ability to manage concurrent audit and compliance projects under tight timelines
- Strong command of English with demonstrated skill in technical documentation, policy writing, and stakeholder communication
Preferred Qualifications
- Lead Auditor certifications for ISO 27001, 22301, 27701, or 20000-1
- ISACA credentials such as CISA, CISM, or CRISC
- Experience with SOC 2, NIST, or CSA STAR reporting structures
- ITIL certification (advantageous but not required)
Benefits
- Opportunity to shape compliance strategy in a high-growth cybersecurity domain
- Responsibility and growth aligned with individual capability and initiative
- Exposure to international markets and distributed teams across a remote-first environment
- Collaborate with a global team advancing exposure validation and security innovation
